From 912edce4cb7c22850ed026e6380f66a89ef38c5c Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 15 May 2024 13:10:56 +0200 Subject: [PATCH] qemu: enable canokey by default Given that we were overriding qemu_test to enable this anyway, enabling this by default saves Hydra a QEMU build. There's also clear demand from users[1] for this feature, so our alternatives are: - Offer a qemu-canokey attribute. I don't want to do this, because I don't think there's any reason to make Hydra build an extra QEMU. - Enable it only for qemu_test. I don't want to do this, because it will lead to users using qemu_test without understanding its subtleties. - Force users to build from source. I don't think there's any reason to do this when it's unlikely to hurt anybody having it enabled by default. There's no reason to single out canokey to be disabled by default in spite of users' needs given that we enable so many other optional QEMU features. [1]: https://github.com/canokeys/canokey-qemu/issues/6 --- nixos/tests/systemd-initrd-luks-fido2.nix | 1 - pkgs/applications/virtualization/qemu/default.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix index f9f75ab7f301c..207f51f4dd9b4 100644 --- a/nixos/tests/systemd-initrd-luks-fido2.nix +++ b/nixos/tests/systemd-initrd-luks-fido2.nix @@ -9,7 +9,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { # Booting off the encrypted disk requires having a Nix store available for the init script mountHostNixStore = true; useEFIBoot = true; - qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; }); qemu.options = [ "-device canokey,file=/tmp/canokey-file" ]; }; boot.loader.systemd-boot.enable = true; diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix index 05f93613087bc..2f87cb4a473bd 100644 --- a/pkgs/applications/virtualization/qemu/default.nix +++ b/pkgs/applications/virtualization/qemu/default.nix @@ -29,7 +29,7 @@ , smbdSupport ? false, samba , tpmSupport ? !toolsOnly , uringSupport ? stdenv.isLinux, liburing -, canokeySupport ? false, canokey-qemu +, canokeySupport ? !toolsOnly, canokey-qemu , capstoneSupport ? !toolsOnly, capstone , enableDocs ? true , hostCpuOnly ? false