commit c06d7950f1b97abf510bc70bd2a2b0445e8d36f2 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-1809.xml

···

       121
       121
        
            <literal>gnucash24</literal>.

     

       122
       122
        
           </para>

     

       123
       123
        
          </listitem>

     

       124
       124
       +
          <listitem>

     

       125
       125
       +
           <para>

     

       126
       126
       +
             The GRUB specific option <option>boot.loader.grub.extraInitrd</option>

     

       127
       127
       +
             has been replaced with the generic option

     

       128
       128
       +
             <option>boot.initrd.secrets</option>. This option creates a secondary

     

       129
       129
       +
             initrd from the specified files, rather than using a manually created

     

       130
       130
       +
             initrd file.

     

       131
       131
       +
           </para>

     

       132
       132
       +
          </listitem>

     

       124
       133
        
         </itemizedlist>

     

       125
       134
        
        </section>

     

       126
       135

+5 -15

nixos/modules/system/boot/loader/grub/grub.nix

···

       35
       35
        
           let

     

       36
       36
        
             efiSysMountPoint = if args.efiSysMountPoint == null then args.path else args.efiSysMountPoint;

     

       37
       37
        
             efiSysMountPoint' = replaceChars [ "/" ] [ "-" ] efiSysMountPoint;

     

       38
       38
       +
             initrdSecrets = config.boot.initrd.secrets != {};

     

       38
       39
        
           in

     

       39
       40
        
           pkgs.writeText "grub-config.xml" (builtins.toXML

     

       40
       41
        
           { splashImage = f cfg.splashImage;

     
···

       49
       50
        
             storePath = config.boot.loader.grub.storePath;

     

       50
       51
        
             bootloaderId = if args.efiBootloaderId == null then "NixOS${efiSysMountPoint'}" else args.efiBootloaderId;

     

       51
       52
        
             timeout = if config.boot.loader.timeout == null then -1 else config.boot.loader.timeout;

     

       52
       52
       -
             inherit efiSysMountPoint;

     

       53
       53
       +
             inherit efiSysMountPoint initrdSecrets;

     

       53
       54
        
             inherit (args) devices;

     

       54
       55
        
             inherit (efi) canTouchEfiVariables;

     

       55
       56
        
             inherit (cfg)

     

       56
       57
        
               version extraConfig extraPerEntryConfig extraEntries forceInstall useOSProber

     

       57
       57
       -
               extraEntriesBeforeNixOS extraPrepareConfig extraInitrd configurationLimit copyKernels

     

       58
       58
       +
               extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels

     

       58
       59
        
               default fsIdentifier efiSupport efiInstallAsRemovable gfxmodeEfi gfxmodeBios;

     

       59
       60
        
             path = (makeBinPath ([

     

       60
       61
        
               pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils pkgs.btrfs-progs

     
···

       284
       285
        
               '';

     

       285
       286
        
             };

     

       286
       287
        
       

     

       287
       287
       -
             extraInitrd = mkOption {

     

       288
       288
       -
               type = types.nullOr types.path;

     

       289
       289
       -
               default = null;

     

       290
       290
       -
               example = "/boot/extra_initramfs.gz";

     

       291
       291
       -
               description = ''

     

       292
       292
       -
                 The path to a second initramfs to be supplied to the kernel.

     

       293
       293
       -
                 This ramfs will not be copied to the store, so that it can

     

       294
       294
       -
                 contain secrets such as LUKS keyfiles or ssh keys.

     

       295
       295
       -
                 This implies that rolling back to a previous configuration

     

       296
       296
       -
                 won't rollback the state of this file.

