commit 6ec6eae5864379145d5ba3121e13271d82cea1fd · pyrox.dev/nixpkgs

-4

nixos/doc/manual/release-notes/rl-2505.section.md

···

       519
       519
        
       

     

       520
       520
        
       - `services.gitea` now supports CAPTCHA usage through the `services.gitea.captcha` variable.

     

       521
       521
        
       

     

       522
       522
       -
       - The GRUB bootloader (`boot.loader.grub`) now generates [boot loader entries](https://uapi-group.org/specifications/specs/boot_loader_specification/).

     

       523
       523
       -
         These files are used by userspace tools (for example, `bootctl`) to inspect the bootloader status, getting the default boot entry, the path of the kernel binary, etc.

     

       524
       524
       -
         As a consequence, `systemctl kexec` now works automatically: specifying the kernel and its arguments with `kexec --load` is no longer required.

     

       525
       525
       -
       

     

       526
       522
        
       - `bind.cacheNetworks` now only controls access for recursive queries, where it previously controlled access for all queries.

     

       527
       523
        
       

     

       528
       524
        
       - [`services.mongodb.enableAuth`](#opt-services.mongodb.enableAuth) now uses the newer [mongosh](https://github.com/mongodb-js/mongosh) shell instead of the legacy shell to configure the initial superuser. You can configure the mongosh package to use through the [`services.mongodb.mongoshPackage`](#opt-services.mongodb.mongoshPackage) option.

-14

nixos/modules/system/boot/loader/grub/grub.nix

···

       50
       50
        
           then realGrub.override { efiSupport = cfg.efiSupport; }

     

       51
       51
        
           else null;

     

       52
       52
        
       

     

       53
       53
       -
         bootPath = if cfg.mirroredBoots != [ ]

     

       54
       54
       -
           then (builtins.head cfg.mirroredBoots).path

     

       55
       55
       -
           else "/boot";

     

       56
       56
       -
       

     

       57
       53
        
         f = x: optionalString (x != null) ("" + x);

     

       58
       54
        
       

     

       59
       55
        
         grubConfig = args:

     
···

       759
       755
        
             system.boot.loader.id = "grub";

     

       760
       756
        
       

     

       761
       757
        
             environment.systemPackages = mkIf (grub != null) [ grub ];

     

       762
       762
       -
       

     

       763
       763
       -
             # Link /boot under /run/boot-loder-entries to make

     

       764
       764
       -
             # systemd happy even on non-EFI system

     

       765
       765
       -
             systemd.mounts = lib.optional (!cfg.efiSupport) {

     

       766
       766
       -
               what  = bootPath;

     

       767
       767
       -
               where = "/run/boot-loader-entries";

     

       768
       768
       -
               type  = "none";

     

       769
       769
       -
               options = "bind";

     

       770
       770
       -
               requiredBy = [ "local-fs.target" ];

     

       771
       771
       -
             };

     

       772
       758
        
       

     

       773
       759
        
             boot.loader.grub.extraPrepareConfig =

     

       774
       760
        
               concatStrings (mapAttrsToList (n: v: ''

+2 -75

nixos/modules/system/boot/loader/grub/install-grub.pl

···

       99
       99
        
       

     

       100
       100
        
       print STDERR "updating GRUB 2 menu...\n";

     

       101
       101
        
       

     

       102
       102
       -
       # Make GRUB directory

     

       103
       103
       -
       make_path("$bootPath/grub", { mode => 0700 });

     

       104
       104
       -
       

     

       105
       105
       -
       # Make BLS entries directory, see addBLSEntry

     

       106
       106
       -
       make_path("$bootPath/loader/entries", { mode => 0700 });

     

       107
       107
       -
       writeFile("$bootPath/loader/entries.srel", "type1");

     

       108
       108
       -
       

     

       109
       109
       -
       # and a temporary one for new entries

     

       110
       110
       -
       make_path("$bootPath/loader/entries.tmp", { mode => 0700 });

     

       102
       102
       +
       make_path("$bootPath/grub", {  mode => 0700 });

     

       111
       103
        
       

     

       112
       104
        
       # Discover whether the bootPath is on the same filesystem as / and

     

       113
       105
        
       # /nix/store.  If not, then all kernels and initrds must be copied to

     
···

       468
       460
        
       }

     

       469
       461
        
       

     

       470
       462
        
       sub addEntry {

     

       471
       471
       -
           # Creates a Grub menu entry for a given system

     

       472
       463
        
           my ($name, $path, $options, $current) = @_;

     

       473
       464
        
           return unless -e "$path/kernel" && -e "$path/initrd";

     

       474
       465
        
       

     
···

       530
       521
        
           $conf .= "}\n\n";

     

       531
       522
        
       }

     

       532
       523
        
       

     

       533
       533
       -
       sub addBLSEntry {

     

       534
       534
       -
           # Creates a Boot Loader Specification[1] entry for a given system.

