From 294a4e6ea5245a7dede7932383813fa7272f277b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 13:49:24 +0100 Subject: [PATCH 01/35] Use nixUnstable as the default temporarily --- pkgs/tools/package-management/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 81031c0a547cf..ea4b6bfdb38a2 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -149,7 +149,7 @@ let in rec { - nix = nixStable; + nix = nixUnstable; nixStable = (common rec { name = "nix-1.11.16"; From 60cb23001a1e8e4102ce905810c5641a7eb3a237 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 19:41:54 +0100 Subject: [PATCH 02/35] Add a "nixos-enter" command This factors out the functionality in nixos-install for running a command inside a NixOS installation (nixos-install --chroot). --- nixos/doc/manual/man-nixos-enter.xml | 119 +++++++++++++++++++ nixos/doc/manual/man-pages.xml | 3 +- nixos/modules/installer/tools/nixos-enter.sh | 58 +++++++++ nixos/modules/installer/tools/tools.nix | 12 +- 4 files changed, 189 insertions(+), 3 deletions(-) create mode 100644 nixos/doc/manual/man-nixos-enter.xml create mode 100644 nixos/modules/installer/tools/nixos-enter.sh diff --git a/nixos/doc/manual/man-nixos-enter.xml b/nixos/doc/manual/man-nixos-enter.xml new file mode 100644 index 0000000000000..a2fbe07961db6 --- /dev/null +++ b/nixos/doc/manual/man-nixos-enter.xml @@ -0,0 +1,119 @@ + + + + nixos-enter + 8 + NixOS + + + + + nixos-enter + run a command in a NixOS chroot environment + + + + + nixos-enter + + + root + + + + system + + + + shell-command + + + + + + + arguments + + + + + +Description + +This command runs a command in a NixOS chroot environment, that +is, in a filesystem hierarchy previously prepared using +nixos-install. + + + +Options + +This command accepts the following options: + + + + + + + The path to the NixOS system you want to enter. It defaults to /mnt. + + + + + + + The NixOS system configuration to use. It defaults to + /nix/var/nix/profiles/system. You can enter + a previous NixOS configuration by specifying a path such as + /nix/var/nix/profiles/system-106-link. + + + + + + + + The bash command to execute. + + + + + + + Interpret the remaining arguments as the program + name and arguments to be invoked. The program is not executed in a + shell. + + + + + + + + +Examples + +Start an interactive shell in the NixOS installation in +/mnt: + + +# nixos-enter /mnt + + +Run a shell command: + + +# nixos-enter -c 'ls -l /; cat /proc/mounts' + + +Run a non-shell command: + + +# nixos-enter -- cat /proc/mounts + + + + + diff --git a/nixos/doc/manual/man-pages.xml b/nixos/doc/manual/man-pages.xml index e945e0e626393..80a8458fbfec4 100644 --- a/nixos/doc/manual/man-pages.xml +++ b/nixos/doc/manual/man-pages.xml @@ -15,7 +15,7 @@ - 2007-2015 + 2007-2018 Eelco Dolstra @@ -25,6 +25,7 @@ + diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh new file mode 100644 index 0000000000000..c5c7963b29f3a --- /dev/null +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -0,0 +1,58 @@ +#! @shell@ + +set -e + +# Re-exec ourselves in a private mount namespace so that our bind +# mounts get cleaned up automatically. +if [ "$(id -u)" = 0 ]; then + if [ -z "$NIXOS_ENTER_REEXEC" ]; then + export NIXOS_ENTER_REEXEC=1 + exec unshare --mount --uts -- "$0" "$@" + else + mount --make-rprivate / + fi +fi + +mountPoint=/mnt +command=("bash" "--login") +system=/nix/var/nix/profiles/system + +while [ "$#" -gt 0 ]; do + i="$1"; shift 1 + case "$i" in + --root) + mountPoint="$1"; shift 1 + ;; + --system) + system="$1"; shift 1 + ;; + --help) + exec man nixos-enter + exit 1 + ;; + --command|-c) + command=("bash" "-c" "$1") + shift 1 + ;; + --) + command=("$@") + break + ;; + *) + echo "$0: unknown option \`$i'" + exit 1 + ;; + esac +done + +# Set up some bind mounts we'll want regardless of chroot or not +mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/proc" "$mountPoint/sys" "$mountPoint/run" +mount --rbind /dev "$mountPoint/dev" +mount -t proc none "$mountPoint/proc" +mount -t sysfs none "$mountPoint/sys" +mount -t tmpfs none "$mountPoint/run" + +# Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. +LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 + +exec chroot "$mountPoint" "${command[@]}" diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index a3bae78c0ffcb..9398e2dc1ebc5 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -1,7 +1,9 @@ # This module generates nixos-install, nixos-rebuild, # nixos-generate-config, etc. -{ config, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, ... }: + +with lib; let cfg = config.installer; @@ -69,6 +71,11 @@ let inherit (config.system) nixosVersion nixosCodeName nixosRevision; }; + nixos-enter = makeProg { + name = "nixos-enter"; + src = ./nixos-enter.sh; + }; + in { @@ -83,10 +90,11 @@ in nixos-generate-config nixos-option nixos-version + nixos-enter ]; system.build = { - inherit nixos-install nixos-prepare-root nixos-generate-config nixos-option nixos-rebuild; + inherit nixos-install nixos-prepare-root nixos-generate-config nixos-option nixos-rebuild nixos-enter; }; }; From e88f28965a7d76e83478d3ae6fcddc165b1c94f1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 19:50:36 +0100 Subject: [PATCH 03/35] nixos-install: Make compatible with Nix 2.0 The use of Nix 2.0 significantly simplifies the installer, since we can just pass a different store URI (--store /mnt) - it's no longer needed to set up a chroot environment for the build, and to bootstrap Nix into the chroot. Also, commands that need to run in the installation (namely boot loader installation and setting a root password) are now executed using nixos-enter. This also removes the need for nixos-prepare-root since any required initialisation is done by Nix or by the activation script. --- .../manual/development/testing-installer.xml | 6 +- .../modules/installer/tools/nixos-install.sh | 187 ++++++------------ nixos/modules/installer/tools/tools.nix | 11 +- 3 files changed, 63 insertions(+), 141 deletions(-) diff --git a/nixos/doc/manual/development/testing-installer.xml b/nixos/doc/manual/development/testing-installer.xml index 20c8d51815ad3..16bc8125d9ff4 100644 --- a/nixos/doc/manual/development/testing-installer.xml +++ b/nixos/doc/manual/development/testing-installer.xml @@ -11,15 +11,17 @@ tedious, so here is a quick way to see if the installer works properly: -$ nix-build -A config.system.build.nixos-install # mount -t tmpfs none /mnt +# nixos-generate-config --root /mnt +$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-install # ./result/bin/nixos-install To start a login shell in the new NixOS installation in /mnt: -# ./result/bin/nixos-install --chroot +$ nix-build '<nixpkgs/nixos>' -A config.system.build.nixos-enter +# ./result/bin/nixos-enter diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index f994d5b4bde11..69371f3e41320 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -1,30 +1,17 @@ #! @shell@ -# - make Nix store etc. -# - copy closure of Nix to target device -# - register validity -# - with a chroot to the target device: -# * nix-env -p /nix/var/nix/profiles/system -i -# * install the boot loader +set -e +shopt -s nullglob + +export PATH=@path@:$PATH # Ensure a consistent umask. umask 0022 -# Re-exec ourselves in a private mount namespace so that our bind -# mounts get cleaned up automatically. -if [ "$(id -u)" = 0 ]; then - if [ -z "$NIXOS_INSTALL_REEXEC" ]; then - export NIXOS_INSTALL_REEXEC=1 - exec unshare --mount --uts -- "$0" "$@" - else - mount --make-rprivate / - fi -fi - # Parse the command line for the -I flag extraBuildFlags=() -chrootCommand=(/run/current-system/sw/bin/bash) -buildUsersGroup="nixbld" + +mountPoint=/mnt while [ "$#" -gt 0 ]; do i="$1"; shift 1 @@ -42,8 +29,8 @@ while [ "$#" -gt 0 ]; do mountPoint="$1"; shift 1 ;; --closure) - closure="$1"; shift 1 - buildUsersGroup="" + # FIXME: --closure is a misnomer + system="$1"; shift 1 ;; --no-channel-copy) noChannelCopy=1 @@ -57,17 +44,13 @@ while [ "$#" -gt 0 ]; do --show-trace) extraBuildFlags+=("$i") ;; - --chroot) - runChroot=1 - if [[ "$@" != "" ]]; then - chrootCommand=("$@") - fi - break - ;; --help) exec man nixos-install exit 