ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-24 22:27:30 +03:00
Code Issues Projects Releases Wiki Activity

nixos/services.fwupd: allow adding trusted keys

Browse Source
This commit is contained in:
Jan Tojnar 2017-11-07 19:03:10 +01:00
parent c47ea8ca4e
commit c49522edb7
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/hardware/fwupd.nix
View File

@ -14,6 +14,11 @@ let
originalFiles = concatMap (d: map (f: "${d}/${f}") (listFiles "${pkgs.fwupd}/etc/${d}")) copiedDirs;
mkEtcFile = n: nameValuePair n { source = "${pkgs.fwupd}/etc/${n}"; };
in listToAttrs (map mkEtcFile originalFiles);
extraTrustedKeys =
let
mkName = p: "pki/fwupd/${baseNameOf (toString p)}";
mkEtcFile = p: nameValuePair (mkName p) { source = p; };
in listToAttrs (map mkEtcFile cfg.extraTrustedKeys);
in {
###### interface
@ -45,6 +50,15 @@ in {
Allow blacklisting specific plugins
'';
};
extraTrustedKeys = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ /etc/nixos/fwupd/myfirmware.pem ]";
description = ''
Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
'';
};
};
};
@ -61,7 +75,7 @@ in {
BlacklistPlugins=${lib.concatStringsSep ";" cfg.blacklistPlugins}
'';
};
} // originalEtc;
} // originalEtc // extraTrustedKeys;
services.dbus.packages = [ pkgs.fwupd ];