     

       535
       535
       -
           # The information contained in the entry mirrors a boot entry in GRUB menu.

     

       536
       536
       -
           #

     

       537
       537
       -
           # [1]: https://uapi-group.org/specifications/specs/boot_loader_specification

     

       538
       538
       -
           my ($prof, $spec, $gen, $link) = @_;

     

       539
       539
       -
       

     

       540
       540
       -
           # collect data from system

     

       541
       541
       -
           my %bootspec = %{decode_json(readFile("$link/boot.json"))->{"org.nixos.bootspec.v1"}};

     

       542
       542
       -
           my $date = strftime("%F", localtime(lstat($link)->mtime));

     

       543
       543
       -
           my $kernel = $bootspec{kernel} =~ s@$storePath/@@r =~ s@/@-@r;

     

       544
       544
       -
           my $initrd = $bootspec{initrd} =~ s@$storePath/@@r =~ s@/@-@r;

     

       545
       545
       -
           my $kernelParams = readFile("$link/kernel-params");

     

       546
       546
       -
           my $machineId = readFile("/etc/machine-id");

     

       547
       547
       -
       

     

       548
       548
       -
           if ($grubEfi eq "" && !$copyKernels) {

     

       549
       549
       -
               # workaround for https://github.com/systemd/systemd/issues/35729

     

       550
       550
       -
               make_path("$bootPath/kernels", { mode => 0755 });

     

       551
       551
       -
               symlink($bootspec{kernel}, "$bootPath/kernels/$kernel");

     

       552
       552
       -
               symlink($bootspec{initrd}, "$bootPath/kernels/$initrd");

     

       553
       553
       -
               $copied{"$bootPath/kernels/$kernel"} = 1;

     

       554
       554
       -
               $copied{"$bootPath/kernels/$initrd"} = 1;

     

       555
       555
       -
           }

     

       556
       556
       -
       

     

       557
       557
       -
           # fill in the entry

     

       558
       558
       -
           my $extras = join(' ', $prof = $prof ne "system" ? " [$prof] " : "",

     

       559
       559
       -
                                  $spec = $spec ne "" ? " ($spec) " : "");

     

       560
       560
       -
           my $entry = <<~END;

     

       561
       561
       -
             title @distroName@$extras

     

       562
       562
       -
             sort-key nixos

     

       563
       563
       -
             version Generation $gen $bootspec{label}, built on $date

     

       564
       564
       -
             linux kernels/$kernel

     

       565
       565
       -
             initrd kernels/$initrd

     

       566
       566
       -
             options init=$bootspec{init} $kernelParams

     

       567
       567
       -
             END

     

       568
       568
       -
           $entry .= "machine-id $machineId" if defined $machineId;

     

       569
       569
       -
       

     

       570
       570
       -
           # entry file basename

     

       571
       571
       -
           my $name = join("-", grep { length $_ > 0 }

     

       572
       572
       -
               "nixos", $prof ne "system" ? $prof : "",

     

       573
       573
       -
               "generation", $gen,

     

       574
       574
       -
                $spec ? "specialisation-$spec" : "");

     

       575
       575
       -
       

     

       576
       576
       -
           # write entry to the temp directory

     

       577
       577
       -
           writeFile("$bootPath/loader/entries.tmp/$name.conf", $entry);

     

       578
       578
       -
       

     

       579
       579
       -
           # mark the default entry

     

       580
       580
       -
           if (readlink($link) eq $defaultConfig) {

     

       581
       581
       -
               writeFile("$bootPath/loader/loader.conf", "default $name.conf");

     

       582
       582
       -
           }

     

       583
       583
       -
       }

     

       584
       584
       -
       

     

       585
       524
        
       sub addGeneration {

     

       586
       525
        
           my ($name, $nameSuffix, $path, $options, $current) = @_;

     

       587
       526
        
       

     
···

       653
       592
        
                   warn "skipping corrupt system profile entry ‘$link’\n";

     

       654
       593
        
                   next;

     

       655
       594
        
               }

     

       656
       656
       -
               my $gen = nrFromGen($link);

     

       657
       595
        
               my $date = strftime("%F", localtime(lstat($link)->mtime));

