min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

flake.nix: remove some redundancies

This commit is contained in:
nikstur 2022-11-26 22:19:15 +01:00
parent 3548c1a459
commit 3c094ee5ff
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flake.nix
View File

@ -140,8 +140,7 @@
import json import json
import os.path import os.path
bootspec = None bootspec = None
def extract_bspec_attr(attr):
return bootspec.get(attr)
def convert_to_esp(store_file_path): def convert_to_esp(store_file_path):
store_dir = os.path.basename(os.path.dirname(store_file_path)) store_dir = os.path.basename(os.path.dirname(store_file_path))
filename = os.path.basename(store_file_path) filename = os.path.basename(store_file_path)
@ -192,8 +191,8 @@
}; };
boot.initrd.preDeviceCommands = '' boot.initrd.preDeviceCommands = ''
grep "this is a very secure secret" /etc/iamasecret grep "this is a very secure secret" /etc/iamasecret
''; '';
}; };
testScript = '' testScript = ''
machine.start() machine.start()
@ -203,18 +202,17 @@
is-initrd-secured = mkUnsignedTest { is-initrd-secured = mkUnsignedTest {
name = "unsigned-initrd-do-not-boot-under-secureboot"; name = "unsigned-initrd-do-not-boot-under-secureboot";
path = { path = {
src = "extract_bspec_attr('initrd')"; src = "bootspec.get('initrd')";
dst = "convert_to_esp(extract_bspec_attr('initrd'))"; dst = "convert_to_esp(bootspec.get('initrd'))";
}; };
}; };
is-kernel-secured = mkUnsignedTest { is-kernel-secured = mkUnsignedTest {
name = "unsigned-kernel-do-not-boot-under-secureboot"; name = "unsigned-kernel-do-not-boot-under-secureboot";
path = { path = {
src = "extract_bspec_attr('kernel')"; src = "bootspec.get('kernel')";
dst = "convert_to_esp(extract_bspec_attr('kernel'))"; dst = "convert_to_esp(bootspec.get('kernel'))";
}; };
}; };
};
};
}; };
} }