1 ;; + --debug) + set -x + ;; *) echo "$0: unknown option \`$i'" exit 1 @@ -75,132 +58,78 @@ while [ "$#" -gt 0 ]; do esac done -set -e -shopt -s nullglob - -if test -z "$mountPoint"; then - mountPoint=/mnt -fi - if ! test -e "$mountPoint"; then echo "mount point $mountPoint doesn't exist" exit 1 fi # Get the path of the NixOS configuration file. -if test -z "$NIXOS_CONFIG"; then - NIXOS_CONFIG=/etc/nixos/configuration.nix +if [[ -z $NIXOS_CONFIG ]]; then + NIXOS_CONFIG=$mountPoint/etc/nixos/configuration.nix fi -if [ ! -e "$mountPoint/$NIXOS_CONFIG" ] && [ -z "$closure" ]; then - echo "configuration file $mountPoint/$NIXOS_CONFIG doesn't exist" +if [[ ${NIXOS_CONFIG:0:1} != / ]]; then + echo "$0: \$NIXOS_CONFIG is not an absolute path" exit 1 fi - -# Builds will use users that are members of this group -extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup") - -# Inherit binary caches from the host -# TODO: will this still work with Nix 1.12 now that it has no perl? Probably not... -binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')" -extraBuildFlags+=(--option "binary-caches" "$binary_caches") - -# We only need nixpkgs in the path if we don't already have a system closure to install -if [[ -z "$closure" ]]; then - nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")" - export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG" -fi -unset NIXOS_CONFIG - -# These get created in nixos-prepare-root as well, but we want to make sure they're here in case we're -# running with --chroot. TODO: --chroot should just be split into a separate tool. -mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/proc" "$mountPoint/sys" - -# Set up some bind mounts we'll want regardless of chroot or not -mount --rbind /dev "$mountPoint/dev" -mount --rbind /proc "$mountPoint/proc" -mount --rbind /sys "$mountPoint/sys" - -# If we asked for a chroot, that means we're not actually installing anything (yeah I was confused too) -# and we just want to run a command in the context of a $mountPoint that we're assuming has already been -# set up by a previous nixos-install invocation. In that case we set up some remaining bind mounts and -# exec the requested command, skipping the rest of the installation procedure. -if [ -n "$runChroot" ]; then - mount -t tmpfs -o "mode=0755" none $mountPoint/run - rm -rf $mountPoint/var/run - ln -s /run $mountPoint/var/run - for f in /etc/resolv.conf /etc/hosts; do rm -f $mountPoint/$f; [ -f "$f" ] && cp -Lf $f $mountPoint/etc/; done - for f in /etc/passwd /etc/group; do touch $mountPoint/$f; [ -f "$f" ] && mount --rbind -o ro $f $mountPoint/$f; done - - if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then - echo "$0: installation not finished; cannot chroot into installation directory" - exit 1 - fi - ln -s /nix/var/nix/profiles/system $mountPoint/run/current-system - exec chroot $mountPoint "${chrootCommand[@]}" +if [ ! -e "$NIXOS_CONFIG" ] && [ -z "$closure" ]; then + echo "configuration file $NIXOS_CONFIG doesn't exist" + exit 1 fi -# A place to drop temporary closures +# A place to drop temporary stuff. trap "rm -rf $tmpdir" EXIT tmpdir="$(mktemp -d)" -# Build a closure (on the host; we then copy it into the guest) -function closure() { - nix-build "${extraBuildFlags[@]}" --no-out-link -E "with import {}; runCommand \"closure\" { exportReferencesGraph = [ \"x\" (buildEnv { name = \"env\"; paths = [ ($1) stdenv ]; }) ]; } \"cp x \$out\"" -} - -system_closure="$tmpdir/system.closure" -# Use a FIFO for piping nix-store --export into nix-store --import, saving disk -# I/O and space. nix-store --import is run by nixos-prepare-root. -mkfifo $system_closure - -if [ -z "$closure" ]; then - expr="(import {}).system" - system_root="$(nix-build -E "$expr")" - system_closure="$(closure "$expr")" -else - system_root=$closure - # Create a temporary file ending in .closure (so nixos-prepare-root knows to --import it) to transport the store closure - # to the filesytem we're preparing. Also delete it on exit! - # Run in background to avoid blocking while trying to write to the FIFO - # $system_closure refers to - nix-store --export $(nix-store -qR $closure) > $system_closure & -fi - -channel_root="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")" -channel_closure="$tmpdir/channel.closure" -nix-store --export $channel_root > $channel_closure - -# Populate the target root directory with the basics -@prepare_root@/bin/nixos-prepare-root "$mountPoint" "$channel_root" "$system_root" @nixClosure@ "$system_closure" "$channel_closure" - -# nixos-prepare-root doesn't currently do anything with file ownership, so we set it up here instead -chown @root_uid@:@nixbld_gid@ $mountPoint/nix/store +subs="local?trusted=1 https://cache.nixos.org/" +# Build the system configuration in the target filesystem. +if [[ -z $system ]]; then + echo "building the configuration in $NIXOS_CONFIG..." + outLink="$tmpdir/system" + nix build --out-link "$outLink" --store "$mountPoint" "${extraBuildFlags[@]}" \ + --substituters "$subs" \ + -f '' system -I "nixos-config=$NIXOS_CONFIG" + system=$(readlink -f $outLink) +fi +# Set the system profile to point to the configuration. TODO: combine +# this with the previous step once we have a nix-env replacement with +# a progress bar. +nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \ + --substituters "$subs" \ + -p $mountPoint/nix/var/nix/profiles/system --set "$system" + +# Copy the NixOS/Nixpkgs sources to the target as the initial contents +# of the NixOS channel. +if [[ -z $noChannelCopy ]]; then + channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")" + if [[ -n $channelPath ]]; then + echo "copying channel..." + mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root + nix-env --store "$mountPoint" --substituters 'local?trusted=1' "${extraBuildFlags[@]}" \ + -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet + fi +fi -# Grub needs an mtab. -ln -sfn /proc/mounts $mountPoint/etc/mtab +# Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out. +touch "$mountPoint/etc/NIXOS" # Switch to the new system configuration. This will install Grub with # a menu default pointing at the kernel/initrd/etc of the new # configuration. -echo "finalising the installation..." -if [ -z "$noBootLoader" ]; then - NIXOS_INSTALL_BOOTLOADER=1 chroot $mountPoint \ - /nix/var/nix/profiles/system/bin/switch-to-configuration boot +if [[ -z $noBootLoader ]]; then + echo "installing the boot loader..." + # Grub needs an mtab. + ln -sfn /proc/mounts $mountPoint/etc/mtab + NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot fi -# Run the activation script. -chroot $mountPoint /nix/var/nix/profiles/system/activate - - -# Ask the user to set a root password. -if [ -z "$noRootPasswd" ] && chroot $mountPoint [ -x /run/wrappers/bin/passwd ] && [ -t 0 ]; then - echo "setting root password..." - chroot $mountPoint /run/wrappers/bin/passwd +# Ask the user to set a root password, but only if the passwd command +# exists (i.e. when mutable user accounts are enabled). +if [[ -z $noRootPasswd ]] && [ -t 0 ]; then + nixos-enter --root "$mountPoint" -c '[[ -e /nix/var/nix/profiles/system/sw/bin/passwd ]] && echo "setting root password..." && /nix/var/nix/profiles/system/sw/bin/passwd' fi - echo "installation finished!" diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 9398e2dc1ebc5..7be59e4ce2589 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -29,17 +29,8 @@ let nixos-install = makeProg { name = "nixos-install"; src = ./nixos-install.sh; - - inherit (pkgs) perl pathsFromGraph rsync; nix = config.nix.package.out; - cacert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - root_uid = config.ids.uids.root; - nixbld_gid = config.ids.gids.nixbld; - prepare_root = nixos-prepare-root; - - nixClosure = pkgs.runCommand "closure" - { exportReferencesGraph = ["refs" config.nix.package.out]; } - "cp refs $out"; + path = makeBinPath [ nixos-enter ]; }; nixos-rebuild = From 1346923ffa144fa4b596588e1611c02694b48fba Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 21:04:40 +0100 Subject: [PATCH 04/35] modprobe activation: Order after specialfs It requires the existence of /proc. --- nixos/modules/system/boot/modprobe.