Allow accessing correct pkgs during preSignCommands
#247
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`preSignCommands` is used in two different contexts, when building
derivations that are using the package-set defined in the NixOS config
for a machine (defaults to a native aarch64-linux package-set) and when
building flash scripts (defaults to a native x86_64-linux package-set).
In order to support the use-case of using nix outputs obtained from a
package-set within `preSignCommands`, the value set in this option must
not carry in any output paths from package-sets defined elsewhere. For
example, the following configuration is problematic and will not work
when building the flash script, due to `pkgs` having a `hostPlatform` of
aarch64-linux, thus `hello` will be an ELF binary targeting
aarch64-linux:
```nix
{ pkgs, ... }: {
hardware.nvidia-jetpack.firmware.secureBoot.preSignCommands = ''
${pkgs.hello}/bin/hello
'';
}
```
The correct usage would be:
```nix
{ ... }: {
hardware.nvidia-jetpack.firmware.secureBoot.preSignCommands = pkgs: ''
${pkgs.hello}/bin/hello
'';
}
```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
preSignCommandsis used in two different contexts, when building derivations that are using the package-set defined in the NixOS config for a machine (defaults to a native aarch64-linux package-set) and when building flash scripts (defaults to a native x86_64-linux package-set). In order to support the use-case of using nix outputs obtained from a package-set withinpreSignCommands, the value set in this option must not carry in any output paths from package-sets defined elsewhere. For example, the following configuration is problematic and will not work when building the flash script, due topkgshaving ahostPlatformof aarch64-linux, thushellowill be an ELF binary targeting aarch64-linux:The correct usage would be:
Testing
Tested building a simple config with the example above and ensuring we do not get an error running
hello.