[Nix-dev] How to add file to initrd?
Tomasz Czyż
tomasz.czyz at gmail.com
Fri Sep 11 02:35:02 CEST 2015
Permission denied – if I try use /key.
2015-09-10 21:58 GMT+01:00 Bryan Gardiner <bog at khumba.net>:
> On Thu, Sep 10, 2015 at 09:22:13PM +0100, Tomasz Czyż wrote:
> > I have a problem with this method as you cannot copy the file outside
> > extras tree.
> >
> > I used:
> >
> > ''cp /my.key $out/key" - the final file is in /nix/store/XXXXX/here
> > (hard to access, if hash will change this stuff stop work.
> >
> > "cp /my.key $out/../../key" or "cp /my.key /key" doesn't work,
> > permission error, so I cannot put key in the root of initrd.
>
> I don't have encrypted boot going myself... I'm passing on a reply I
> got off-list from Leroy (bcc'ed, thanks, hope you don't mind), whose
> config works using boot.initrd.extraUtilsCommands:
>
> On Wed, Sep 09, 2015 at 07:40:21PM +1200, Leroy Hopson wrote:
> > Hi Bryan,
> >
> > I have a similar setup. I'm using `boot.initrd.extraUtilsCommands` as
> > Evygeny suggested.
> >
> > Here is a link to the relevant section of my configuration:
> >
> https://github.com/lihop/nixos/blob/7b1b0a7fd4396713573c35368791e32843feb957/devices/desktop.nix#L59-L72
> >
> > Regards,
> > Leroy
>
> He's putting the keyfile in the initrd's /bin, then I suspect that
> $PATH is only "/bin" in his keyFile = ...; arguments. If that's the
> case, then with your first cp command above, your keyfile should
> simply be at "/key" in your initrd, no need to know the hash.
>
> Cheers,
> Bryan
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150911/5696f7b9/attachment.html
More information about the nix-dev
mailing list