boot.loader.grub: add extraInstallCommands option

This commit is contained in:
Gauvain 'GovanifY' Roussel-Tarbouriech 2021-01-02 18:23:49 +01:00
parent 071eb8b265
commit 771ba47d56
No known key found for this signature in database
GPG Key ID: DE62E1E2A6145556

View File

@ -327,6 +327,26 @@ in
'';
};
extraInstallCommands = mkOption {
default = "";
example = literalExample ''
# the example below generates detached signatures that GRUB can verify
# https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"
''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
rm -rf $GNUPGHOME
export GNUPGHOME=$old_gpg_home
'';
type = types.lines;
description = ''
Additional shell commands inserted in the bootloader installer
script after generating menu entries.
'';
};
extraPerEntryConfig = mkOption {
default = "";
example = "root (hd0)";
@ -715,7 +735,7 @@ in
${optionalString cfg.enableCryptodisk "export GRUB_ENABLE_CRYPTODISK=y"}
'' + flip concatMapStrings cfg.mirroredBoots (args: ''
${pkgs.perl}/bin/perl ${install-grub-pl} ${grubConfig args} $@
''));
'') + cfg.extraInstallCommands);
system.build.grub = grub;