commit 10222e1e37a03c86fdb566eb6e19ab6fb83fff2f · pyrox.dev/nixpkgs

+14 -12

nixos/modules/installer/tools/nixos-install.sh

···

       188
       188
        
       mkdir -m 0755 -p "$mountPoint/etc"

     

       189
       189
        
       touch "$mountPoint/etc/NIXOS"

     

       190
       190
        
       

     

       191
       191
       -
       # Create a bind mount for each of the mount points inside the target file

     

       192
       192
       -
       # system. This preserves the validity of their absolute paths after changing

     

       193
       193
       -
       # the root with `nixos-enter`.

     

       194
       194
       -
       # Without this the bootloader installation may fail due to options that

     

       195
       195
       -
       # contain paths referenced during evaluation, like initrd.secrets.

     

       196
       196
       -
       if (( EUID == 0 )); then

     

       197
       197
       -
           mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint"

     

       198
       198
       -
           mount --make-rslave "$mountPoint$mountPoint"

     

       199
       199
       -
           trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT

     

       200
       200
       -
       fi

     

       201
       201
       -
       

     

       202
       191
        
       # Switch to the new system configuration.  This will install Grub with

     

       203
       192
        
       # a menu default pointing at the kernel/initrd/etc of the new

     

       204
       193
        
       # configuration.

     
···

       206
       195
        
           echo "installing the boot loader..."

     

       207
       196
        
           # Grub needs an mtab.

     

       208
       197
        
           ln -sfn /proc/mounts "$mountPoint"/etc/mtab

     

       209
       209
       -
           NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot

     

       198
       198
       +
           export mountPoint

     

       199
       199
       +
           NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF'

     

       200
       200
       +
             # Create a bind mount for each of the mount points inside the target file

     

       201
       201
       +
             # system. This preserves the validity of their absolute paths after changing

     

       202
       202
       +
             # the root with `nixos-enter`.

     

       203
       203
       +
             # Without this the bootloader installation may fail due to options that

     

       204
       204
       +
             # contain paths referenced during evaluation, like initrd.secrets.

     

       205
       205
       +
             # when not root, re-execute the script in an unshared namespace

     

       206
       206
       +
             mount --rbind --mkdir / "$mountPoint"

     

       207
       207
       +
             mount --make-rslave "$mountPoint"

     

       208
       208
       +
             /run/current-system/bin/switch-to-configuration boot

     

       209
       209
       +
             umount -R "$mountPoint" && rmdir "$mountPoint"

     

       210
       210
       +
       EOF

     

       211
       211
       +
       )"

     

       210
       212
        
       fi

     

       211
       213
        
       

     

       212
       214
        
       # Ask the user to set a root password, but only if the passwd command

+22 -7

nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py

···

       42
       42
        
           else:

     

       43
       43
        
               return d

     

       44
       44
        
       

     

       45
       45
       -
       BOOT_ENTRY = """title @distroName@{profile}{specialisation}

     

       45
       45
       +
       BOOT_ENTRY = """title {title}

     

       46
       46
        
       version Generation {generation} {description}

     

       47
       47
        
       linux {kernel}

     

       48
       48
        
       initrd {initrd}

     
···

       106
       106
        
           return description

     

       107
       107
        
       

     

       108
       108
        
       

     

       109
       109
       -
       def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str], machine_id: str) -> None:

     

       109
       109
       +
       def write_entry(profile: Optional[str], generation: int, specialisation: Optional[str],

     

       110
       110
       +
                       machine_id: str, current: bool) -> None:

     

       110
       111
        
           kernel = copy_from_profile(profile, generation, specialisation, "kernel")

     

       111
       112
        
           initrd = copy_from_profile(profile, generation, specialisation, "initrd")

     

       113
       113
       +
       

     

       114
       114
       +
           title = "@distroName@{profile}{specialisation}".format(

     

       115
       115
       +
               profile=" [" + profile + "]" if profile else "",

     

       116
       116
       +
               specialisation=" (%s)" % specialisation if specialisation else "")

     

       117
       117
       +
       

     

       112
       118
        
           try:

     

       113
       119
        
               append_initrd_secrets = profile_path(profile, generation, specialisation, "append-initrd-secrets")

     

       114
       120
        
               subprocess.check_call([append_initrd_secrets, "@efiSysMountPoint@%s" % (initrd)])

     

       115
       121
        
           except FileNotFoundError:

     

       116
       122
        
               pass

     

       123
       123
       +
           except subprocess.CalledProcessError:

     

       124
       124
       +
               if current:

     

       125
       125
       +
                   print("failed to create initrd secrets!", file=sys.stderr)

     

       126
       126
       +
                   sys.exit(1)

     

       127
       127
       +
               else:

     

       128
       128
       +
                   print("warning: failed to create initrd secrets "

     

       129
       129
       +
                         f'for "{title} - Configuration {generation}", an older generation', file=sys.stderr)

     

       130
       130
       +
                   print("note: this is normal after having removed "

     

       131
       131
       +
                         "or renamed a file in `boot.initrd.secrets`", file=sys.stderr)

     

       117
       132
        
           entry_file = "@efiSysMountPoint@/loader/entries/%s" % (

     

       118
       133
        
               generation_conf_filename(profile, generation, specialisation))

     

       119
       134
        
           generation_dir = os.readlink(system_dir(profile, generation, specialisation))

     
···

       123
       138
        
           with open("%s/kernel-params" % (generation_dir)) as params_file:

     

       124
       139
        
               kernel_params = kernel_params + params_file.read()

     

       125
       140
        
           with open(tmp_path, 'w') as f:

     

       126
       126
       -
               f.write(BOOT_ENTRY.format(profile=" [" + profile + "]" if profile else "",

     

       127
       127
       -
                           specialisation=" (%s)" % specialisation if specialisation else "",

     

       141
       141
       +
               f.write(BOOT_ENTRY.format(title=title,

     

       128
       142
        
                           generation=generation,

     

       129
       143
        
                           kernel=kernel,

     

       130
       144
        
                           initrd=initrd,

     
···

       281
       295
        
           remove_old_entries(gens)

     

       282
       296
        
           for gen in gens:

     

       283
       297
        
               try:

     

       284
       284
       -
                   write_entry(*gen, machine_id)

     

       298
       298
       +
                   is_default = os.readlink(system_dir(*gen)) == args.default_config

     

       299
       299
       +
                   write_entry(*gen, machine_id, current=is_default)

     

       285
       300
        
                   for specialisation in get_specialisations(*gen):

     

       286
       286
       -
                       write_entry(*specialisation, machine_id)

     

       287
       287
       -
                   if os.readlink(system_dir(*gen)) == args.default_config:

     

       301
       301
       +
                       write_entry(*specialisation, machine_id, current=is_default)

     

       302
       302
       +
                   if is_default:

     

       288
       303
        
                       write_loader_conf(*gen)

     

       289
       304
        
               except OSError as e:

     

       290
       305
        
                   profile = f"profile '{gen.profile}'" if gen.profile else "default profile"

+1 -1

nixos/tests/installer.nix

···

       51
       51
        
                 boot.loader.systemd-boot.enable = true;

     

       52
       52
        
               ''}

     

       53
       53
        
       

     

       54
       54
       -
               boot.initrd.secrets."/etc/secret" = /etc/nixos/secret;

     

       54
       54
       +
               boot.initrd.secrets."/etc/secret" = ./secret;

     

       55
       55
        
       

     

       56
       56
        
               users.users.alice = {

     

       57
       57
        
                 isNormalUser = true;