mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 12:29:02 +02:00
Merge pull request #211295 from rnhmjoj/pr-nixos-install
nixos-install: remove root requirement for bind mount
This commit is contained in:
commit
10222e1e37
|
@ -188,17 +188,6 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \
|
|||
mkdir -m 0755 -p "$mountPoint/etc"
|
||||
touch "$mountPoint/etc/NIXOS"
|
||||
|
||||
# Create a bind mount for each of the mount points inside the target file
|
||||
# system. This preserves the validity of their absolute paths after changing
|
||||
# the root with `nixos-enter`.
|
||||
# Without this the bootloader installation may fail due to options that
|
||||
# contain paths referenced during evaluation, like initrd.secrets.
|
||||
if (( EUID == 0 )); then
|
||||
mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint"
|
||||
mount --make-rslave "$mountPoint$mountPoint"
|
||||
trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT
|
||||
fi
|
||||
|
||||
# Switch to the new system configuration. This will install Grub with
|
||||
# a menu default pointing at the kernel/initrd/etc of the new
|
||||
# configuration.
|
||||
|
@ -206,7 +195,20 @@ if [[ -z $noBootLoader ]]; then
|
|||
echo "installing the boot loader..."
|
||||
# Grub needs an mtab.
|
||||
ln -sfn /proc/mounts "$mountPoint"/etc/mtab
|
||||
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
|
||||
export mountPoint
|
||||
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF'
|
||||
# Create a bind mount for each of the mount points inside the target file
|
||||
# system. This preserves the validity of their absolute paths after changing
|
||||
# the root with `nixos-enter`.
|
||||
# Without this the bootloader installation may fail due to options that
|
||||
# contain paths referenced during evaluation, like initrd.secrets.
|
||||
# when not root, re-execute the script in an unshared namespace
|
||||
mount --rbind --mkdir / "$mountPoint"
|
||||
mount --make-rslave "$mountPoint"
|
||||
/run/current-system/bin/switch-to-configuration boot
|
||||
umount -R "$mountPoint" && rmdir "$mountPoint"
|
||||
EOF
|
||||
)"
|
||||
fi
|
||||
|
||||
# Ask the user to set a root password, but only if the passwd command
|
||||
|
|
|
@ -42,7 +42,7 @@ def system_dir(profile: Optional[str], generation: int, specialisation: Optional
|
|||
else:
|
||||
return d
|
||||
|
||||
BOOT_ENTRY = """title @distroName@{profile}{specialisation}
|
||||
BOOT_ENTRY = """title {title}
|
||||
version Generation {generation} {description}
|
||||
linux {kernel}
|
||||
initrd {initrd}
|
||||
|
@ -106,14 +106,29 @@ def describe_generation(generation_dir: str) -> str:
|
|||
return description
|
||||
|
||||
|
||||
def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str], machine_id: str) -> None:
|
||||
def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str],
|
||||
machine_id: str, current: bool) -> None:
|
||||
kernel = copy_from_profile(profile, generation, specialisation, "kernel")
|
||||
initrd = copy_from_profile(profile, generation, specialisation, "initrd")
|
||||
|
||||
title = "@distroName@{profile}{specialisation}".format(
|
||||
profile=" [" + profile + "]" if profile else "",
|
||||
specialisation=" (%s)" % specialisation if specialisation else "")
|
||||
|
||||
try:
|
||||
append_initrd_secrets = profile_path(profile, generation, specialisation, "append-initrd-secrets")
|
||||
subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)])
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
except subprocess.CalledProcessError:
|
||||
if current:
|
||||
print("failed to create initrd secrets!", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
else:
|
||||
print("warning: failed to create initrd secrets "
|
||||
f'for "{title} - Configuration {generation}", an older generation', file=sys.stderr)
|
||||
print("note: this is normal after having removed "
|
||||
"or renamed a file in `boot.initrd.secrets`", file=sys.stderr)
|
||||
entry_file = "@efiSysMountPoint@/loader/entries/%s" % (
|
||||
generation_conf_filename(profile, generation, specialisation))
|
||||
generation_dir = os.readlink(system_dir(profile, generation, specialisation))
|
||||
|
@ -123,8 +138,7 @@ def write_entry(profile: Optional[str], generation: int, specialisation: Optiona
|
|||
with open("%s/kernel-params" % (generation_dir)) as params_file:
|
||||
kernel_params = kernel_params + params_file.read()
|
||||
with open(tmp_path, 'w') as f:
|
||||
f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "",
|
||||
specialisation=" (%s)" % specialisation if specialisation else "",
|
||||
f.write(BOOT_ENTRY.format(title=title,
|
||||
generation=generation,
|
||||
kernel=kernel,
|
||||
initrd=initrd,
|
||||
|
@ -281,10 +295,11 @@ def main() -> None:
|
|||
remove_old_entries(gens)
|
||||
for gen in gens:
|
||||
try:
|
||||
write_entry(*gen, machine_id)
|
||||
is_default = os.readlink(system_dir(*gen)) == args.default_config
|
||||
write_entry(*gen, machine_id, current=is_default)
|
||||
for specialisation in get_specialisations(*gen):
|
||||
write_entry(*specialisation, machine_id)
|
||||
if os.readlink(system_dir(*gen)) == args.default_config:
|
||||
write_entry(*specialisation, machine_id, current=is_default)
|
||||
if is_default:
|
||||
write_loader_conf(*gen)
|
||||
except OSError as e:
|
||||
profile = f"profile '{gen.profile}'" if gen.profile else "default profile"
|
||||
|
|
|
@ -51,7 +51,7 @@ let
|
|||
boot.loader.systemd-boot.enable = true;
|
||||
''}
|
||||
|
||||
boot.initrd.secrets."/etc/secret" = /etc/nixos/secret;
|
||||
boot.initrd.secrets."/etc/secret" = ./secret;
|
||||
|
||||
users.users.alice = {
|
||||
isNormalUser = true;
|
||||
|
|
Loading…
Reference in a new issue