[Nix-dev] How to add file to initrd?
Leroy Hopson
leroy at leroy.geek.nz
Thu Sep 10 23:26:18 CEST 2015
No problem Bryan, I actually did mean to reply on-list!
On Thu, Sep 10, 2015 at 01:58:05PM -0700, Bryan Gardiner wrote:
> On Thu, Sep 10, 2015 at 09:22:13PM +0100, Tomasz Czyż wrote:
> > I have a problem with this method as you cannot copy the file outside
> > extras tree.
> >
> > I used:
> >
> > ''cp /my.key $out/key" - the final file is in /nix/store/XXXXX/here
> > (hard to access, if hash will change this stuff stop work.
> >
> > "cp /my.key $out/../../key" or "cp /my.key /key" doesn't work,
> > permission error, so I cannot put key in the root of initrd.
>
> I don't have encrypted boot going myself... I'm passing on a reply I
> got off-list from Leroy (bcc'ed, thanks, hope you don't mind), whose
> config works using boot.initrd.extraUtilsCommands:
>
> On Wed, Sep 09, 2015 at 07:40:21PM +1200, Leroy Hopson wrote:
> > Hi Bryan,
> >
> > I have a similar setup. I'm using `boot.initrd.extraUtilsCommands` as
> > Evygeny suggested.
> >
> > Here is a link to the relevant section of my configuration:
> > https://github.com/lihop/nixos/blob/7b1b0a7fd4396713573c35368791e32843feb957/devices/desktop.nix#L59-L72
> >
> > Regards,
> > Leroy
>
> He's putting the keyfile in the initrd's /bin, then I suspect that
> $PATH is only "/bin" in his keyFile = ...; arguments. If that's the
> case, then with your first cp command above, your keyfile should
> simply be at "/key" in your initrd, no need to know the hash.
>
> Cheers,
> Bryan
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list