This option allows for TPM to provisionned before the control is handed
over to the qemu VM.
This is useful to add EK certificates.
The socket has been split in two, a server socket as well as the control
socket for compatibility with the tpm2-tss swtpm TCTI.
Because the control socket may now be used for provisioning, the swtpm
does not terminate when a client disconnects, and the stop of the swtpm
daemon is now controlled by a call to `swtpm_ioctl`.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
https://github.com/NixOS/nixpkgs/pull/347283 changed the default to
exclude non-physical network Kind, but that unfortunately also includes
`veth` which LXC uses for its network interfaces. Re-enable that
functionality so users can use networkd with useDHCP.
`/etc/os-release` of NixOS containers, which are
`/var/lib/nixos-containers/*/etc/os-release` on the host, are usually
symlinks to the absolute path `/etc/static/os-release` but it doesn't
exist in non-NixOS host. Since `startScript` is evaluated by the host
system, both `[ -e "$root/etc/os-release" ]` and
`touch "$root/etc/os-release"` fail, so that the container fails to
start on the second boot (on the first boot, the symlink doesn't exist,
so the command succeeds).
This commit avoids `touch "$root/etc/os-release"` if
`$root/etc/os-release` is a symlink, so imperative NixOS containers are
usable on non-NixOS host.
The script generation is using the *lib.imap* functions in several other places already so this spot using a shell script variable instead seems a bit off.
Moving the previous shell script code to Nix improves upon the Nix code by removing the additional *lib.optionalString* for the variable initialisation making the code more concise.
The shell code is reduced to a one-liner per disk image, making it much easier to determine that this is a templated loop.
Compare the previous:
```bash
idx=0
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
if ! test -e "empty$idx.qcow2"; then
/nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty$idx.qcow2" "20480M"
fi
idx=$((idx + 1))
```
and the new:
```bash
test -e "empty0.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty0.qcow2" "20480M"
test -e "empty1.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty1.qcow2" "20480M"
test -e "empty2.qcow2" || /nix/store/73n3qwfazqw8zwr1z840jsirjllqpg9v-qemu-host-cpu-only-for-vm-tests-9.0.2/bin/qemu-img create -f qcow2 "empty2.qcow2" "20480M"
```
While the line becomes slightly longer it also becomes immediately obvious on a visual level which parts are changing for each invocation (i.e. different disk sizes as well as the incremented counter stick out).
Since the "idx" variable is now embedded, this also becomes copy&pastable, and also shows the maximum index readily in the last line, as opposed to having to count the number of if statements otherwise.
None of this is *needed* of course.
Signed-off-by: benaryorg <binary@benary.org>
