Skip to content

nixos/stage-1: check secret paths before copying #85004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 16, 2020
Merged

nixos/stage-1: check secret paths before copying #85004

merged 2 commits into from
Apr 16, 2020
+22 −1

Conversation

emilazy
Copy link
Member

@emilazy emilazy commented Apr 11, 2020

Motivation for this change

Fixes #84976.

This is a workaround for #85000.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@emilazy
Copy link
Member Author

emilazy commented Apr 11, 2020

Technically the assertion message is a little inaccurate; "${someDerivation}/..." is valid too. But I couldn't think of a better way to word it and that's pretty marginal.

@emilazy
Copy link
Member Author

emilazy commented Apr 11, 2020

cc @sjau, can you check if the error message is better with this patch?

@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Apr 11, 2020
@emilazy emilazy mentioned this pull request Apr 12, 2020
Merged
10 tasks
@lukateras
Copy link
Member

@GrahamcOfBorg test initrd-network-ssh

@lukateras lukateras merged commit 8262ecd into NixOS:master Apr 16, 2020
@lukateras
Copy link
Member

Cherry-picked onto release-20.03 branch: f2d4179

@emilazy emilazy deleted the add-initrd-secrets-path-assertion branch August 26, 2024 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukateras lukateras

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

initrd ssh: cp: cannot stat '/etc/secrets/initrd/ssh_host_ed25519_key': No such file or directory
2 participants
@emilazy @lukateras