     

       658
       596
        
               my $version =

     

       659
       597
        
                   -e "$link/nixos-version"

     

       660
       598
        
                   ? readFile("$link/nixos-version")

     

       661
       599
        
                   : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);

     

       662
       662
       -
               addGeneration("@distroName@ - Configuration " . $gen, " ($date - $version)", $link, $subEntryOptions, 0);

     

       663
       663
       -
       

     

       664
       664
       -
               addBLSEntry(basename($profile), "", $gen, $link);

     

       665
       665
       -
               foreach my $spec (glob "$link/specialisation/*") {

     

       666
       666
       -
                   addBLSEntry(basename($profile), $spec, $gen, $spec);

     

       667
       667
       -
               }

     

       600
       600
       +
               addGeneration("@distroName@ - Configuration " . nrFromGen($link), " ($date - $version)", $link, $subEntryOptions, 0);

     

       668
       601
        
           }

     

       669
       602
        
       

     

       670
       603
        
           $conf .= "}\n";

     
···

       677
       610
        
           next unless $name =~ /^\w+$/;

     

       678
       611
        
           addProfile $profile, "@distroName@ - Profile '$name'";

     

       679
       612
        
       }

     

       680
       680
       -
       

     

       681
       681
       -
       # Atomically replace the BLS entries directory

     

       682
       682
       -
       my $entriesDir = "$bootPath/loader/entries";

     

       683
       683
       -
       rename $entriesDir, "$entriesDir.bak" or die "cannot rename $entriesDir to $entriesDir.bak: $!\n";

     

       684
       684
       -
       rename "$entriesDir.tmp", $entriesDir or die "cannot rename $entriesDir.tmp to $entriesDir: $!\n";

     

       685
       685
       -
       rmtree "$entriesDir.bak" or die "cannot remove $entriesDir.bak: $!\n";

     

       686
       613
        
       

     

       687
       614
        
       # extraPrepareConfig could refer to @bootPath@, which we have to substitute

     

       688
       615
        
       $extraPrepareConfig =~ s/\@bootPath\@/$bootPath/g;

+1 -1

nixos/tests/all-tests.nix

···

       463
       463
        
         greetd-no-shadow = handleTest ./greetd-no-shadow.nix {};

     

       464
       464
        
         grocy = handleTest ./grocy.nix {};

     

       465
       465
        
         grow-partition = runTest ./grow-partition.nix;

     

       466
       466
       -
         grub = import ./grub.nix { inherit pkgs runTest; };

     

       466
       466
       +
         grub = handleTest ./grub.nix {};

     

       467
       467
        
         guacamole-server = handleTest ./guacamole-server.nix {};

     

       468
       468
        
         guix = handleTest ./guix {};

     

       469
       469
        
         gvisor = handleTest ./gvisor.nix {};

+46 -109

nixos/tests/grub.nix

···

       1
       1
       -
       { pkgs, runTest }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       4
       4
       -
         # Basic GRUB setup with BIOS and a password

     

       5
       5
       -
         basic = runTest {

     

       6
       6
       -
           name = "grub-basic";

     

       7
       7
       -
           meta.maintainers = with pkgs.lib.maintainers; [ rnhmjoj ];

     

       8
       8
       -
       

     

       9
       9
       -
           nodes.machine = { ... }: {

     

       10
       10
       -
             virtualisation.useBootLoader = true;

     

       11
       11
       -
             boot.loader.timeout = null;

     

       12
       12
       -
             boot.loader.grub = {

     

       13
       13
       -
               enable = true;

     

       14
       14
       -
               users.alice.password = "supersecret";

     

       15
       15
       -
               # OCR is not accurate enough

     

       16
       16
       -
               extraConfig = "serial; terminal_output serial";

     

       17
       17
       -
             };

     

       18
       18
       -
           };

     

       19
       19
       -
       

     

       20
       20
       -
           testScript = ''

     

       21
       21
       -
             def grub_login_as(user, password):

     

       22
       22
       -
                 """

     

       23
       23
       -
                 Enters user and password to log into GRUB

     

       24
       24
       -
                 """

     

       25
       25
       -
                 machine.wait_for_console_text("Enter username:")

     

       26
       26
       -
                 machine.send_chars(user + "\n")

     

       27
       27
       -
                 machine.wait_for_console_text("Enter password:")

     

       28
       28
       -
                 machine.send_chars(password + "\n")

     

       29
       29
       -
       

     

       30
       30
       -
       

     

       31
       31
       -
             def grub_select_all_configurations():

     

       32
       32
       -
                 """

     

       33
       33
       -
                 Selects "All configurations" from the GRUB menu

     

       34
       34
       -
                 to trigger a login request.