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/system/boot/modprobe.nix b/nixos/modules/system/boot/modprobe.nix index b915a98d5375b..dee0ab470c992 100644 --- a/nixos/modules/system/boot/modprobe.nix +++ b/nixos/modules/system/boot/modprobe.nix @@ -54,7 +54,7 @@ with lib; environment.systemPackages = [ pkgs.kmod ]; - system.activationScripts.modprobe = + system.activationScripts.modprobe = stringAfter ["specialfs"] '' # Allow the kernel to find our wrapped modprobe (which searches # in the right location in the Nix store for kernel modules). From f9e64dbe764745f05ccf5ac458e804044196f571 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 21:05:02 +0100 Subject: [PATCH 05/35] nixos-enter: Don't mount special filesystems The activation script already does this. --- nixos/modules/installer/tools/nixos-enter.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index c5c7963b29f3a..96b6a017b810b 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -45,12 +45,8 @@ while [ "$#" -gt 0 ]; do esac done -# Set up some bind mounts we'll want regardless of chroot or not -mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/proc" "$mountPoint/sys" "$mountPoint/run" +mkdir -m 0755 -p "$mountPoint/dev" mount --rbind /dev "$mountPoint/dev" -mount -t proc none "$mountPoint/proc" -mount -t sysfs none "$mountPoint/sys" -mount -t tmpfs none "$mountPoint/run" # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 From cc0caac098b56b67300778c8a1738f8a16e08442 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 5 Feb 2018 21:12:17 +0100 Subject: [PATCH 06/35] Move creation of /root to the activation script ...so it appears in a new installation before rebooting the system. --- nixos/modules/config/users-groups.nix | 2 ++ nixos/modules/system/boot/stage-2-init.sh | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index c1102d5581010..92670ba31f507 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -533,6 +533,8 @@ in { -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \ -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \ ${./update-users-groups.pl} ${spec} + + install -m 0700 -d /root ''; # for backwards compatibility diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 46aed44bf10fc..9d2c580d62a7d 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -82,7 +82,6 @@ ln -s /proc/mounts /etc/mtab mkdir -m 01777 -p /tmp mkdir -m 0755 -p /var/{log,lib,db} /nix/var /etc/nixos/ \ /run/lock /home /bin # for the /bin/sh symlink -install -m 0700 -d /root # Miscellaneous boot time cleanup. From 5193807750853a592bb7d0202a998d1f2c780cf2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 15:47:19 +0100 Subject: [PATCH 07/35] VM tests: Initialize the Nix database with correct NAR hashes/sizes --- nixos/tests/misc.nix | 11 +++++- pkgs/build-support/closure-info.nix | 55 ++++++++--------------------- 2 files changed, 25 insertions(+), 41 deletions(-) diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 6de17518214c6..4fd9466dc5027 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -1,11 +1,13 @@ # Miscellaneous small tests that don't warrant their own VM run. -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test.nix ({ pkgs, ...} : rec { name = "misc"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco chaoflow ]; }; + foo = pkgs.writeText "foo" "Hello World"; + machine = { config, lib, pkgs, ... }: with lib; @@ -27,10 +29,17 @@ import ./make-test.nix ({ pkgs, ...} : { security.sudo = { enable = true; wheelNeedsPassword = false; }; boot.kernel.sysctl."vm.swappiness" = 1; boot.kernelParams = [ "vsyscall=emulate" ]; + system.extraDependencies = [ foo ]; }; testScript = '' + subtest "nix-db", sub { + my $json = $machine->succeed("nix path-info --json ${foo}"); + $json =~ /"narHash":"sha256:0afw0d9j1hvwiz066z93jiddc33nxg6i6qyp26vnqyglpyfivlq5"/ or die "narHash not set"; + $json =~ /"narSize":128/ or die "narSize not set"; + }; + subtest "nixos-version", sub { $machine->succeed("[ `nixos-version | wc -w` = 2 ]"); }; diff --git a/pkgs/build-support/closure-info.nix b/pkgs/build-support/closure-info.nix index 4d178ac96c5d9..54b1fe59b66d3 100644 --- a/pkgs/build-support/closure-info.nix +++ b/pkgs/build-support/closure-info.nix @@ -8,51 +8,26 @@ { rootPaths }: -#if builtins.langVersion >= 5 then -# FIXME: it doesn't work on Hydra, failing to find mkdir; -# perhaps .attrs.sh clobbers PATH with new nix? -if false then +assert builtins.langVersion >= 5; - # Nix >= 1.12: Include NAR hash / size info. +stdenv.mkDerivation { + name = "closure-info"; - stdenv.mkDerivation { - name = "closure-info"; + __structuredAttrs = true; - __structuredAttrs = true; + exportReferencesGraph.closure = rootPaths; - exportReferencesGraph.closure = rootPaths; + PATH = "${coreutils}/bin:${jq}/bin"; - PATH = "${coreutils}/bin:${jq}/bin"; + builder = builtins.toFile "builder" + '' + if [ -e .attrs.sh ]; then . .attrs.sh; fi - builder = builtins.toFile "builder" - '' - if [ -e .attrs.sh ]; then . .attrs.sh; fi + out=''${outputs[out]} - out=''${outputs[out]} + mkdir $out - mkdir $out - - jq -r '.closure | map([.path, .narHash, .narSize, "", (.references | length)] + .references) | add | map("\(.)\n") | add' < .attrs.json | head -n -1 > $out/registration - jq -r .closure[].path < .attrs.json > $out/store-paths - ''; - } - -else - - # Nix < 1.12 - - stdenv.mkDerivation { - name = "closure-info"; - - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x) x]) rootPaths; - - buildInputs = [ perl ]; - - buildCommand = - '' - mkdir $out - printRegistration=1 perl ${pathsFromGraph} closure-* > $out/registration - perl ${pathsFromGraph} closure-* > $out/store-paths - ''; - } + jq -r '.closure | map([.path, .narHash, .narSize, "", (.references | length)] + .references) | add | map("\(.)\n") | add' < .attrs.json | head -n -1 > $out/registration + jq -r .closure[].path < .attrs.json > $out/store-paths + ''; +} From df117acab7bf345500ffada26c240c9f815b7c21 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 16:50:47 +0100 Subject: [PATCH 08/35] ISO images: Initialize the Nix database with correct NAR hashes/sizes The boot test now runs "nix verify" to ensure that all hashes are correct. --- nixos/lib/make-iso9660-image.nix | 9 ++--- nixos/lib/make-iso9660-image.sh | 7 ++-- nixos/lib/make-squashfs.nix | 42 +++----------------- nixos/modules/installer/cd-dvd/iso-image.nix | 8 +--- nixos/tests/boot.nix | 1 + 5 files changed, 15 insertions(+), 52 deletions(-) diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix index 75be70dbcb2bf..c6bafd48f9dbd 100644 --- a/nixos/lib/make-iso9660-image.nix +++ b/nixos/lib/make-iso9660-image.nix @@ -1,4 +1,4 @@ -{ stdenv, perl, pathsFromGraph, xorriso, syslinux +{ stdenv, perl, closureInfo, xorriso, syslinux , # The file name of the resulting ISO image. isoName ? "cd.iso" @@ -48,9 +48,9 @@ assert usbBootable -> isohybridMbrImage != ""; stdenv.mkDerivation { name = isoName; builder = ./make-iso9660-image.sh; - buildInputs = [perl xorriso syslinux]; + buildInputs = [ xorriso syslinux ]; - inherit isoName bootable bootImage compressImage volumeID pathsFromGraph efiBootImage efiBootable isohybridMbrImage usbBootable; + inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; # !!! should use XML. sources = map (x: x.source) contents; @@ -61,6 +61,5 @@ stdenv.mkDerivation { symlinks = map (x: x.symlink) storeContents; # For obtaining the closure of `storeContents'. - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents; + closureInfo = closureInfo { rootPaths = map (x: x.object) storeContents; }; } diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh index c623436f6c5b9..45cdef1ef4df5 100644 --- a/nixos/lib/make-iso9660-image.sh +++ b/nixos/lib/make-iso9660-image.sh @@ -72,16 +72,15 @@ done # Add the closures of the top-level store objects. -storePaths=$(perl $pathsFromGraph closure-*) -for i in $storePaths; do +for i in $(< $closureInfo/store-paths); do addPath "${i:1}" "$i" done # Also include a manifest of the closures in a format suitable for # nix-store --load-db. -if [ -n "$object" ]; then - printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration +if [[ ${#objects[*]} != 