grahamc/diff.diff Secret

## diff.diff
diff nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py nixos/modules/system/boot/loader/systemd-boot-signed/systemd-boot-builder.py
29,35d28
< BOOT_ENTRY = """title NixOS{profile}
< version Generation {generation} {description}
< linux {kernel}
< initrd {initrd}
< options {kernel_params}
< """
<
90c83
<         entry_file = "@efiSysMountPoint@/loader/entries/nixos-%s-generation-%d.conf" % (profile, generation)
---
>         entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-%s-generation-%d.efi" % (profile, generation)
92c85
<         entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
---
>         entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-generation-%d.efi" % (generation)
95d87
<     kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
96a89,90
>
>     kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
99,108c93,115
<     with open(tmp_path, 'w') as f:
<         f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "",
<                     generation=generation,
<                     kernel=kernel,
<                     initrd=initrd,
<                     kernel_params=kernel_params,
<                     description=describe_generation(generation_dir)))
<         if machine_id is not None:
<             f.write("machine-id %s\n" % machine_id)
<     os.rename(tmp_path, entry_file)
---
>     kernel_param_file = "%s.kernel_params.tmp" % (entry_file)
>     with open(kernel_param_file, 'w') as f:
>         f.write(kernel_params)
>
>     subprocess.check_call([
>         "@binutils@/bin/objcopy",
>         "--add-section", ".osrel={}/etc/os-release".format(generation_dir), "--change-section-vma", ".osrel=0x20000",
>         "--add-section", ".cmdline={}".format(kernel_param_file),           "--change-section-vma", ".cmdline=0x30000",
>         "--add-section", ".linux={}/kernel".format(generation_dir),         "--change-section-vma", ".linux=0x40000",
>         "--add-section", ".initrd={}/initrd".format(generation_dir),        "--change-section-vma", ".initrd=0x3000000",
>         "{}/sw/lib/systemd/boot/efi/linuxx64.efi.stub".format(generation_dir),
>         tmp_path
>     ])
>     os.unlink(kernel_param_file)
>
>     subprocess.check_call([
>         "@sbsigntool@/bin/sbsign",
>         "--key", "/home/grahamc/projects/grahamc/secure-boot/db.key",
>         "--cert", "/home/grahamc/projects/grahamc/secure-boot/db.crt",
>         "--output", entry_file,
>         tmp_path
>     ])
>     os.unlink(tmp_path)
130,136c137,140
<     rex_profile = re.compile("^@efiSysMountPoint@/loader/entries/nixos-(.*)-generation-.*\.conf$")
<     rex_generation = re.compile("^@efiSysMountPoint@/loader/entries/nixos.*-generation-(.*)\.conf$")
<     known_paths = []
<     for gen in gens:
<         known_paths.append(copy_from_profile(*gen, "kernel", True))
<         known_paths.append(copy_from_profile(*gen, "initrd", True))
<     for path in glob.iglob("@efiSysMountPoint@/loader/entries/nixos*-generation-[1-9]*.conf"):
---
>     rex_profile = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos-(.*)-generation-.*\.efi$")
>     rex_generation = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos.*-generation-(.*)\.efi$")
>
>     for path in glob.iglob("@efiSysMountPoint@/EFI/Linux/nixos*-generation-[1-9]*.efi"):
147,149d150
<     for path in glob.iglob("@efiSysMountPoint@/efi/nixos/*"):
<         if not path in known_paths:
<             os.unlink(path)
190,191c191
<     mkdir_p("@efiSysMountPoint@/efi/nixos")
<     mkdir_p("@efiSysMountPoint@/loader/entries")
---
