summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sys/boot/stack/luks-ext4-fscrypt-impermanence.nix7
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
index 81feb60..7905da3 100644
--- a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
+++ b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
@@ -52,9 +52,10 @@ in {
key_id=$(${fscryptctl} add_key /mnt-toplevel </boot-key)
${fscryptctl} set_policy "$key_id" "$root_from_toplevel"
(umask 077; test -f /mnt-toplevel/boot-archive.pub && \
- ${pkgs.openssl}/bin/openssl pkeyutl -encrypt \
- -in /boot-key -pubin -inkey /mnt-toplevel/boot-archive.pub \
- -out "/mnt-toplevel/boot-keys/$boot_stamp.key.crypt")
+ ${getExe pkgs.rage} -ae \
+ -R /mnt-toplevel/boot-archive.pub \
+ -o "/mnt-toplevel/boot-keys/$boot_stamp.key.age" \
+ /boot-key)
rm -f /boot-key
ln -Tsf "$boot_stamp" /mnt-toplevel/boots/last
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 21:56:25 +0000