Skip to content

nixos/stage-1: check secret paths before copying#85004

Merged
lukateras merged 2 commits intoNixOS:masterfrom
emilazy:add-initrd-secrets-path-assertion
Apr 16, 2020
Merged

nixos/stage-1: check secret paths before copying#85004
lukateras merged 2 commits intoNixOS:masterfrom
emilazy:add-initrd-secrets-path-assertion

Conversation

@emilazy
Copy link
Copy Markdown
Member

@emilazy emilazy commented Apr 11, 2020

Motivation for this change

Fixes #84976.

This is a workaround for #85000.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@emilazy
Copy link
Copy Markdown
Member Author

emilazy commented Apr 11, 2020

Technically the assertion message is a little inaccurate; "${someDerivation}/..." is valid too. But I couldn't think of a better way to word it and that's pretty marginal.

@emilazy
Copy link
Copy Markdown
Member Author

emilazy commented Apr 11, 2020

cc @sjau, can you check if the error message is better with this patch?

@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Apr 11, 2020
@emilazy emilazy mentioned this pull request Apr 12, 2020
Merged
10 tasks
@lukateras
Copy link
Copy Markdown
Member

lukateras commented Apr 16, 2020

@GrahamcOfBorg test initrd-network-ssh

@lukateras lukateras merged commit 8262ecd into NixOS:master Apr 16, 2020
@lukateras
Copy link
Copy Markdown
Member

lukateras commented Apr 16, 2020

Cherry-picked onto release-20.03 branch: f2d4179

@emilazy emilazy deleted the add-initrd-secrets-path-assertion branch August 26, 2024 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@lukateras lukateras lukateras approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

initrd ssh: cp: cannot stat '/etc/secrets/initrd/ssh_host_ed25519_key': No such file or directory

2 participants

@emilazy @lukateras