     

       297
       297
       -
               '';

     

       298
       298
       -
             };

     

       299
       299
       -
       

     

       300
       288
        
             useOSProber = mkOption {

     

       301
       289
        
               default = false;

     

       302
       290
        
               type = types.bool;

     
···

       540
       528
        
             boot.loader.grub.mirroredBoots = optionals (cfg.devices != [ ]) [

     

       541
       529
        
               { path = "/boot"; inherit (cfg) devices; inherit (efi) efiSysMountPoint; }

     

       542
       530
        
             ];

     

       531
       531
       +
       

     

       532
       532
       +
             boot.loader.supportsInitrdSecrets = true;

     

       543
       533
        
       

     

       544
       534
        
             system.build.installBootLoader =

     

       545
       535
        
               let

+17 -13

nixos/modules/system/boot/loader/grub/install-grub.pl

···

       49
       49
        
       my $extraPerEntryConfig = get("extraPerEntryConfig");

     

       50
       50
        
       my $extraEntries = get("extraEntries");

     

       51
       51
        
       my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true";

     

       52
       52
       -
       my $extraInitrd = get("extraInitrd");

     

       52
       52
       +
       my $initrdSecrets = get("initrdSecrets");

     

       53
       53
        
       my $splashImage = get("splashImage");

     

       54
       54
        
       my $configurationLimit = int(get("configurationLimit"));

     

       55
       55
        
       my $copyKernels = get("copyKernels") eq "true";

     
···

       228
       228
        
       if ($copyKernels == 0) {

     

       229
       229
        
           $grubStore = GrubFs($storePath);

     

       230
       230
        
       }

     

       231
       231
       -
       my $extraInitrdPath;

     

       232
       232
       -
       if ($extraInitrd) {

     

       233
       233
       -
           if (! -f $extraInitrd) {

     

       234
       234
       -
               print STDERR "Warning: the specified extraInitrd " . $extraInitrd . " doesn't exist. Your system won't boot without it.\n";

     

       235
       235
       -
           }

     

       236
       236
       -
           $extraInitrdPath = GrubFs($extraInitrd);

     

       237
       237
       -
       }

     

       238
       231
        
       

     

       239
       232
        
       # Generate the header.

     

       240
       233
        
       my $conf .= "# Automatically generated.  DO NOT EDIT THIS FILE!\n";

     
···

       354
       347
        
       

     

       355
       348
        
           my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));

     

       356
       349
        
           my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd"));

     

       357
       357
       -
           if ($extraInitrd) {

     

       358
       358
       -
               $initrd .= " " .$extraInitrdPath->path;

     

       350
       350
       +
       

     

       351
       351
       +
           # Include second initrd with secrets

     

       352
       352
       +
           if ($initrdSecrets) {

     

       353
       353
       +
             # Get last element of path

     

       354
       354
       +
             $initrd =~ /\/([^\/]+)$/;

     

       355
       355
       +
             my $initrdSecretsPath = "$bootPath/kernels/$1-secrets";

     

       356
       356
       +
             $initrd .= " $initrd-secrets";

     

       357
       357
       +
             my $oldUmask = umask;

     

       358
       358
       +
             # Make sure initrd is not world readable (won't work if /boot is FAT)

     

       359
       359
       +
             umask 0137;

     

       360
       360
       +
             my $initrdSecretsPathTemp = File::Temp::mktemp("$initrdSecretsPath.XXXXXXXX");

     

       361
       361
       +
             system("$path/append-initrd-secrets", $initrdSecretsPathTemp) == 0 or die "failed to create initrd secrets\n";

     

       362
       362
       +
             rename $initrdSecretsPathTemp, $initrdSecretsPath or die "failed to move initrd secrets into place\n";

     

       363
       363
       +
             umask $oldUmask;

     

       364
       364
       +
             $copied{$initrdSecretsPath} = 1;

     

       359
       365
        
           }

     

       366
       366
       +
       

     

       360
       367
        
           my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;

     

       361
       368
        
       

     

       362
       369
        
           # FIXME: $confName

     
···

       378
       385
        
               $conf .= $grubBoot->search . "\n";

     

       379
       386
        
               if ($copyKernels == 0) {

     

       380
       387
        
                   $conf .= $grubStore->search . "\n";

     

       381
       381
       -
               }

     

       382
       382
       -
               if ($extraInitrd) {

     

       383
       383
       -
                   $conf .= $extraInitrdPath->search . "\n";

     

       384
       388
        
               }

     

       385
       389
        
               $conf .= "  $extraPerEntryConfig\n" if $extraPerEntryConfig;

     

       386
       390
        
               $conf .= "  multiboot $xen $xenParams\n" if $xen;