>     mkdir_p("@efiSysMountPoint@/EFI/Linux")
Only in nixos/modules/system/boot/loader/systemd-boot: systemd-boot.nix
Only in nixos/modules/system/boot/loader/systemd-boot-signed: systemd-boot-signed.nix
	diff nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py nixos/modules/system/boot/loader/systemd-boot-signed/systemd-boot-builder.py
	29,35d28
	< BOOT_ENTRY = """title NixOS{profile}
	< version Generation {generation} {description}
	< linux {kernel}
	< initrd {initrd}
	< options {kernel_params}
	< """
	<
	90c83
	< entry_file = "@efiSysMountPoint@/loader/entries/nixos-%s-generation-%d.conf" % (profile, generation)
	---
	> entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-%s-generation-%d.efi" % (profile, generation)
	92c85
	< entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
	---
	> entry_file = "@efiSysMountPoint@/EFI/Linux/nixos-generation-%d.efi" % (generation)
	95d87
	< kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
	96a89,90
	>
	> kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
	99,108c93,115
	< with open(tmp_path, 'w') as f:
	< f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "",
	< generation=generation,
	< kernel=kernel,
	< initrd=initrd,
	< kernel_params=kernel_params,
	< description=describe_generation(generation_dir)))
	< if machine_id is not None:
	< f.write("machine-id %s\n" % machine_id)
	< os.rename(tmp_path, entry_file)
	---
	> kernel_param_file = "%s.kernel_params.tmp" % (entry_file)
	> with open(kernel_param_file, 'w') as f:
	> f.write(kernel_params)
	>
	> subprocess.check_call([
	> "@binutils@/bin/objcopy",
	> "--add-section", ".osrel={}/etc/os-release".format(generation_dir), "--change-section-vma", ".osrel=0x20000",
	> "--add-section", ".cmdline={}".format(kernel_param_file), "--change-section-vma", ".cmdline=0x30000",
	> "--add-section", ".linux={}/kernel".format(generation_dir), "--change-section-vma", ".linux=0x40000",
	> "--add-section", ".initrd={}/initrd".format(generation_dir), "--change-section-vma", ".initrd=0x3000000",
	> "{}/sw/lib/systemd/boot/efi/linuxx64.efi.stub".format(generation_dir),
	> tmp_path
	> ])
	> os.unlink(kernel_param_file)
	>
	> subprocess.check_call([
	> "@sbsigntool@/bin/sbsign",
	> "--key", "/home/grahamc/projects/grahamc/secure-boot/db.key",
	> "--cert", "/home/grahamc/projects/grahamc/secure-boot/db.crt",
	> "--output", entry_file,
	> tmp_path
	> ])
	> os.unlink(tmp_path)
	130,136c137,140
	< rex_profile = re.compile("^@efiSysMountPoint@/loader/entries/nixos-(.)-generation-.\.conf$")
	< rex_generation = re.compile("^@efiSysMountPoint@/loader/entries/nixos.-generation-(.)\.conf$")
	< known_paths = []
	< for gen in gens:
	< known_paths.append(copy_from_profile(*gen, "kernel", True))
	< known_paths.append(copy_from_profile(*gen, "initrd", True))
	< for path in glob.iglob("@efiSysMountPoint@/loader/entries/nixos-generation-[1-9].conf"):
	---
	> rex_profile = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos-(.)-generation-.\.efi$")
	> rex_generation = re.compile("^@efiSysMountPoint@/EFI/Linux/nixos.-generation-(.)\.efi$")
	>
	> for path in glob.iglob("@efiSysMountPoint@/EFI/Linux/nixos-generation-[1-9].efi"):
	147,149d150
	< for path in glob.iglob("@efiSysMountPoint@/efi/nixos/*"):
	< if not path in known_paths:
	< os.unlink(path)
	190,191c191
	< mkdir_p("@efiSysMountPoint@/efi/nixos")
	< mkdir_p("@efiSysMountPoint@/loader/entries")
	---
	> mkdir_p("@efiSysMountPoint@/EFI/Linux")
	Only in nixos/modules/system/boot/loader/systemd-boot: systemd-boot.nix
	Only in nixos/modules/system/boot/loader/systemd-boot-signed: systemd-boot-signed.nix