     

       35
       35
       -
                 """

     

       36
       36
       -
                 machine.send_monitor_command("sendkey down")

     

       37
       37
       -
                 machine.send_monitor_command("sendkey ret")

     

       38
       38
       -
       

     

       39
       39
       -
       

     

       40
       40
       -
             machine.start()

     

       1
       1
       +
       import ./make-test-python.nix ({ lib, ... }: {

     

       2
       2
       +
         name = "grub";

     

       41
       3
        
       

     

       42
       42
       -
             # wait for grub screen

     

       43
       43
       -
             machine.wait_for_console_text("GNU GRUB")

     

       4
       4
       +
         meta = with lib.maintainers; {

     

       5
       5
       +
           maintainers = [ rnhmjoj ];

     

       6
       6
       +
         };

     

       44
       7
        
       

     

       45
       45
       -
             grub_select_all_configurations()

     

       46
       46
       -
             with subtest("Invalid credentials are rejected"):

     

       47
       47
       -
                 grub_login_as("wronguser", "wrongsecret")

     

       48
       48
       -
                 machine.wait_for_console_text("error: access denied.")

     

       8
       8
       +
         nodes.machine = { ... }: {

     

       9
       9
       +
           virtualisation.useBootLoader = true;

     

       49
       10
        
       

     

       50
       50
       -
             grub_select_all_configurations()

     

       51
       51
       -
             with subtest("Valid credentials are accepted"):

     

       52
       52
       -
                 grub_login_as("alice", "supersecret")

     

       53
       53
       -
                 machine.send_chars("\n")  # press enter to boot

     

       54
       54
       -
                 machine.wait_for_console_text("Linux version")

     

       11
       11
       +
           boot.loader.timeout = null;

     

       12
       12
       +
           boot.loader.grub = {

     

       13
       13
       +
             enable = true;

     

       14
       14
       +
             users.alice.password = "supersecret";

     

       55
       15
        
       

     

       56
       56
       -
             with subtest("Machine boots correctly"):

     

       57
       57
       -
                 machine.wait_for_unit("multi-user.target")

     

       58
       58
       -
           '';

     

       16
       16
       +
             # OCR is not accurate enough

     

       17
       17
       +
             extraConfig = "serial; terminal_output serial";

     

       59
       18
        
           };

     

       19
       19
       +
         };

     

       60
       20
        
       

     

       61
       61
       -
         # Test boot loader entries on EFI

     

       62
       62
       -
         bls-efi = runTest {

     

       63
       63
       -
           name = "grub-bls-efi";

     

       64
       64
       -
           meta.maintainers = with pkgs.lib.maintainers; [ rnhmjoj ];

     

       21
       21
       +
         testScript = ''

     

       22
       22
       +
           def grub_login_as(user, password):

     

       23
       23
       +
               """

     

       24
       24
       +
               Enters user and password to log into GRUB

     

       25
       25
       +
               """

     

       26
       26
       +
               machine.wait_for_console_text("Enter username:")

     

       27
       27
       +
               machine.send_chars(user + "\n")

     

       28
       28
       +
               machine.wait_for_console_text("Enter password:")

     

       29
       29
       +
               machine.send_chars(password + "\n")

     

       65
       30
        
       

     

       66
       66
       -
           nodes.machine = { pkgs, ... }: {

     

       67
       67
       -
             virtualisation.useBootLoader = true;

     

       68
       68
       -
             virtualisation.useEFIBoot = true;

     

       69
       69
       -
             boot.loader.efi.canTouchEfiVariables = true;

     

       70
       70
       -
             boot.loader.grub.enable = true;

     

       71
       71
       -
             boot.loader.grub.efiSupport = true;

     

       72
       72
       -
           };

     

       73
       31
        
       

     

       74
       74
       -
           testScript = ''

     

       75
       75
       -
             with subtest("Machine boots correctly"):

     

       76
       76
       -
                 machine.wait_for_unit("multi-user.target")

     

       32
       32
       +
           def grub_select_all_configurations():

     

       33
       33
       +
               """

     

       34
       34
       +
               Selects "All configurations" from the GRUB menu

     

       35
       35
       +
               to trigger a login request.

