diff --git a/nixos/modules/system/etc/etc-activation.nix b/nixos/modules/system/etc/etc-activation.nix index acf8c99eab91..59fa2faa2b80 100644 --- a/nixos/modules/system/etc/etc-activation.nix +++ b/nixos/modules/system/etc/etc-activation.nix @@ -47,7 +47,7 @@ boot.initrd.systemd = { mounts = [ { - where = "/run/etc-metadata"; + where = "/run/nixos-etc-metadata"; what = "/etc-metadata-image"; type = "erofs"; options = "loop,ro"; @@ -82,7 +82,7 @@ "relatime" "redirect_dir=on" "metacopy=on" - "lowerdir=/run/etc-metadata::/etc-basedir" + "lowerdir=/run/nixos-etc-metadata::/etc-basedir" ] ++ lib.optionals config.system.etc.overlay.mutable [ "rw" @@ -112,7 +112,7 @@ unitConfig = { RequiresMountsFor = [ "/sysroot/nix/store" - "/run/etc-metadata" + "/run/nixos-etc-metadata" ]; DefaultDependencies = false; }; diff --git a/nixos/modules/system/etc/etc.nix b/nixos/modules/system/etc/etc.nix index 062e414d5d6b..7c7db061359c 100644 --- a/nixos/modules/system/etc/etc.nix +++ b/nixos/modules/system/etc/etc.nix @@ -274,7 +274,7 @@ in chmod --recursive 0755 /.rw-etc ''} - tmpMetadataMount=$(TMPDIR="" mktemp --tmpdir=/tmp --directory -t nixos-etc-metadata.XXXXXXXXXX) + tmpMetadataMount=$(TMPDIR="/run" mktemp --directory -t nixos-etc-metadata.XXXXXXXXXX) mount --type erofs -o ro ${config.system.build.etcMetadataImage} $tmpMetadataMount # There was no previous /etc mounted. This happens when we're called @@ -287,7 +287,7 @@ in # Mount the new /etc overlay to a temporary private mount. # This needs the indirection via a private bind mount because you # cannot move shared mounts. - tmpEtcMount=$(TMPDIR="" mktemp --tmpdir=/tmp --directory -t nixos-etc.XXXXXXXXXX) + tmpEtcMount=$(TMPDIR="/run" mktemp --directory -t nixos-etc.XXXXXXXXXX) mount --bind --make-private $tmpEtcMount $tmpEtcMount mount --type overlay overlay \ --options lowerdir=$tmpMetadataMount::${config.system.build.etcBasedir},${etcOverlayOptions} \ @@ -341,7 +341,7 @@ in # mounts. So we'll just find all mounts of type erofs and filter on the # name of the mountpoint. findmnt --type erofs --list --kernel --output TARGET | while read -r mountPoint; do - if [[ "$mountPoint" =~ ^/tmp/nixos-etc-metadata\..{10}$ && + if [[ ("$mountPoint" =~ ^/run/nixos-etc-metadata\..{10}$ || "$mountPoint" =~ ^/run/nixos-etc-metadata$ ) && "$mountPoint" != "$tmpMetadataMount" ]]; then umount --lazy "$mountPoint" rmdir "$mountPoint" diff --git a/nixos/tests/activation/etc-overlay-immutable.nix b/nixos/tests/activation/etc-overlay-immutable.nix index da1ea317440c..2adb91114014 100644 --- a/nixos/tests/activation/etc-overlay-immutable.nix +++ b/nixos/tests/activation/etc-overlay-immutable.nix @@ -39,8 +39,8 @@ '' newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip() - with subtest("/run/etc-metadata/ is mounted"): - print(machine.succeed("mountpoint /run/etc-metadata")) + with subtest("/run/nixos-etc-metadata/ is mounted"): + print(machine.succeed("mountpoint /run/nixos-etc-metadata")) with subtest("No temporary files leaked into stage 2"): machine.succeed("[ ! -e /etc-metadata-image ]") @@ -91,10 +91,14 @@ machine.succeed(f"{newergen} switch") - tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip() - metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip() + tmpMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc\\..*'").rstrip() + print(tmpMounts) + metaMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc-metadata.*'").rstrip() + print(metaMounts) - assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts" - assert metaMounts == "1", f"Found {metaMounts} remaining metamounts" + numOfTmpMounts = len(tmpMounts.splitlines()) + numOfMetaMounts = len(metaMounts.splitlines()) + assert numOfTmpMounts == 0, f"Found {numOfTmpMounts} remaining tmpmounts" + assert numOfMetaMounts == 1, f"Found {numOfMetaMounts} remaining metamounts" ''; } diff --git a/nixos/tests/activation/etc-overlay-mutable.nix b/nixos/tests/activation/etc-overlay-mutable.nix index be87e1120894..5dc27dedb30b 100644 --- a/nixos/tests/activation/etc-overlay-mutable.nix +++ b/nixos/tests/activation/etc-overlay-mutable.nix @@ -27,8 +27,8 @@ '' newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip() - with subtest("/run/etc-metadata/ is mounted"): - print(machine.succeed("mountpoint /run/etc-metadata")) + with subtest("/run/nixos-etc-metadata/ is mounted"): + print(machine.succeed("mountpoint /run/nixos-etc-metadata")) with subtest("No temporary files leaked into stage 2"): machine.succeed("[ ! -e /etc-metadata-image ]") @@ -68,10 +68,14 @@ machine.succeed(f"{newergen} switch") assert machine.succeed("cat /etc/newergen") == "newergen" - tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip() - metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip() + tmpMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc\\..*'").rstrip() + print(tmpMounts) + metaMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc-metadata.*'").rstrip() + print(metaMounts) - assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts" - assert metaMounts == "1", f"Found {metaMounts} remaining metamounts" + numOfTmpMounts = len(tmpMounts.splitlines()) + numOfMetaMounts = len(metaMounts.splitlines()) + assert numOfTmpMounts == 0, f"Found {numOfTmpMounts} remaining tmpmounts" + assert numOfMetaMounts == 1, f"Found {numOfMetaMounts} remaining metamounts" ''; }