diff options
author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2023-01-20 18:34:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-20 18:34:38 +0100 |
commit | 10222e1e37a03c86fdb566eb6e19ab6fb83fff2f (patch) | |
tree | 0c79e36df17d372cce6ea6f3ec82935767781b8b | |
parent | fdee566be91421927b55cf1a19b59c48ebc1b011 (diff) | |
parent | b139c467e968c3d84422e0f3198214beac120e77 (diff) |
Merge pull request #211295 from rnhmjoj/pr-nixos-install
nixos-install: remove root requirement for bind mount
-rwxr-xr-x | nixos/modules/installer/tools/nixos-install.sh | 26 | ||||
-rwxr-xr-x | nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py | 29 | ||||
-rw-r--r-- | nixos/tests/installer.nix | 2 |
3 files changed, 37 insertions, 20 deletions
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 9f609cefe6ea..20fec525e70b 100755 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -188,17 +188,6 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \ mkdir -m 0755 -p "$mountPoint/etc" touch "$mountPoint/etc/NIXOS" -# Create a bind mount for each of the mount points inside the target file -# system. This preserves the validity of their absolute paths after changing -# the root with `nixos-enter`. -# Without this the bootloader installation may fail due to options that -# contain paths referenced during evaluation, like initrd.secrets. -if (( EUID == 0 )); then - mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint" - mount --make-rslave "$mountPoint$mountPoint" - trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT -fi - # Switch to the new system configuration. This will install Grub with # a menu default pointing at the kernel/initrd/etc of the new # configuration. @@ -206,7 +195,20 @@ if [[ -z $noBootLoader ]]; then echo "installing the boot loader..." # Grub needs an mtab. ln -sfn /proc/mounts "$mountPoint"/etc/mtab - NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot + export mountPoint + NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF' + # Create a bind mount for each of the mount points inside the target file + # system. This preserves the validity of their absolute paths after changing + # the root with `nixos-enter`. + # Without this the bootloader installation may fail due to options that + # contain paths referenced during evaluation, like initrd.secrets. + # when not root, re-execute the script in an unshared namespace + mount --rbind --mkdir / "$mountPoint" + mount --make-rslave "$mountPoint" + /run/current-system/bin/switch-to-configuration boot + umount -R "$mountPoint" && rmdir "$mountPoint" +EOF +)" fi # Ask the user to set a root password, but only if the passwd command diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index ea3577f138c2..6741e9d8452b 100755 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -42,7 +42,7 @@ def system_dir(profile: Optional[str], generation: int, specialisation: Optional else: return d -BOOT_ENTRY = """title @distroName@{profile}{specialisation} +BOOT_ENTRY = """title {title} version Generation {generation} {description} linux {kernel} initrd {initrd} @@ -106,14 +106,29 @@ def describe_generation(generation_dir: str) -> str: return description -def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str], machine_id: str) -> None: +def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str], + machine_id: str, current: bool) -> None: kernel = copy_from_profile(profile, generation, specialisation, "kernel") initrd = copy_from_profile(profile, generation, specialisation, "initrd") + + title = "@distroName@{profile}{specialisation}".format( + profile=" [" + profile + "]" if profile else "", + specialisation=" (%s)" % specialisation if specialisation else "") + try: append_initrd_secrets = profile_path(profile, generation, specialisation, "append-initrd-secrets") subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)]) except FileNotFoundError: pass + except subprocess.CalledProcessError: + if current: + print("failed to create initrd secrets!", file=sys.stderr) + sys.exit(1) + else: + print("warning: failed to create initrd secrets " + f'for "{title} - Configuration {generation}", an older generation', file=sys.stderr) + print("note: this is normal after having removed " + "or renamed a file in `boot.initrd.secrets`", file=sys.stderr) entry_file = "@efiSysMountPoint@/loader/entries/%s" % ( generation_conf_filename(profile, generation, specialisation)) generation_dir = os.readlink(system_dir(profile, generation, specialisation)) @@ -123,8 +138,7 @@ def write_entry(profile: Optional[str], generation: int, specialisation: Optiona with open("%s/kernel-params" % (generation_dir)) as params_file: kernel_params = kernel_params + params_file.read() with open(tmp_path, 'w') as f: - f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "", - specialisation=" (%s)" % specialisation if specialisation else "", + f.write(BOOT_ENTRY.format(title=title, generation=generation, kernel=kernel, initrd=initrd, @@ -281,10 +295,11 @@ def main() -> None: remove_old_entries(gens) for gen in gens: try: - write_entry(*gen, machine_id) + is_default = os.readlink(system_dir(*gen)) == args.default_config + write_entry(*gen, machine_id, current=is_default) for specialisation in get_specialisations(*gen): - write_entry(*specialisation, machine_id) - if os.readlink(system_dir(*gen)) == args.default_config: + write_entry(*specialisation, machine_id, current=is_default) + if is_default: write_loader_conf(*gen) except OSError as e: profile = f"profile '{gen.profile}'" if gen.profile else "default profile" diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 50b85560e12c..3adfa979edcc 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -51,7 +51,7 @@ let boot.loader.systemd-boot.enable = true; ''} - boot.initrd.secrets."/etc/secret" = /etc/nixos/secret; + boot.initrd.secrets."/etc/secret" = ./secret; users.users.alice = { isNormalUser = true; |