pyrox.dev / nixpkgs
lol
fork atom

stage-2: replace readonly-mountpoint by findmnt

Jörg Thalheim b42af252 a5ad8b4f

options
unified split
Changed files
+5 -32
nixos
modules
system
boot
readonly-mountpoint.c
stage-2-init.sh
stage-2.nix
-20
nixos/modules/system/boot/readonly-mountpoint.c 
···

       
1

       

       
-

       
#include <sys/statvfs.h>


     

       
2

       

       
-

       
#include <stdio.h>


     

       
3

       

       
-

       
#include <stdlib.h>


     

       
4

       

       
-

       



     

       
5

       

       
-

       
int main(int argc, char ** argv) {


     

       
6

       

       
-

       
	struct statvfs stat;


     

       
7

       

       
-

       
	if (argc != 2) {


     

       
8

       

       
-

       
		fprintf(stderr, "Usage: %s PATH", argv[0]);


     

       
9

       

       
-

       
		exit(2);


     

       
10

       

       
-

       
	}


     

       
11

       

       
-

       
	if (statvfs(argv[1], &stat) != 0) {


     

       
12

       

       
-

       
		perror("statvfs");


     

       
13

       

       
-

       
		exit(3);


     

       
14

       

       
-

       
	}


     

       
15

       

       
-

       
	if (stat.f_flag & ST_RDONLY)


     

       
16

       

       
-

       
		exit(0);


     

       
17

       

       
-

       
	else


     

       
18

       

       
-

       
		exit(1);


     

       
19

       

       
-

       
}


     

       
20

       

       
-
+3 -1
nixos/modules/system/boot/stage-2-init.sh 
···

       
46

       
46

       
 

       
chown -f 0:30000 /nix/store


     

       
47

       
47

       
 

       
chmod -f 1775 /nix/store


     

       
48

       
48

       
 

       
if [ -n "@readOnlyStore@" ]; then


     

       
49

       

       
-

       
    if ! readonly-mountpoint /nix/store; then


     

       

       
49

       
+

       
    if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then


     

       

       
50

       
+

       
        # FIXME when linux < 4.5 is EOL, switch to atomic bind mounts


     

       

       
51

       
+

       
        #mount /nix/store /nix/store -o bind,remount,ro


     

       
50

       
52

       
 

       
        mount --bind /nix/store /nix/store


     

       
51

       
53

       
 

       
        mount -o remount,ro,bind /nix/store


     

       
52

       
54

       
 

       
    fi
+2 -11
nixos/modules/system/boot/stage-2.nix 
···

       
7

       
7

       
 

       
  kernel = config.boot.kernelPackages.kernel;


     

       
8

       
8

       
 

       
  activateConfiguration = config.system.activationScripts.script;


     

       
9

       
9

       
 

       



     

       
10

       

       
-

       
  readonlyMountpoint = pkgs.stdenv.mkDerivation {


     

       
11

       

       
-

       
    name = "readonly-mountpoint";


     

       
12

       

       
-

       
    unpackPhase = "true";


     

       
13

       

       
-

       
    installPhase = ''


     

       
14

       

       
-

       
      mkdir -p $out/bin


     

       
15

       

       
-

       
      cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint


     

       
16

       

       
-

       
    '';


     

       
17

       

       
-

       
  };


     

       
18

       

       
-

       



     

       
19

       
10

       
 

       
  bootStage2 = pkgs.substituteAll {


     

       
20

       
11

       
 

       
    src = ./stage-2-init.sh;


     

       
21

       
12

       
 

       
    shellDebug = "${pkgs.bashInteractive}/bin/bash";


     
···

       
23

       
14

       
 

       
    inherit (config.nix) readOnlyStore;


     

       
24

       
15

       
 

       
    inherit (config.networking) useHostResolvConf;


     

       
25

       
16

       
 

       
    inherit (config.system.build) earlyMountScript;


     

       
26

       

       
-

       
    path = lib.makeBinPath ([


     

       

       
17

       
+

       
    path = lib.makeBinPath [


     

       
27

       
18

       
 

       
      pkgs.coreutils


     

       
28

       
19

       
 

       
      pkgs.utillinux


     

       
29

       
20

       
 

       
      pkgs.openresolv


     

       
30

       

       
-

       
    ] ++ optional config.nix.readOnlyStore readonlyMountpoint);


     

       

       
21

       
+

       
    ];


     

       
31

       
22

       
 

       
    postBootCommands = pkgs.writeText "local-cmds"


     

       
32

       
23

       
 

       
      ''


     

       
33

       
24

       
 

       
        ${config.boot.postBootCommands}