Skip to content

grub: support initrd secrets#38263

Merged
joachifm merged 1 commit intoNixOS:masterfrom
lopsided98:grub-initrd-secrets
Jun 6, 2018
Merged

grub: support initrd secrets#38263
joachifm merged 1 commit intoNixOS:masterfrom
lopsided98:grub-initrd-secrets

Conversation

@lopsided98
Copy link
Contributor

@lopsided98 lopsided98 commented Mar 31, 2018

Motivation for this change

This PR fixes #26175 by adding support for boot.initrd.secrets to grub.

Things done

The Grub specific option boot.loader.grub.extraInitrd (#22969) is removed in favor of the generic boot.initrd.secrets option. My implementation is similar to how extraInitrd was implemented, except it runs append-initrd-secrets instead of using a user supplied initrd. I use a separate second initrd, rather than appending to the main initrd (as is done for systemd-boot), because grub allows the option of not copying the initrd from the nix store, so it may be immutable.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@GrahamcOfBorg GrahamcOfBorg added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Mar 31, 2018
@lopsided98
Copy link
Contributor Author

lopsided98 commented Apr 7, 2018

There doesn't seem to be a single maintainer for grub so I'll just cc @joachifm. Let me know if someone else would be better to review this.

@joachifm
Copy link
Contributor

joachifm commented Apr 8, 2018

Looks okay to me. A changelog entry would be nice.

@lopsided98 lopsided98 force-pushed the grub-initrd-secrets branch from 437fe1a to a24cb56 Compare April 10, 2018 14:56
@lopsided98
Copy link
Contributor Author

lopsided98 commented Apr 10, 2018

I added a changelog entry.

@GrahamcOfBorg GrahamcOfBorg added 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation labels Apr 10, 2018
@lopsided98
Copy link
Contributor Author

lopsided98 commented Apr 29, 2018

Is there anything preventing this from being merged?

@lopsided98 lopsided98 force-pushed the grub-initrd-secrets branch from a24cb56 to a75aee3 Compare May 7, 2018 14:36
@lopsided98
Copy link
Contributor Author

lopsided98 commented Jun 6, 2018

@joachifm Can this be merged?

@joachifm joachifm merged commit c06d795 into NixOS:master Jun 6, 2018
joachifm added a commit that referenced this pull request Jun 7, 2018
@joachifm
Revert "Merge pull request #38263 from lopsided98/grub-initrd-secrets"
2be28b1 
This reverts commit c06d795, reversing
changes made to 4c25fbe.

See #41608
@lopsided98 lopsided98 mentioned this pull request Apr 17, 2020
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog This PR adds or changes release notes 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support initrd secrets in GRUB

3 participants

@lopsided98 @joachifm @GrahamcOfBorg