0 ]]; then + cp $closureInfo/registration nix-path-registration addPath "nix-path-registration" "nix-path-registration" fi diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix index 9d47a3222cc27..7ab84e47f53b5 100644 --- a/nixos/lib/make-squashfs.nix +++ b/nixos/lib/make-squashfs.nix @@ -1,4 +1,4 @@ -{ stdenv, squashfsTools, perl, pathsFromGraph +{ stdenv, squashfsTools, closureInfo , # The root directory of the squashfs filesystem is filled with the # closures of the Nix store paths listed here. @@ -8,50 +8,18 @@ stdenv.mkDerivation { name = "squashfs.img"; - nativeBuildInputs = [perl squashfsTools]; - - # For obtaining the closure of `storeContents'. - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x) x]) storeContents; + nativeBuildInputs = [ squashfsTools ]; buildCommand = '' - # Add the closures of the top-level store objects. - storePaths=$(perl ${pathsFromGraph} closure-*) - - # If a Hydra slave happens to have store paths with bad permissions/mtime, - # abort now so that they don't end up in ISO images in the channel. - # https://github.com/NixOS/nixpkgs/issues/32242 - hasBadPaths="" - for path in $storePaths; do - if [ -h "$path" ]; then - continue - fi - - mtime=$(stat -c %Y "$path") - mode=$(stat -c %a "$path") - - if [ "$mtime" != 1 ]; then - echo "Store path '$path' has an invalid mtime." - hasBadPaths=1 - fi - if [ "$mode" != 444 ] && [ "$mode" != 555 ]; then - echo "Store path '$path' has invalid permissions ($mode)." - hasBadPaths=1 - fi - done - - if [ -n "$hasBadPaths" ]; then - echo "You have bad paths in your store, please fix them." - exit 1 - fi + closureInfo=${closureInfo { rootPaths = storeContents; }} # Also include a manifest of the closures in a format suitable # for nix-store --load-db. - printRegistration=1 perl ${pathsFromGraph} closure-* > nix-path-registration + cp $closureInfo/registration nix-path-registration # Generate the squashfs image. - mksquashfs nix-path-registration $storePaths $out \ + mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \ -keep-as-directory -all-root -b 1048576 -comp xz -Xdict-size 100% ''; } diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix index a039f7fdcb6e7..bf9db8249f137 100644 --- a/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixos/modules/installer/cd-dvd/iso-image.nix @@ -331,8 +331,7 @@ in config.system.build.toplevel.drvPath; # Create the squashfs image that contains the Nix store. - system.build.squashfsStore = import ../../../lib/make-squashfs.nix { - inherit (pkgs) stdenv squashfsTools perl pathsFromGraph; + system.build.squashfsStore = pkgs.callPackage ../../../lib/make-squashfs.nix { storeContents = config.isoImage.storeContents; }; @@ -383,11 +382,8 @@ in boot.loader.timeout = 10; # Create the ISO image. - system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({ - inherit (pkgs) stdenv perl pathsFromGraph xorriso syslinux; - + system.build.isoImage = pkgs.callPackage ../../../lib/make-iso9660-image.nix ({ inherit (config.isoImage) isoName compressImage volumeID contents; - bootable = true; bootImage = "/isolinux/isolinux.bin"; } // optionalAttrs config.isoImage.makeUsbBootable { diff --git a/nixos/tests/boot.nix b/nixos/tests/boot.nix index fc52cd09f2095..0ba8a2704e637 100644 --- a/nixos/tests/boot.nix +++ b/nixos/tests/boot.nix @@ -24,6 +24,7 @@ let my $machine = createMachine({ ${machineConfig}, qemuFlags => '-m 768' }); $machine->start; $machine->waitForUnit("multi-user.target"); + $machine->succeed("nix verify -r --no-trust /run/current-system"); $machine->shutdown; ''; }; From f0979ca30e657b16a840fe8977fb833c762d53c3 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 17:20:26 +0100 Subject: [PATCH 09/35] nixos-install: Don't require root E.g. nixos-install --root /tmp/mnt/ --no-bootloader --no-root-passwd now works for non-root users. --- nixos/modules/installer/tools/nixos-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 69371f3e41320..222211df2789d 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -82,7 +82,7 @@ fi trap "rm -rf $tmpdir" EXIT tmpdir="$(mktemp -d)" -subs="local?trusted=1 https://cache.nixos.org/" +subs="auto?trusted=1 https://cache.nixos.org/" # Build the system configuration in the target filesystem. if [[ -z $system ]]; then @@ -108,7 +108,7 @@ if [[ -z $noChannelCopy ]]; then if [[ -n $channelPath ]]; then echo "copying channel..." mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root - nix-env --store "$mountPoint" --substituters 'local?trusted=1' "${extraBuildFlags[@]}" \ + nix-env --store "$mountPoint" --substituters 'auto?trusted=1' "${extraBuildFlags[@]}" \ -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet fi fi From bb030ece3b4dc6ca892907927345e8d109e42678 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 17:23:05 +0100 Subject: [PATCH 10/35] nixos-enter: Check whether --root denotes a NixOS installation --- nixos/modules/installer/tools/nixos-enter.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index 96b6a017b810b..fcd0c54f5db9d 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -45,6 +45,11 @@ while [ "$#" -gt 0 ]; do esac done +if [[ ! -e $mountPoint/etc/NIXOS ]]; then + echo "$0: '$mountPoint' is not a NixOS installation" >&2 + exit 126 +fi + mkdir -m 0755 -p "$mountPoint/dev" mount --rbind /dev "$mountPoint/dev" From 16bdaf3d036fed3321d26e5b1ed7b2a5f67b2a51 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 17:58:21 +0100 Subject: [PATCH 11/35] Remove creation of /dev/{fd,stdin,stdout,stderr} This is already provided by devtmpfs. --- nixos/modules/system/activation/activation-script.nix | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index c2ac731d433d1..8c9b35fe524f7 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -117,14 +117,7 @@ in config = { - system.activationScripts.stdio = - '' - # Needed by some programs. - ln -sfn /proc/self/fd /dev/fd - ln -sfn /proc/self/fd/0 /dev/stdin - ln -sfn /proc/self/fd/1 /dev/stdout - ln -sfn /proc/self/fd/2 /dev/stderr - ''; + system.activationScripts.stdio = ""; # obsolete system.activationScripts.var = '' From da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 17:59:04 +0100 Subject: [PATCH 12/35] nixos-enter: Don't require root Of course, you'll get a bunch of warnings from the activation script: $ nixos-enter --root /tmp/mnt/ setting up /etc... mount: /dev: permission denied. mount: /dev/pts: permission denied. mount: /dev/shm: permission denied. mount: /sys: permission denied. /nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument NOTE: Under Linux, effective file capabilities must either be empty, or exactly match the union of selected permitted and inheritable bits. Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted) chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument [root@nixos:/]# --- nixos/modules/installer/tools/nixos-enter.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index fcd0c54f5db9d..122d9fdcd29b0 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -4,13 +4,14 @@ set -e # Re-exec ourselves in a private mount namespace so that our bind # mounts get cleaned up automatically. -if [ "$(id -u)" = 0 ]; then - if [ -z "$NIXOS_ENTER_REEXEC" ]; then - export NIXOS_ENTER_REEXEC=1 - exec unshare --mount --uts -- "$0" "$@" - else - mount --make-rprivate / +if [ -z "$NIXOS_ENTER_REEXEC" ]; then + export NIXOS_ENTER_REEXEC=1 + if [ "$(id -u)" != 0 ]; then + extraFlags="-r" fi + exec unshare --fork --mount --uts --mount-proc --pid $extraFlags -- "$0" "$@" +else + mount --make-rprivate / fi mountPoint=/mnt @@ -54,6 +55,6 @@ mkdir -m 0755 -p "$mountPoint/dev" mount --rbind /dev "$mountPoint/dev" # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. -LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 +LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 || true exec chroot "$mountPoint" "${command[@]}" From 6daad9b3c564ada1900d7be4bf8b3888de1ec197 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 18:22:05 +0100 Subject: [PATCH 13/35] nixos-install: Fix --closure --- nixos/modules/installer/tools/nixos-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 222211df2789d..4f1b234b0e0fc 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -73,7 +73,7 @@ if [[ ${NIXOS_CONFIG:0:1} != / ]]; then exit 1 fi -if [ ! -e "$NIXOS_CONFIG" ] && [ -z "$closure" ]; then +if [[ ! -e $NIXOS_CONFIG && -z $system ]]; then echo "configuration file $NIXOS_CONFIG doesn't exist" exit 1 fi From 598a3f5b30c39aa923ab5d85234fc263796b8b6c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:10:13 +0100 Subject: [PATCH 14/35] nixos-install: Create /etc --- nixos/modules/installer/tools/nixos-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 4f1b234b0e0fc..40ec491a65f3e 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -114,6 +114,7 @@ if [[ -z $noChannelCopy ]]; then fi # Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out. +mkdir -m 0755 "$mountPoint/etc" touch "$mountPoint/etc/NIXOS" # Switch to the new system configuration. This will install Grub with From e76849dca216654bed475366147636d1e5cb46ff Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:32:12 +0100 Subject: [PATCH 15/35] nixUnstable: 2.0pre5889_c287d731 -> 2.0pre5914_48c192ca --- pkgs/tools/package-management/nix/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index ea4b6bfdb38a2..d8246c5da9367 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -161,12 +161,12 @@ in rec { nixUnstable = (lib.lowPrio (common rec { name = "nix-2.0${suffix}"; - suffix = "pre5889_c287d731"; + suffix = "pre5914_48c192ca"; src = fetchFromGitHub { owner = "NixOS"; repo = "nix"; - rev = "c287d7312103bae5e154c0c4dd493371a22ea207"; - sha256 = "1dwhz93dlk62prh3wfwf8vxfcqjdn21wk0ms65kf5r8ahkfgpgq4"; + rev = "48c192ca2d5bc65b69d2336c8577258f8eb80cf8"; + sha256 = "0xfb9dwyzdy31hbi5y9mlia8wsck2lay0f0phbfalgs4y7i3r3r1"; }; fromGit = true; })) // { perl-bindings = perl-bindings { nix = nixUnstable; }; }; From f64a4af32864ade24784718d64d8cbdc7fc18fcd Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:32:41 +0100 Subject: [PATCH 16/35] Fix comments --- nixos/tests/installer.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 637cbb45709d6..c2b573dd1c346 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -145,7 +145,7 @@ let # Check that the daemon works, and that non-root users can run builds (this will build a new profile generation through the daemon) $machine->succeed("su alice -l -c 'nix-env -iA nixos.procps' >&2"); - # We need to a writable nix-store on next boot. + # We need a writable Nix store on next boot. $machine->copyFileFromHost( "${ makeConfig { inherit bootLoader grubVersion grubDevice grubIdentifier grubUseEfi extraConfig; forceGrubReinstallCount = 1; } }", "/etc/nixos/configuration.nix"); @@ -195,8 +195,7 @@ let }; nodes = { - # The configuration of the machine used to run "nixos-install". It - # also has a web server that simulates cache.nixos.org. + # The configuration of the machine used to run "nixos-install". machine = { config, lib, pkgs, ... }: From 5d8860b919fec1db38298a305f6526476453bf25 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:33:22 +0100 Subject: [PATCH 17/35] nixos-install: Accept --substituters This is useful in tests where we don't have network access. Passing --substituters "" prevents wasting time by checking cache.nixos.org. --- nixos/modules/installer/tools/nixos-install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 40ec491a65f3e..87bc2785f9075 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -16,7 +16,7 @@ mountPoint=/mnt while [ "$#" -gt 0 ]; do i="$1"; shift 1 case "$i" in - --max-jobs|-j|--cores|-I) + --max-jobs|-j|--cores|-I|--substituters) j="$1"; shift 1 extraBuildFlags+=("$i" "$j") ;; @@ -82,14 +82,14 @@ fi trap "rm -rf $tmpdir" EXIT tmpdir="$(mktemp -d)" -subs="auto?trusted=1 https://cache.nixos.org/" +sub="auto?trusted=1" # Build the system configuration in the target filesystem. if [[ -z $system ]]; then echo "building the configuration in $NIXOS_CONFIG..." outLink="$tmpdir/system" nix build --out-link "$outLink" --store "$mountPoint" "${extraBuildFlags[@]}" \ - --substituters "$subs" \ + --extra-substituters "$sub" \ -f '' system -I "nixos-config=$NIXOS_CONFIG" system=$(readlink -f $outLink) fi @@ -98,7 +98,7 @@ fi # this with the previous step once we have a nix-env replacement with # a progress bar. nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \ - --substituters "$subs" \ + --extra-substituters "$sub" \ -p $mountPoint/nix/var/nix/profiles/system --set "$system" # Copy the NixOS/Nixpkgs sources to the target as the initial contents @@ -108,7 +108,7 @@ if [[ -z $noChannelCopy ]]; then if [[ -n $channelPath ]]; then echo "copying channel..." mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root - nix-env --store "$mountPoint" --substituters 'auto?trusted=1' "${extraBuildFlags[@]}" \ + nix-env --store "$mountPoint" "${extraBuildFlags[@]}" --extra-substituters "$sub" \ -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet fi fi From 9802da517fe4da41d68516029b01c5c1f175b3e4 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:35:43 +0100 Subject: [PATCH 18/35] make-disk-image.nix: Use nixos-install again Since nixos-install doesn't require any special privileges anymore, this Just Works. No more need for fakeroot / nixos-prepare-root. --- nixos/lib/make-disk-image.nix | 47 +++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index 8a3d8ed17701a..6269e42793803 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -51,7 +51,7 @@ with lib; let format' = format; in let - format = if (format' == "qcow2-compressed") then "qcow2" else format'; + format = if format' == "qcow2-compressed" then "qcow2" else format'; compress = optionalString (format' == "qcow2-compressed") "-c"; @@ -84,6 +84,7 @@ let format' = format; in let nixpkgs = cleanSource pkgs.path; + # FIXME: merge with channel.nix / make-channel.nix. channelSources = pkgs.runCommand "nixos-${config.system.nixosVersion}" {} '' mkdir -p $out cp -prd ${nixpkgs} $out/nixos @@ -95,13 +96,16 @@ let format' = format; in let echo -n ${config.system.nixosVersionSuffix} > $out/nixos/.version-suffix ''; - metaClosure = pkgs.writeText "meta" '' - ${config.system.build.toplevel} - ${config.nix.package.out} - ${channelSources} - ''; - - prepareImageInputs = with pkgs; [ rsync utillinux parted e2fsprogs lkl fakeroot config.system.build.nixos-prepare-root ] ++ stdenv.initialPath; + binPath = with pkgs; makeBinPath ( + [ rsync + utillinux + parted + e2fsprogs + lkl + config.system.build.nixos-install + config.system.build.nixos-enter + nix + ] ++ stdenv.initialPath); # I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate # image building logic. The comment right below this now appears in 4 different places in nixpkgs :) @@ -109,8 +113,10 @@ let format' = format; in let sources = map (x: x.source) contents; targets = map (x: x.target) contents; + closureInfo = pkgs.closureInfo { rootPaths = [ config.system.build.toplevel channelSources ]; }; + prepareImage = '' - export PATH=${makeBinPath prepareImageInputs} + export PATH=${binPath} # Yes, mkfs.ext4 takes different units in different contexts. Fun. sectorsToKilobytes() { @@ -168,11 +174,14 @@ let format' = format; in let fi done - # TODO: Nix really likes to chown things it creates to its current user... - fakeroot nixos-prepare-root $root ${channelSources} ${config.system.build.toplevel} closure + export HOME=$TMPDIR + + # Provide a Nix database so that nixos-install can copy closures. + export NIX_STATE_DIR=$TMPDIR/state + nix-store --load-db < ${closureInfo}/registration - # fakeroot seems to always give the owner write permissions, which we do not want - find $root/nix/store -mindepth 1 -maxdepth 1 -type f -o -type d | xargs chmod -R a-w + echo "running nixos-install..." + nixos-install --root $root --no-bootloader --no-root-passwd --closure ${config.system.build.toplevel} --substituters "" echo "copying staging root to image..." cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* / @@ -181,7 +190,6 @@ in pkgs.vmTools.runInLinuxVM ( pkgs.runCommand name { preVM = prepareImage; buildInputs = with pkgs; [ utillinux e2fsprogs dosfstools ]; - exportReferencesGraph = [ "closure" metaClosure ]; postVM = '' ${if format == "raw" then '' mv $diskImage $out/${filename} @@ -194,6 +202,8 @@ in pkgs.vmTools.runInLinuxVM ( memSize = 1024; } '' + export