movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 03:23:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/etc-overlay: always create the metadata mountpoints in /run

Browse source 
This avoids the dependence on the presence of /tmp, which causes issues
with nixos-install
This commit is contained in:
r-vdp 2024-12-12 10:14:23 +01:00
parent 2187d1970e
commit df7c405f32
No known key found for this signature in database
4 changed files with 26 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/system/etc/etc-activation.nix
View file

@ -47,7 +47,7 @@
boot.initrd.systemd = { boot.initrd.systemd = {
mounts = [ mounts = [
{ {
where = "/run/etc-metadata"; where = "/run/nixos-etc-metadata";
what = "/etc-metadata-image"; what = "/etc-metadata-image";
type = "erofs"; type = "erofs";
options = "loop,ro"; options = "loop,ro";
@ -82,7 +82,7 @@
"relatime" "relatime"
"redirect_dir=on" "redirect_dir=on"
"metacopy=on" "metacopy=on"
"lowerdir=/run/etc-metadata::/etc-basedir" "lowerdir=/run/nixos-etc-metadata::/etc-basedir"
] ]
++ lib.optionals config.system.etc.overlay.mutable [ ++ lib.optionals config.system.etc.overlay.mutable [
"rw" "rw"
@ -112,7 +112,7 @@
unitConfig = { unitConfig = {
RequiresMountsFor = [ RequiresMountsFor = [
"/sysroot/nix/store" "/sysroot/nix/store"
"/run/etc-metadata" "/run/nixos-etc-metadata"
]; ];
DefaultDependencies = false; DefaultDependencies = false;
}; };

6
nixos/modules/system/etc/etc.nix
View file

@ -274,7 +274,7 @@ in
chmod --recursive 0755 /.rw-etc chmod --recursive 0755 /.rw-etc
''} ''}
tmpMetadataMount=$(TMPDIR="" mktemp --tmpdir=/tmp --directory -t nixos-etc-metadata.XXXXXXXXXX) tmpMetadataMount=$(TMPDIR="/run" mktemp --directory -t nixos-etc-metadata.XXXXXXXXXX)
mount --type erofs -o ro ${config.system.build.etcMetadataImage} $tmpMetadataMount mount --type erofs -o ro ${config.system.build.etcMetadataImage} $tmpMetadataMount
# There was no previous /etc mounted. This happens when we're called # There was no previous /etc mounted. This happens when we're called
@ -287,7 +287,7 @@ in
# Mount the new /etc overlay to a temporary private mount. # Mount the new /etc overlay to a temporary private mount.
# This needs the indirection via a private bind mount because you # This needs the indirection via a private bind mount because you
# cannot move shared mounts. # cannot move shared mounts.
tmpEtcMount=$(TMPDIR="" mktemp --tmpdir=/tmp --directory -t nixos-etc.XXXXXXXXXX) tmpEtcMount=$(TMPDIR="/run" mktemp --directory -t nixos-etc.XXXXXXXXXX)
mount --bind --make-private $tmpEtcMount $tmpEtcMount mount --bind --make-private $tmpEtcMount $tmpEtcMount
mount --type overlay overlay \ mount --type overlay overlay \
--options lowerdir=$tmpMetadataMount::${config.system.build.etcBasedir},${etcOverlayOptions} \ --options lowerdir=$tmpMetadataMount::${config.system.build.etcBasedir},${etcOverlayOptions} \
@ -341,7 +341,7 @@ in
# mounts. So we'll just find all mounts of type erofs and filter on the # mounts. So we'll just find all mounts of type erofs and filter on the
# name of the mountpoint. # name of the mountpoint.
findmnt --type erofs --list --kernel --output TARGET | while read -r mountPoint; do findmnt --type erofs --list --kernel --output TARGET | while read -r mountPoint; do
if [[ "$mountPoint" =~ ^/tmp/nixos-etc-metadata\..{10}$ && if [[ ("$mountPoint" =~ ^/run/nixos-etc-metadata\..{10}$ || "$mountPoint" =~ ^/run/nixos-etc-metadata$ ) &&
"$mountPoint" != "$tmpMetadataMount" ]]; then "$mountPoint" != "$tmpMetadataMount" ]]; then
umount --lazy "$mountPoint" umount --lazy "$mountPoint"
rmdir "$mountPoint" rmdir "$mountPoint"

16
nixos/tests/activation/etc-overlay-immutable.nix
View file

@ -39,8 +39,8 @@
'' ''
newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip() newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip()
with subtest("/run/etc-metadata/ is mounted"): with subtest("/run/nixos-etc-metadata/ is mounted"):
print(machine.succeed("mountpoint /run/etc-metadata")) print(machine.succeed("mountpoint /run/nixos-etc-metadata"))
with subtest("No temporary files leaked into stage 2"): with subtest("No temporary files leaked into stage 2"):
machine.succeed("[ ! -e /etc-metadata-image ]") machine.succeed("[ ! -e /etc-metadata-image ]")
@ -91,10 +91,14 @@
machine.succeed(f"{newergen} switch") machine.succeed(f"{newergen} switch")
tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip() tmpMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc\\..*'").rstrip()
metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip() print(tmpMounts)
metaMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc-metadata.*'").rstrip()
print(metaMounts)
assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts" numOfTmpMounts = len(tmpMounts.splitlines())
assert metaMounts == "1", f"Found {metaMounts} remaining metamounts" numOfMetaMounts = len(metaMounts.splitlines())
assert numOfTmpMounts == 0, f"Found {numOfTmpMounts} remaining tmpmounts"
assert numOfMetaMounts == 1, f"Found {numOfMetaMounts} remaining metamounts"
''; '';
} }

16
nixos/tests/activation/etc-overlay-mutable.nix
View file

@ -27,8 +27,8 @@
'' ''
newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip() newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip()
with subtest("/run/etc-metadata/ is mounted"): with subtest("/run/nixos-etc-metadata/ is mounted"):
print(machine.succeed("mountpoint /run/etc-metadata")) print(machine.succeed("mountpoint /run/nixos-etc-metadata"))
with subtest("No temporary files leaked into stage 2"): with subtest("No temporary files leaked into stage 2"):
machine.succeed("[ ! -e /etc-metadata-image ]") machine.succeed("[ ! -e /etc-metadata-image ]")
@ -68,10 +68,14 @@
machine.succeed(f"{newergen} switch") machine.succeed(f"{newergen} switch")
assert machine.succeed("cat /etc/newergen") == "newergen" assert machine.succeed("cat /etc/newergen") == "newergen"
tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip() tmpMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc\\..*'").rstrip()
metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip() print(tmpMounts)
metaMounts = machine.succeed("find /run -maxdepth 1 -type d -regex '/run/nixos-etc-metadata.*'").rstrip()
print(metaMounts)
assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts" numOfTmpMounts = len(tmpMounts.splitlines())
assert metaMounts == "1", f"Found {metaMounts} remaining metamounts" numOfMetaMounts = len(metaMounts.splitlines())
assert numOfTmpMounts == 0, f"Found {numOfTmpMounts} remaining tmpmounts"
assert numOfMetaMounts == 1, f"Found {numOfMetaMounts} remaining metamounts"
''; '';
} }