     

       36
       36
       +
               """

     

       37
       37
       +
               machine.send_monitor_command("sendkey down")

     

       38
       38
       +
               machine.send_monitor_command("sendkey ret")

     

       77
       39
        
       

     

       78
       78
       -
             with subtest("Boot entries are installed"):

     

       79
       79
       -
                 entries = machine.succeed("bootctl list")

     

       80
       80
       -
                 print(entries)

     

       81
       81
       -
                 error = "NixOS boot entry not found in bootctl list."

     

       82
       82
       -
                 assert "version: Generation 1" in entries, error

     

       83
       40
        
       

     

       84
       84
       -
             with subtest("systemctl kexec can detect the kernel"):

     

       85
       85
       -
                 machine.succeed("systemctl kexec --dry-run")

     

       41
       41
       +
           machine.start()

     

       86
       42
        
       

     

       87
       87
       -
             with subtest("systemctl kexec really works"):

     

       88
       88
       -
                 machine.execute("systemctl kexec", check_return=False)

     

       89
       89
       -
                 machine.connected = False

     

       90
       90
       -
                 machine.connect()

     

       91
       91
       -
                 machine.wait_for_unit("multi-user.target")

     

       92
       92
       -
           '';

     

       93
       93
       -
         };

     

       43
       43
       +
           # wait for grub screen

     

       44
       44
       +
           machine.wait_for_console_text("GNU GRUB")

     

       94
       45
        
       

     

       95
       95
       -
         # Test boot loader entries on BIOS

     

       96
       96
       -
         bls-bios = runTest {

     

       97
       97
       -
           name = "grub-bls-bios";

     

       98
       98
       -
           meta.maintainers = with pkgs.lib.maintainers; [ rnhmjoj ];

     

       99
       99
       -
       

     

       100
       100
       -
           nodes.machine = { pkgs, ... }: {

     

       101
       101
       -
             virtualisation.useBootLoader = true;

     

       102
       102
       -
             boot.loader.grub.enable = true;

     

       103
       103
       -
           };

     

       104
       104
       -
       

     

       105
       105
       -
           testScript = ''

     

       106
       106
       -
             with subtest("Machine boots correctly"):

     

       107
       107
       -
                 machine.wait_for_unit("multi-user.target")

     

       108
       108
       -
       

     

       109
       109
       -
             with subtest("Boot entries are installed"):

     

       110
       110
       -
                 machine.succeed("test -f /boot/loader/entries/nixos-generation-1.conf")

     

       111
       111
       -
       

     

       112
       112
       -
             with subtest("systemctl kexec can detect the kernel"):

     

       113
       113
       -
                 machine.succeed("systemctl kexec --dry-run")

     

       46
       46
       +
           grub_select_all_configurations()

     

       47
       47
       +
           with subtest("Invalid credentials are rejected"):

     

       48
       48
       +
               grub_login_as("wronguser", "wrongsecret")

     

       49
       49
       +
               machine.wait_for_console_text("error: access denied.")

     

       114
       50
        
       

     

       115
       115
       -
             with subtest("systemctl kexec really works"):

     

       116
       116
       -
                 machine.execute("systemctl kexec", check_return=False)

     

       117
       117
       -
                 machine.connected = False

     

       118
       118
       -
                 machine.connect()

     

       119
       119
       -
                 machine.wait_for_unit("multi-user.target")

     

       120
       120
       -
           '';

     

       121
       121
       -
         };

     

       51
       51
       +
           grub_select_all_configurations()

     

       52
       52
       +
           with subtest("Valid credentials are accepted"):

     

       53
       53
       +
               grub_login_as("alice", "supersecret")

     

       54
       54
       +
               machine.send_chars("\n")  # press enter to boot

     

       55
       55
       +
               machine.wait_for_console_text("Linux version")

     

       122
       56
        
       

     

       123
       123
       -
       }

     

       57
       57
       +
           with subtest("Machine boots correctly"):

     

       58
       58
       +
               machine.wait_for_unit("multi-user.target")

     

       59
       59
       +
         '';

     

       60
       60
       +
       })

-3

nixos/tests/nixos-rebuild-install-bootloader.nix

···

       71
       71
        
                 # at this point we've tested regression #262724, but haven't tested the bootloader itself

     

       72
       72
        
                 # TODO: figure out how to how to tell the test driver to start the bootloader instead of

     

       73
       73
        
                 # booting into the kernel directly.

     

       74
       74
       -
       

     

       75
       75
       -
             with subtest("New boot entry has been added"):

     

       76
       76
       -
                 machine.succeed("test -f /boot/loader/entries/nixos-generation-2.conf")

     

       77
       74
        
           '';

     

       78
       75
        
       })