systemd-boot-builder: don't needlessly copy the initrd

Only copy if we need to append initrd secrets, and even then don't copy to the EFI partition.
NixOS · Jan 23, 2019 · 68f7139 · 68f7139
1 parent 357d388
commit 68f7139
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
@@ -122,17 +122,18 @@ def write_secureboot_entry(profile, generation, machine_id):
         efi_file_relative = "EFI/nixos/nixos-generation-%d.efi" % (generation)
         efi_file = "@efiSysMountPoint@/%s" % (efi_file_relative)
 
-    initrd = "%s.initrd.tmp" % (efi_file)
+    with tempfile.TemporaryDirectory() as tmpdir:
+        append_initrd_secrets = profile_path(profile, generation, "append-initrd-secrets")
+        if os.path.exists(append_initrd_secrets):
+            initrd = f"{tmpdir}/initrd"
             shutil.copyfile(
                 profile_path(profile, generation, "initrd"),
                 initrd
             )
 
-    try:
-        append_initrd_secrets = profile_path(profile, generation, "append-initrd-secrets")
             subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)])
-    except FileNotFoundError:
-        pass
+        else:
+            initrd = profile_path(profile, generation, "initrd"),
 
         generation_dir = os.readlink(system_dir(profile, generation))
         tmp_path = "%s.tmp" % (efi_file)
@@ -169,7 +170,6 @@ def write_secureboot_entry(profile, generation, machine_id):
         os.rename(entry_tmp, entry_file)
         os.unlink(tmp_path)
         os.unlink(kernel_param_file)
-    os.unlink(initrd)
 
 def sign_path(src, output):
     subprocess.check_call([