diff options
author | aszlig <aszlig@redmoonstudios.org> | 2016-02-03 14:45:19 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2016-02-03 15:48:52 +0100 |
commit | 9f2a61c59cc4e4ce278e6582cb4bdca9c2088755 (patch) | |
tree | 32763abda0079b48a7f175e12c922156994c9100 /nixos/modules | |
parent | 80983bbe54cfb69f361e64b8b8cdb5ab79720ec7 (diff) | |
download | nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar.gz nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar.bz2 nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar.lz nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar.xz nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.tar.zst nixlib-9f2a61c59cc4e4ce278e6582cb4bdca9c2088755.zip |
nixos/udev: Add an option to fail on FHS paths
So far we were merely printing a warning if there are still references to (/usr)/s?bin, but we actually want to make sure that we fix those paths, especially on updates of packages that come with udev rules. This adds a new option allowImpurePaths, which when set to false will cause the "udev-rules" derivation to fail. I've set this to true by default, to not break existing systems too much and the intention is to set it to false for a few NixOS VM tests. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/hardware/udev.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index dc87c9215e65..74ec335c7509 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -116,6 +116,7 @@ let )" echo "$localFile ($remoteFile) contains references to $refs." done + ${optionalString (!cfg.allowImpurePaths) "exit 1"} fi ${optionalString config.networking.usePredictableInterfaceNames '' @@ -231,6 +232,20 @@ in ''; }; + allowImpurePaths = mkOption { + default = true; + example = false; + type = types.bool; + description = '' + If this is disabled, the build will fail whenever one of the + <command>udev</command> rules contains a reference to + <filename>/usr/bin</filename>, <filename>/usr/sbin</filename>, + <filename>/bin</filename> or <filename>/sbin</filename>. + + By default only a warning is printed during build. + ''; + }; + }; hardware.firmware = mkOption { |