PATH=${binPath}:$PATH + rootDisk=${if partitionTableType != "none" then "/dev/vda${rootPartition}" else "/dev/vda"} # Some tools assume these exist @@ -218,15 +228,8 @@ in pkgs.vmTools.runInLinuxVM ( cp ${configFile} /mnt/etc/nixos/configuration.nix ''} - mount --rbind /dev $mountPoint/dev - mount --rbind /proc $mountPoint/proc - mount --rbind /sys $mountPoint/sys - # Set up core system link, GRUB, etc. - NIXOS_INSTALL_BOOTLOADER=1 chroot $mountPoint /nix/var/nix/profiles/system/bin/switch-to-configuration boot - - # TODO: figure out if I should activate, but for now I won't - # chroot $mountPoint /nix/var/nix/profiles/system/activate + NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root $mountPoint -- /nix/var/nix/profiles/system/bin/switch-to-configuration boot # The above scripts will generate a random machine-id and we don't want to bake a single ID into all our images rm -f $mountPoint/etc/machine-id From 0f5d5970b28c9d85e7166f85ecfa3f86064d3f25 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:37:53 +0100 Subject: [PATCH 19/35] nixos-prepare-root: Remove This is no longer needed thanks to Nix 2.0 magic. --- .../installer/tools/nixos-prepare-root.sh | 104 ------------------ nixos/modules/installer/tools/tools.nix | 9 -- 2 files changed, 113 deletions(-) delete mode 100644 nixos/modules/installer/tools/nixos-prepare-root.sh diff --git a/nixos/modules/installer/tools/nixos-prepare-root.sh b/nixos/modules/installer/tools/nixos-prepare-root.sh deleted file mode 100644 index ed5af234fec96..0000000000000 --- a/nixos/modules/installer/tools/nixos-prepare-root.sh +++ /dev/null @@ -1,104 +0,0 @@ -#! @shell@ - -# This script's goal is to perform all "static" setup of a filesystem structure from pre-built store paths. Everything -# in here should run in a non-root context and inside a Nix builder. It's designed primarily to be called from image- -# building scripts and from nixos-install, but because it makes very few assumptions about the context in which it runs, -# it could be useful in other contexts as well. -# -# Current behavior: -# - set up basic filesystem structure -# - make Nix store etc. -# - copy Nix, system, channel, and misceallaneous closures to target Nix store -# - register validity of all paths in the target store -# - set up channel and system profiles - -# Ensure a consistent umask. -umask 0022 - -set -e - -mountPoint="$1" -channel="$2" -system="$3" -shift 3 -closures="$@" - -PATH="@coreutils@/bin:@nix@/bin:@perl@/bin:@utillinux@/bin:@rsync@/bin" - -if ! test -e "$mountPoint"; then - echo "mount point $mountPoint doesn't exist" - exit 1 -fi - -# Create a few of the standard directories in the target root directory. -install -m 0755 -d $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/etc $mountPoint/run $mountPoint/home -install -m 01777 -d $mountPoint/tmp -install -m 0755 -d $mountPoint/tmp/root -install -m 0755 -d $mountPoint/var -install -m 0700 -d $mountPoint/root - -ln -sf /run $mountPoint/var/run - -# Create the necessary Nix directories on the target device -install -m 0755 -d \ - $mountPoint/nix/var/nix/gcroots \ - $mountPoint/nix/var/nix/temproots \ - $mountPoint/nix/var/nix/userpool \ - $mountPoint/nix/var/nix/profiles \ - $mountPoint/nix/var/nix/db \ - $mountPoint/nix/var/log/nix/drvs - -install -m 1775 -d $mountPoint/nix/store - -# All Nix operations below should operate on our target store, not /nix/store. -# N.B: this relies on Nix 1.12 or higher -export NIX_REMOTE=local?root=$mountPoint - -# Copy our closures to the Nix store on the target mount point, unless they're already there. -for i in $closures; do - # We support closures both in the format produced by `nix-store --export` and by `exportReferencesGraph`, - # mostly because there doesn't seem to be a single format that can be produced outside of a nix build and - # inside one. See https://github.com/NixOS/nix/issues/1242 for more discussion. - if [[ "$i" =~ \.closure$ ]]; then - echo "importing serialized closure $i to $mountPoint..." - nix-store --import < $i - else - # There has to be a better way to do this, right? - echo "copying closure $i to $mountPoint..." - for j in $(perl @pathsFromGraph@ $i); do - echo " $j... " - rsync -a $j $mountPoint/nix/store/ - done - - nix-store --option build-users-group root --register-validity < $i - fi -done - -# Create the required /bin/sh symlink; otherwise lots of things -# (notably the system() function) won't work. -if [ ! -x $mountPoint/@shell@ ]; then - echo "Error: @shell@ wasn't included in the closure" >&2 - exit 1 -fi -install -m 0755 -d $mountPoint/bin -ln -sf @shell@ $mountPoint/bin/sh - -echo "setting the system closure to '$system'..." -nix-env "${extraBuildFlags[@]}" -p $mountPoint/nix/var/nix/profiles/system --set "$system" - -ln -sfn /nix/var/nix/profiles/system $mountPoint/run/current-system - -# Copy the NixOS/Nixpkgs sources to the target as the initial contents of the NixOS channel. -install -m 0755 -d $mountPoint/nix/var/nix/profiles -install -m 1777 -d $mountPoint/nix/var/nix/profiles/per-user -install -m 0755 -d $mountPoint/nix/var/nix/profiles/per-user/root - -if [ -z "$noChannelCopy" ] && [ -n "$channel" ]; then - echo "copying channel..." - nix-env --option build-use-substitutes false "${extraBuildFlags[@]}" -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channel" --quiet -fi -install -m 0700 -d $mountPoint/root/.nix-defexpr -ln -sfn /nix/var/nix/profiles/per-user/root/channels $mountPoint/root/.nix-defexpr/channels - -# Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out. -touch $mountPoint/etc/NIXOS diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 7be59e4ce2589..cdd561b68403e 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -18,14 +18,6 @@ let src = ./nixos-build-vms/nixos-build-vms.sh; }; - nixos-prepare-root = makeProg { - name = "nixos-prepare-root"; - src = ./nixos-prepare-root.sh; - - nix = pkgs.nixUnstable; - inherit (pkgs) perl pathsFromGraph rsync utillinux coreutils; - }; - nixos-install = makeProg { name = "nixos-install"; src = ./nixos-install.sh; @@ -75,7 +67,6 @@ in environment.systemPackages = [ nixos-build-vms - nixos-prepare-root nixos-install nixos-rebuild nixos-generate-config From 847ea13be390923a7b7cb8766b1ab8e8465a18eb Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 19:47:03 +0100 Subject: [PATCH 20/35] Doh --- nixos/modules/installer/tools/nixos-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 87bc2785f9075..b51779cfb9572 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -114,7 +114,7 @@ if [[ -z $noChannelCopy ]]; then fi # Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out. -mkdir -m 0755 "$mountPoint/etc" +mkdir -m 0755 -p "$mountPoint/etc" touch "$mountPoint/etc/NIXOS" # Switch to the new system configuration. This will install Grub with From 32af695a228669a6b35160f2b424417428cebcfa Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 22 Feb 2018 16:40:02 +0100 Subject: [PATCH 21/35] nix: 1.11.16 -> 2.0 --- .../modules/installer/tools/nix-fallback-paths.nix | 8 ++++---- pkgs/tools/package-management/nix/default.nix | 14 +++++++++++--- pkgs/top-level/all-packages.nix | 11 ++++------- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix index 131c779b1ab1c..4774cf39c0304 100644 --- a/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,6 +1,6 @@ { - x86_64-linux = "/nix/store/gy4yv67gv3j6in0lalw37j353zdmfcwm-nix-1.11.16"; - i686-linux = "/nix/store/ifmyq5ryfxhhrzh62hiq65xyz1fwffga-nix-1.11.16"; - aarch64-linux = "/nix/store/y9mfv3sx75mbfibf1zna1kq9v98fk2nb-nix-1.11.16"; - x86_64-darwin = "/nix/store/hwpp7kia2f0in5ns2hiw41q38k30jpj2-nix-1.11.16"; + x86_64-linux = "/nix/store/6p2gambjac7xdkd2a7w1dsxdk1q5cq4d-nix-2.0"; + i686-linux = "/nix/store/zznnaijjk3nwx0cmpczxsvngmqzhl7r4-nix-2.0"; + aarch64-linux = "/nix/store/ci96w9kxfkmlc7x2vwqiz4da0r6abxnq-nix-2.0"; + x86_64-darwin = "/nix/store/xmi4fylvx4qc79ji9v5q3zfy9vfdy4sv-nix-2.0"; } diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index d8246c5da9367..2eb753e54b4d5 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -149,13 +149,21 @@ let in rec { - nix = nixUnstable; + nix = nixStable; - nixStable = (common rec { + nix1 = (common rec { name = "nix-1.11.16"; src = fetchurl { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; - sha256 = "0ca5782fc37d62238d13a620a7b4bff6a200bab1bd63003709249a776162357c"; + sha256 = "7024d327314bf92c1d3e6cccd944929828a44b24093954036bfb0115a92f5a14"; + }; + }) // { perl-bindings = nixStable; }; + + nixStable = (common rec { + name = "nix-2.0"; + src = fetchurl { + url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; + sha256 = "7024d327314bf92c1d3e6cccd944929828a44b24093954036bfb0115a92f5a14"; }; }) // { perl-bindings = nixStable; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 92f81ee286132..4544eb15cf689 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3950,9 +3950,7 @@ with pkgs; p7zip = callPackage ../tools/archivers/p7zip { }; - packagekit = callPackage ../tools/package-management/packagekit { - nix = nixUnstable; - }; + packagekit = callPackage ../tools/package-management/packagekit { }; packetdrill = callPackage ../tools/networking/packetdrill { }; @@ -6815,8 +6813,6 @@ with pkgs; mujs = callPackage ../development/interpreters/mujs { }; nix-exec = callPackage ../development/interpreters/nix-exec { - nix = nixUnstable; - git = gitMinimal; }; @@ -10350,7 +10346,7 @@ with pkgs; }; libnghttp2 = nghttp2.lib; - nix-plugins = callPackage ../development/libraries/nix-plugins {}; + nix-plugins = callPackage ../development/libraries/nix-plugins { }; nlohmann_json = callPackage ../development/libraries/nlohmann_json { }; @@ -19852,6 +19848,7 @@ with pkgs; stateDir = config.nix.stateDir or "/nix/var"; }) nix + nix1 nixStable nixUnstable; @@ -19861,7 +19858,7 @@ with pkgs; nixui = callPackage ../tools/package-management/nixui { node_webkit = nwjs_0_12; }; - nix-bundle = callPackage ../tools/package-management/nix-bundle { nix = nixUnstable; }; + nix-bundle = callPackage ../tools/package-management/nix-bundle { }; nix-delegate = haskell.lib.justStaticExecutables haskellPackages.nix-delegate; nix-deploy = haskell.lib.justStaticExecutables haskellPackages.nix-deploy; From bae19ef9f64cce817a103e659fb78ce416a0163b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 22 Feb 2018 17:20:59 +0100 Subject: [PATCH 22/35] Doh --- pkgs/tools/package-management/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index 2eb753e54b4d5..f837a699e2a98 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -155,7 +155,7 @@ in rec { name = "nix-1.11.16"; src = fetchurl { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; - sha256 = "7024d327314bf92c1d3e6cccd944929828a44b24093954036bfb0115a92f5a14"; + sha256 = "0ca5782fc37d62238d13a620a7b4bff6a200bab1bd63003709249a776162357c"; }; }) // { perl-bindings = nixStable; }; From fab12188b855d9ac1f64f486ee38f1cf7d53c8f4 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 22 Feb 2018 17:26:16 +0100 Subject: [PATCH 23/35] Doh --- pkgs/tools/package-management/nix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index f837a699e2a98..9f41e00ac0e90 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -165,7 +165,7 @@ in rec { url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz"; sha256 = "7024d327314bf92c1d3e6cccd944929828a44b24093954036bfb0115a92f5a14"; }; - }) // { perl-bindings = nixStable; }; + }) // { perl-bindings = perl-bindings { nix = nixStable; }; }; nixUnstable = (lib.lowPrio (common rec { name = "nix-2.0${suffix}"; From 776a5e6ebfacc6831527bc6c3c1a58ef2087c819 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 8 Feb 2018 13:56:54 +0100 Subject: [PATCH 24/35] makeInitrd: Use closureInfo --- pkgs/build-support/closure-info.nix | 2 +- pkgs/build-support/kernel/make-initrd.nix | 9 +++------ pkgs/build-support/kernel/make-initrd.sh | 6 +----- pkgs/build-support/kernel/paths-from-graph.pl | 2 ++ 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/pkgs/build-support/closure-info.nix b/pkgs/build-support/closure-info.nix index 54b1fe59b66d3..25978e974cf58 100644 --- a/pkgs/build-support/closure-info.nix +++ b/pkgs/build-support/closure-info.nix @@ -4,7 +4,7 @@ # "nix-store --load-db" and "nix-store --register-validity # --hash-given". -{ stdenv, coreutils, jq, perl, pathsFromGraph }: +{ stdenv, coreutils, jq }: { rootPaths }: diff --git a/pkgs/build-support/kernel/make-initrd.nix b/pkgs/build-support/kernel/make-initrd.nix index 5353ae8284107..a4d162dc8b519 100644 --- a/pkgs/build-support/kernel/make-initrd.nix +++ b/pkgs/build-support/kernel/make-initrd.nix @@ -12,7 +12,7 @@ # `contents = {object = ...; symlink = /init;}' is a typical # argument. -{ stdenv, perl, cpio, contents, compressor, prepend, ubootTools +{ stdenv, closureInfo, cpio, contents, compressor, prepend, ubootTools , hostPlatform }: @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { makeUInitrd = hostPlatform.platform.kernelTarget == "uImage"; - nativeBuildInputs = [ perl cpio ] + nativeBuildInputs = [ cpio ] ++ stdenv.lib.optional makeUInitrd ubootTools; # !!! should use XML. @@ -30,10 +30,7 @@ stdenv.mkDerivation rec { symlinks = map (x: x.symlink) contents; suffices = map (x: if x ? suffix then x.suffix else "none") contents; - # For obtaining the closure of `contents'. - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x.symlink) x.object]) contents; - pathsFromGraph = ./paths-from-graph.pl; + closure = closureInfo { rootPaths = (map (x: x.object) contents); }; inherit compressor prepend; } diff --git a/pkgs/build-support/kernel/make-initrd.sh b/pkgs/build-support/kernel/make-initrd.sh index 0aeaedeb37243..2e64eeb81c1b1 100644 --- a/pkgs/build-support/kernel/make-initrd.sh +++ b/pkgs/build-support/kernel/make-initrd.sh @@ -25,13 +25,9 @@ for ((n = 0; n < ${#objects[*]}; n++)); do done -# Get the paths in the closure of `object'. -storePaths=$(perl $pathsFromGraph closure-*) - - # Paths in cpio archives *must* be relative, otherwise the kernel # won't unpack 'em. -(cd root && cp -prd --parents $storePaths .) +(cd root && cp -prd --parents $(cat $closure/store-paths) .) # Put the closure in a gzipped cpio archive. diff --git a/pkgs/build-support/kernel/paths-from-graph.pl b/pkgs/build-support/kernel/paths-from-graph.pl index 747e1edec8110..1465b73fddb66 100644 --- a/pkgs/build-support/kernel/paths-from-graph.pl +++ b/pkgs/build-support/kernel/paths-from-graph.pl @@ -1,3 +1,5 @@ +# NOTE: this script is deprecated. Use closureInfo instead. + # Parses a /nix/store/*-closure file and prints # various information. # By default, the nodes in the graph are printed to stdout. From adf8074abeed31453739dcecdd4f4a32c8c53eb6 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Fri, 23 Feb 2018 10:52:37 -0500 Subject: [PATCH 25/35] closureInfo: Report the total closure size. This can be useful for e.g. preallocating disk image sizes. --- pkgs/build-support/closure-info.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/build-support/closure-info.nix b/pkgs/build-support/closure-info.nix index 54b1fe59b66d3..96c37bccf2e94 100644 --- a/pkgs/build-support/closure-info.nix +++ b/pkgs/build-support/closure-info.nix @@ -27,6 +27,7 @@ stdenv.mkDerivation { mkdir $out + jq -r ".closure | map(.narSize) | add" < .attrs.json > $out/total-nar-size jq -r '.closure | map([.path, .narHash, .narSize, "", (.references | length)] + .references) | add | map("\(.)