pyrox.dev / nixpkgs
lol
fork atom

nixos-install: remove root requirement for bind mount

This moves the creation of the bind mount inside the `nixos-enter`
invocation. The command are executed in an unshared mount namespace, so
they can be run as an unprivileged user.

rnhmjoj 2bc56258 4f50411c

options
unified split
Changed files
+14 -12
nixos
modules
installer
tools
nixos-install.sh
+14 -12
nixos/modules/installer/tools/nixos-install.sh 
···

       
188

       
 

       
mkdir -m 0755 -p "$mountPoint/etc"


     

       
189

       
 

       
touch "$mountPoint/etc/NIXOS"


     

       
190

       
 

       



     

       
191

       
-

       
# Create a bind mount for each of the mount points inside the target file


     

       
192

       
-

       
# system. This preserves the validity of their absolute paths after changing


     

       
193

       
-

       
# the root with `nixos-enter`.


     

       
194

       
-

       
# Without this the bootloader installation may fail due to options that


     

       
195

       
-

       
# contain paths referenced during evaluation, like initrd.secrets.


     

       
196

       
-

       
if (( EUID == 0 )); then


     

       
197

       
-

       
    mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint"


     

       
198

       
-

       
    mount --make-rslave "$mountPoint$mountPoint"


     

       
199

       
-

       
    trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT


     

       
200

       
-

       
fi


     

       
201

       
-

       



     

       
202

       
 

       
# Switch to the new system configuration.  This will install Grub with


     

       
203

       
 

       
# a menu default pointing at the kernel/initrd/etc of the new


     

       
204

       
 

       
# configuration.


     
···

       
206

       
 

       
    echo "installing the boot loader..."


     

       
207

       
 

       
    # Grub needs an mtab.


     

       
208

       
 

       
    ln -sfn /proc/mounts "$mountPoint"/etc/mtab


     

       
209

       
-

       
    NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
210

       
 

       
fi


     

       
211

       
 

       



     

       
212

       
 

       
# Ask the user to set a root password, but only if the passwd command


     
···

       
188

       
 

       
mkdir -m 0755 -p "$mountPoint/etc"


     

       
189

       
 

       
touch "$mountPoint/etc/NIXOS"


     

       
190

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
191

       
 

       
# Switch to the new system configuration.  This will install Grub with


     

       
192

       
 

       
# a menu default pointing at the kernel/initrd/etc of the new


     

       
193

       
 

       
# configuration.


     
···

       
195

       
 

       
    echo "installing the boot loader..."


     

       
196

       
 

       
    # Grub needs an mtab.


     

       
197

       
 

       
    ln -sfn /proc/mounts "$mountPoint"/etc/mtab


     

       
198

       
+

       
    export mountPoint


     

       
199

       
+

       
    NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF'


     

       
200

       
+

       
      # Create a bind mount for each of the mount points inside the target file


     

       
201

       
+

       
      # system. This preserves the validity of their absolute paths after changing


     

       
202

       
+

       
      # the root with `nixos-enter`.


     

       
203

       
+

       
      # Without this the bootloader installation may fail due to options that


     

       
204

       
+

       
      # contain paths referenced during evaluation, like initrd.secrets.


     

       
205

       
+

       
      # when not root, re-execute the script in an unshared namespace


     

       
206

       
+

       
      mount --rbind --mkdir / "$mountPoint"


     

       
207

       
+

       
      mount --make-rslave "$mountPoint"


     

       
208

       
+

       
      /run/current-system/bin/switch-to-configuration boot


     

       
209

       
+

       
      umount -R "$mountPoint" && rmdir "$mountPoint"


     

       
210

       
+

       
EOF


     

       
211

       
+

       
)"


     

       
212

       
 

       
fi


     

       
213

       
 

       



     

       
214

       
 

       
# Ask the user to set a root password, but only if the passwd command