qemu: enable canokey by default

Given that we were overriding qemu_test to enable this anyway, enabling this by default saves Hydra a QEMU build. There's also clear demand from users[1] for this feature, so our alternatives are: - Offer a qemu-canokey attribute. I don't want to do this, because I don't think there's any reason to make Hydra build an extra QEMU. - Enable it only for qemu_test. I don't want to do this, because it will lead to users using qemu_test without understanding its subtleties. - Force users to build from source. I don't think there's any reason to do this when it's unlikely to hurt anybody having it enabled by default. There's no reason to single out canokey to be disabled by default in spite of users' needs given that we enable so many other optional QEMU features. [1]: canokeys/canokey-qemu#6
alyssais · May 17, 2024 · 956c497 · 956c497
1 parent d3dd025
commit 956c497
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix
@@ -9,7 +9,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: {
  # Booting off the encrypted disk requires having a Nix store available for the init script
  mountHostNixStore = true;
  useEFIBoot = true;
- qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; });
  qemu.options = [ "-device canokey,file=/tmp/canokey-file" ];
  };
  boot.loader.systemd-boot.enable = true;

diff --git a/pkgs/applications/virtualization/qemu/default.nix b/pkgs/applications/virtualization/qemu/default.nix
@@ -29,7 +29,7 @@
 , smbdSupport ? false, samba
 , tpmSupport ? !toolsOnly
 , uringSupport ? stdenv.isLinux, liburing
-, canokeySupport ? false, canokey-qemu
+, canokeySupport ? !toolsOnly, canokey-qemu
 , capstoneSupport ? !toolsOnly, capstone
 , enableDocs ? true
 , hostCpuOnly ? false