diff options
Diffstat (limited to 'nixos/modules/system/boot/luksroot.nix')
-rw-r--r-- | nixos/modules/system/boot/luksroot.nix | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 03d03cb348e82..cdb5d8bf3c26f 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -929,7 +929,14 @@ in ++ (if builtins.elem "xts" luks.cryptoModules then ["ecb"] else []); # copy the cryptsetup binary and it's dependencies - boot.initrd.extraUtilsCommands = mkIf (!config.boot.initrd.systemd.enable) '' + boot.initrd.extraUtilsCommands = let + pbkdf2-sha512 = pkgs.runCommandCC "pbkdf2-sha512" { buildInputs = [ pkgs.openssl ]; } '' + mkdir -p "$out/bin" + cc -O3 -lcrypto ${./pbkdf2-sha512.c} -o "$out/bin/pbkdf2-sha512" + strip -s "$out/bin/pbkdf2-sha512" + ''; + in + mkIf (!config.boot.initrd.systemd.enable) '' copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup copy_bin_and_libs ${askPass}/bin/cryptsetup-askpass sed -i s,/bin/sh,$out/bin/sh, $out/bin/cryptsetup-askpass @@ -939,9 +946,7 @@ in copy_bin_and_libs ${pkgs.yubikey-personalization}/bin/ykinfo copy_bin_and_libs ${pkgs.openssl.bin}/bin/openssl - cc -O3 -I${pkgs.openssl.dev}/include -L${lib.getLib pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto - strip -s pbkdf2-sha512 - copy_bin_and_libs pbkdf2-sha512 + copy_bin_and_libs ${pbkdf2-sha512}/bin/pbkdf2-sha512 mkdir -p $out/etc/ssl cp -pdv ${pkgs.openssl.out}/etc/ssl/openssl.cnf $out/etc/ssl |