qemu: enable canokey by default

Given that we were overriding qemu_test to enable this anyway, enabling this by default saves Hydra a QEMU build. There's also clear demand from users[1] for this feature, so our alternatives are: - Offer a qemu-canokey attribute. I don't want to do this, because I don't think there's any reason to make Hydra build an extra QEMU. - Enable it only for qemu_test. I don't want to do this, because it will lead to users using qemu_test without understanding its subtleties. - Force users to build from source. I don't think there's any reason to do this when it's unlikely to hurt anybody having it enabled by default. There's no reason to single out canokey to be disabled by default in spite of users' needs given that we enable so many other optional QEMU features. [1]: https://github.com/canokeys/canokey-qemu/issues/6
2025-01-19 11:23:29 +00:00 · 2024-05-15 13:10:56 +02:00 · 2024-05-15 13:10:56 +02:00 · aa0ce1a26e
commit aa0ce1a26e
parent 19e14ba4c1
2 changed files with 1 additions and 2 deletions
--- a/nixos/tests/systemd-initrd-luks-fido2.nix
+++ b/nixos/tests/systemd-initrd-luks-fido2.nix
@ -9,7 +9,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
      # Booting off the encrypted disk requires having a Nix store available for the init script
      mountHostNixStore = true;
      useEFIBoot = true;
-      qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
      qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
    };
    boot.loader.systemd-boot.enable = true;
--- a/pkgs/applications/virtualization/qemu/default.nix
+++ b/pkgs/applications/virtualization/qemu/default.nix
@ -29,7 +29,7 @@
 , smbdSupport ? false, samba
 , tpmSupport ? !toolsOnly
 , uringSupport ? stdenv.isLinux, liburing
-, canokeySupport ? false, canokey-qemu
+, canokeySupport ? !toolsOnly, canokey-qemu
 , capstoneSupport ? !toolsOnly, capstone
 , enableDocs ? true
 , hostCpuOnly ? false