\n") | add' < .attrs.json | head -n -1 > $out/registration jq -r .closure[].path < .attrs.json > $out/store-paths ''; From cc2eeef4abfaf484363d43d6bcce510f0f16dc1d Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 19:58:23 +0100 Subject: [PATCH 26/35] Fix installing the Nixpkgs channel on the installation media And test that it got installed correctly. --- nixos/doc/manual/man-nixos-install.xml | 6 +++--- nixos/lib/make-disk-image.nix | 3 ++- nixos/modules/installer/tools/nixos-install.sh | 11 ++++++++--- nixos/tests/boot.nix | 5 +++++ 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml index 15c603256ca71..c9887146989b1 100644 --- a/nixos/doc/manual/man-nixos-install.xml +++ b/nixos/doc/manual/man-nixos-install.xml @@ -26,8 +26,8 @@ root - - closure + + path @@ -118,7 +118,7 @@ it. - + If this option is provided, nixos-install will install the specified closure rather than attempt to build one from /mnt/etc/nixos/configuration.nix. diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index 4da863469032d..ebfb09db7b7e4 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -181,7 +181,8 @@ let format' = format; in let nix-store --load-db < ${closureInfo}/registration echo "running nixos-install..." - nixos-install --root $root --no-bootloader --no-root-passwd --closure ${config.system.build.toplevel} --substituters "" + nixos-install --root $root --no-bootloader --no-root-passwd \ + --system ${config.system.build.toplevel} --channel ${channelSources} --substituters "" echo "copying staging root to image..." cptofs -p ${optionalString (partitionTableType != "none") "-P ${rootPartition}"} -t ${fsType} -i $diskImage $root/* / diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index b51779cfb9572..87013dc8f9779 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -12,6 +12,7 @@ umask 0022 extraBuildFlags=() mountPoint=/mnt +channelPath= while [ "$#" -gt 0 ]; do i="$1"; shift 1 @@ -28,10 +29,12 @@ while [ "$#" -gt 0 ]; do --root) mountPoint="$1"; shift 1 ;; - --closure) - # FIXME: --closure is a misnomer + --system|--closure) system="$1"; shift 1 ;; + --channel) + channelPath="$1"; shift 1 + ;; --no-channel-copy) noChannelCopy=1 ;; @@ -104,7 +107,9 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \ # Copy the NixOS/Nixpkgs sources to the target as the initial contents # of the NixOS channel. if [[ -z $noChannelCopy ]]; then - channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")" + if [[ -z $channelPath ]]; then + channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")" + fi if [[ -n $channelPath ]]; then echo "copying channel..." mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root diff --git a/nixos/tests/boot.nix b/nixos/tests/boot.nix index 0ba8a2704e637..301d9d0f817f8 100644 --- a/nixos/tests/boot.nix +++ b/nixos/tests/boot.nix @@ -25,6 +25,11 @@ let $machine->start; $machine->waitForUnit("multi-user.target"); $machine->succeed("nix verify -r --no-trust /run/current-system"); + + # Test whether the channel got installed correctly. + $machine->succeed("nix-instantiate --dry-run '' -A hello"); + $machine->succeed("nix-env --dry-run -iA nixos.procps"); + $machine->shutdown; ''; }; From 0d0021588015105696eb4981da7a835ec6b2e45b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 19:59:26 +0100 Subject: [PATCH 27/35] Cleanup --- pkgs/build-support/closure-info.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/closure-info.nix b/pkgs/build-support/closure-info.nix index 2154432b7e0af..58d70b4b0631e 100644 --- a/pkgs/build-support/closure-info.nix +++ b/pkgs/build-support/closure-info.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation { builder = builtins.toFile "builder" '' - if [ -e .attrs.sh ]; then . .attrs.sh; fi + . .attrs.sh out=''${outputs[out]} From 212dd84dd247e83231ffbcc7130fd92a95060702 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:03:12 +0100 Subject: [PATCH 28/35] Cleanup --- nixos/modules/services/misc/nix-daemon.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index a169b0f2c7841..72b70b28c80f5 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -33,9 +33,9 @@ let sh = pkgs.stdenv.shell; binshDeps = pkgs.writeReferencesToFile sh; in - pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; inherit binshDeps; } '' + pkgs.runCommand "nix.conf" { extraOptions = cfg.extraOptions; } '' ${optionalString (!isNix20) '' - extraPaths=$(for i in $(cat binshDeps); do if test -d $i; then echo $i; fi; done) + extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done) ''} cat > $out < Date: Tue, 27 Feb 2018 20:09:07 +0100 Subject: [PATCH 29/35] Add the boot test to release-small.nix --- nixos/release-small.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/release-small.nix b/nixos/release-small.nix index 2b532c70763fa..4bfb9a423f7d5 100644 --- a/nixos/release-small.nix +++ b/nixos/release-small.nix @@ -50,6 +50,10 @@ in rec { separateBoot simple; }; + boot = { + inherit (nixos'.tests.boot) + biosCdrom; + }; }; }; From b14d9e15686366cf456c9d744cfc90759ea1b3e7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:20:37 +0100 Subject: [PATCH 30/35] Add jq to the installation media This is required by closureInfo. --- nixos/modules/profiles/installation-device.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 506a6ee3eaa81..43f06c219f824 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -72,7 +72,13 @@ with lib; # To speed up installation a little bit, include the complete # stdenv in the Nix store on the CD. - system.extraDependencies = with pkgs; [ stdenv stdenvNoCC busybox ]; + system.extraDependencies = with pkgs; + [ + stdenv + stdenvNoCC # for runCommand + busybox + jq # for closureInfo + ]; # Show all debug messages from the kernel but don't log refused packets # because we have the firewall enabled. This makes installs from the From 84f93dd07ab91a4089de2eb329e1bc080fc5a294 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:21:23 +0100 Subject: [PATCH 31/35] nixos-install: Create /root/.nix-defexpr This was previously done by nixos-prepare-root. --- nixos/modules/installer/tools/nixos-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 87013dc8f9779..22c1e0fe9a34b 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -115,6 +115,8 @@ if [[ -z $noChannelCopy ]]; then mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root nix-env --store "$mountPoint" "${extraBuildFlags[@]}" --extra-substituters "$sub" \ -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet + install -m 0700 -d $mountPoint/root/.nix-defexpr + ln -sfn /nix/var/nix/profiles/per-user/root/channels $mountPoint/root/.nix-defexpr/channels fi fi From 9e8cf40c7e9220900888fa898da11062ffe4f657 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:22:14 +0100 Subject: [PATCH 32/35] nixos/tests/installer.nix: Don't use a writable store This is no longer needed. --- nixos/tests/installer.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index c2b573dd1c346..3e49c5b96682c 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -207,7 +207,6 @@ let virtualisation.diskSize = 8 * 1024; virtualisation.memorySize = 1024; - virtualisation.writableStore = true; # Use a small /dev/vdb as the root disk for the # installer. This ensures the target disk (/dev/vda) is From 9fc786c3a44cf660adaf67e3d4950ff051cb6418 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:28:49 +0100 Subject: [PATCH 33/35] Create /home with the right permissions Without this, it will be created with 700 permissions. --- nixos/modules/config/users-groups.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 92670ba31f507..11e969b760e03 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -529,12 +529,13 @@ in { system.activationScripts.users = stringAfter [ "stdio" ] '' + install -m 0700 -d /root + install -m 0755 -d /home + ${pkgs.perl}/bin/perl -w \ -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \ -I${pkgs.perlPackages.JSON}/lib/perl5/site_perl \ ${./update-users-groups.pl} ${spec} - - install -m 0700 -d /root ''; # for backwards compatibility From ceb0a28e8c2d3f3bd0f57dda74f185a570522ecf Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 27 Feb 2018 20:30:06 +0100 Subject: [PATCH 34/35] Don't try hashed mirrors in the installer test --- nixos/tests/installer.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 3e49c5b96682c..c12919540a30c 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -243,6 +243,11 @@ let ++ optionals (bootLoader == "grub" && grubVersion == 2) [ pkgs.grub2 pkgs.grub2_efi ]; nix.binaryCaches = mkForce [ ]; + nix.extraOptions = + '' + hashed-mirrors = + connect-timeout = 1 + ''; }; }; From 729d72f9e421134b58801772f59af990e5a35fee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 3 Mar 2018 17:48:02 +0100 Subject: [PATCH 35/35] 18.03 release notes: nix-2.0 by default --- nixos/doc/manual/release-notes/rl-1803.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index d5150d25d3752..ee4a54aa46c8f 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -18,6 +18,13 @@ has the following highlights: + + + Nix now defaults to 2.0; see its + release notes. + + + Linux kernel defaults to the 4.14 branch (it was 4.9).