min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/lanzaboote: pkiBundle is not actual optional 

the installHook needs it.
This commit is contained in:
Jörg Thalheim 2022-12-08 21:26:16 +01:00
parent 39774a6974
commit c9f9f1c52a
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nix/lanzaboote.nix
View File

@ -12,17 +12,16 @@ in
enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl"; enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
pkiBundle = mkOption { pkiBundle = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null;
description = "PKI bundle containg db, PK, KEK"; description = "PKI bundle containg db, PK, KEK";
}; };
publicKeyFile = mkOption { publicKeyFile = mkOption {
type = types.path; type = types.path;
default = if cfg.pkiBundle != null then "${cfg.pkiBundle}/keys/db/db.pem" else null; default = "${cfg.pkiBundle}/keys/db/db.pem";
description = "Public key to sign your boot files"; description = "Public key to sign your boot files";
}; };
privateKeyFile = mkOption { privateKeyFile = mkOption {
type = types.path; type = types.path;
default = if cfg.pkiBundle != null then "${cfg.pkiBundle}/keys/db/db.key" else null; default = "${cfg.pkiBundle}/keys/db/db.key";
description = "Private key to sign your boot files"; description = "Private key to sign your boot files";
}; };
package = mkOption { package = mkOption {