pyrox.dev / nixpkgs
lol
fork atom

systemd: add sysupdated (#424101)

Florian Klink 27752d2b 9de840f8

options
unified split
Changed files
+28 -6
nixos
modules
system
boot
systemd
sysupdate.nix
tests
systemd-sysupdate.nix
pkgs
os-specific
linux
systemd
default.nix
+22 -3
nixos/modules/system/boot/systemd/sysupdate.nix 
···

       
11

       
11

       
 

       



     

       
12

       
12

       
 

       
  format = pkgs.formats.ini { listToValue = toString; };


     

       
13

       
13

       
 

       



     

       
14

       

       
-

       
  definitionsDirectory = utils.systemdUtils.lib.definitions "sysupdate.d" format cfg.transfers;


     

       

       
14

       
+

       
  # TODO: Switch back to using utils.systemdUtils.lib.definitions once


     

       

       
15

       
+

       
  # https://github.com/systemd/systemd/pull/38187 is resolved. Also ensure


     

       

       
16

       
+

       
  # utils.systemdUtils.lib.definitions is capable of setting a custom file


     

       

       
17

       
+

       
  # suffix.


     

       

       
18

       
+

       
  sysupdateTransfers = lib.mapAttrs' (name: value: {


     

       

       
19

       
+

       
    name = "sysupdate.d/${name}.transfer";


     

       

       
20

       
+

       
    value.source = format.generate "${name}.transfer" value;


     

       

       
21

       
+

       
  }) cfg.transfers;


     

       
15

       
22

       
 

       
in


     

       
16

       
23

       
 

       
{


     

       
17

       
24

       
 

       
  options.systemd.sysupdate = {


     
···

       
114

       
121

       
 

       
  };


     

       
115

       
122

       
 

       



     

       
116

       
123

       
 

       
  config = lib.mkIf cfg.enable {


     

       

       
124

       
+

       
    assertions = [


     

       

       
125

       
+

       
      {


     

       

       
126

       
+

       
        assertion = config.systemd.package.withSysupdate;


     

       

       
127

       
+

       
        message = "Cannot enable systemd-sysupdate with systemd package not built with sysupdate support";


     

       

       
128

       
+

       
      }


     

       

       
129

       
+

       
    ];


     

       
117

       
130

       
 

       



     

       
118

       
131

       
 

       
    systemd.additionalUpstreamSystemUnits = [


     

       
119

       
132

       
 

       
      "systemd-sysupdate.service"


     

       
120

       
133

       
 

       
      "systemd-sysupdate.timer"


     

       
121

       
134

       
 

       
      "systemd-sysupdate-reboot.service"


     

       
122

       
135

       
 

       
      "systemd-sysupdate-reboot.timer"


     

       

       
136

       
+

       
      "systemd-sysupdated.service"


     

       
123

       
137

       
 

       
    ];


     

       
124

       
138

       
 

       



     

       

       
139

       
+

       
    systemd.services.systemd-sysupdated.aliases = [ "dbus-org.freedesktop.sysupdate1.service" ];


     

       

       
140

       
+

       



     

       
125

       
141

       
 

       
    systemd.timers = {


     

       
126

       
142

       
 

       
      "systemd-sysupdate" = {


     

       
127

       
143

       
 

       
        wantedBy = [ "timers.target" ];


     
···

       
133

       
149

       
 

       
      };


     

       
134

       
150

       
 

       
    };


     

       
135

       
151

       
 

       



     

       
136

       

       
-

       
    environment.etc."sysupdate.d".source = definitionsDirectory;


     

       

       
152

       
+

       
    environment.etc = sysupdateTransfers;


     

       
137

       
153

       
 

       
  };


     

       
138

       
154

       
 

       



     

       
139

       

       
-

       
  meta.maintainers = with lib.maintainers; [ nikstur ];


     

       

       
155

       
+

       
  meta.maintainers = with lib.maintainers; [


     

       

       
156

       
+

       
    nikstur


     

       

       
157

       
+

       
    jmbaur


     

       

       
158

       
+

       
  ];


     

       
140

       
159

       
 

       
}
+4 -3
nixos/tests/systemd-sysupdate.nix 
···

       
1

       
1

       
 

       
# Tests downloading a signed update artifact from a server to a target machine.


     

       
2

       
2

       
 

       
# This test does not rely on the `systemd.timer` units provided by the


     

       
3

       

       
-

       
# `systemd-sysupdate` module but triggers the `systemd-sysupdate` service


     

       
4

       

       
-

       
# manually to make the test more robust.


     

       

       
3

       
+

       
# `systemd-sysupdate` module but triggers the `updatectl` tool directly to


     

       

       
4

       
+

       
# demonstrate how to initiate updates manually.


     

       
5

       
5

       
 

       



     

       
6

       
6

       
 

       
{ lib, pkgs, ... }:


     

       
7

       
7

       
 

       



     
···

       
62

       
62

       
 

       
  testScript = ''


     

       
63

       
63

       
 

       
    server.wait_for_unit("nginx.service")


     

       
64

       
64

       
 

       



     

       
65

       

       
-

       
    target.succeed("systemctl start systemd-sysupdate")


     

       

       
65

       
+

       
    print(target.succeed("updatectl list"))


     

       

       
66

       
+

       
    target.succeed("updatectl update")


     

       
66

       
67

       
 

       
    assert "nixos" in target.wait_until_succeeds("cat /nixos_1.txt", timeout=5)


     

       
67

       
68

       
 

       
  '';


     

       
68

       
69

       
 

       
}
+2
pkgs/os-specific/linux/systemd/default.nix 
···

       
559

       
559

       
 

       
      (lib.mesonEnable "libiptc" withIptables)


     

       
560

       
560

       
 

       
      (lib.mesonEnable "repart" withRepart)


     

       
561

       
561

       
 

       
      (lib.mesonEnable "sysupdate" withSysupdate)


     

       

       
562

       
+

       
      (lib.mesonEnable "sysupdated" withSysupdate)


     

       
562

       
563

       
 

       
      (lib.mesonEnable "seccomp" withLibseccomp)


     

       
563

       
564

       
 

       
      (lib.mesonEnable "selinux" withSelinux)


     

       
564

       
565

       
 

       
      (lib.mesonEnable "tpm2" withTpm2Tss)


     
···

       
905

       
906

       
 

       
      withMachined


     

       
906

       
907

       
 

       
      withNetworkd


     

       
907

       
908

       
 

       
      withPortabled


     

       

       
909

       
+

       
      withSysupdate


     

       
908

       
910

       
 

       
      withTimedated


     

       
909

       
911

       
 

       
      withTpm2Tss


     

       
910

       
912

       
 

       
      withUtmp