commit e7fa9ff16c8d4f91e71794a459bc644e8ec53a6b · pyrox.dev/nixpkgs

doc/release-notes/rl-2511.section.md

···

       9
       9
        
         and newer series. However, embedded chips without LSX (Loongson SIMD eXtension), such as 2K0300 SoC, are not

     

       10
       10
        
         supported. `pkgsCross.loongarch64-linux-embedded` can be used to build software and systems for these platforms.

     

       11
       11
        
       - The official Nix formatter `nixfmt` is now stable and available as `pkgs.nixfmt`, deprecating the temporary `pkgs.nixfmt-rfc-style` attribute. The classic `nixfmt` will stay available for some more time as `pkgs.nixfmt-classic`.

     

       12
       12
       +
       - Added `nixos-init`, a Rust-based bashless initialization system for systemd initrd. This allows to build NixOS systems without any interpreter. Enable via `system.nixos-init.enable = true;`.

     

       12
       13
        
       

     

       13
       14
        
       ## Backward Incompatibilities {#sec-nixpkgs-release-25.11-incompatibilities}

     

       14
       15

nixos/modules/module-list.nix

···

       1803
       1803
        
         ./system/activation/activatable-system.nix

     

       1804
       1804
        
         ./system/activation/activation-script.nix

     

       1805
       1805
        
         ./system/activation/bootspec.nix

     

       1806
       1806
       +
         ./system/activation/nixos-init.nix

     

       1806
       1807
        
         ./system/activation/pre-switch-check.nix

     

       1807
       1808
        
         ./system/activation/specialisation.nix

     

       1808
       1809
        
         ./system/activation/switchable-system.nix

+31

nixos/modules/system/activation/nixos-init.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       

     

       8
       8
       +
       let

     

       9
       9
       +
         cfg = config.system.nixos-init;

     

       10
       10
       +
       in

     

       11
       11
       +
       {

     

       12
       12
       +
         options.system.nixos-init = {

     

       13
       13
       +
           enable = lib.mkEnableOption ''

     

       14
       14
       +
             nixos-init, a system for bashless initialization.

     

       15
       15
       +
       

     

       16
       16
       +
             This doesn't use any `activationScripts`. Anything set in these options is

     

       17
       17
       +
             a no-op here.

     

       18
       18
       +
           '';

     

       19
       19
       +
       

     

       20
       20
       +
           package = lib.mkPackageOption pkgs "nixos-init" { };

     

       21
       21
       +
         };

     

       22
       22
       +
       

     

       23
       23
       +
         config = lib.mkIf cfg.enable {

     

       24
       24
       +
           assertions = [

     

       25
       25
       +
             {

     

       26
       26
       +
               assertion = config.boot.initrd.systemd.enable;

     

       27
       27
       +
               message = "nixos-init can only be used with systemd initrd";

     

       28
       28
       +
             }

     

       29
       29
       +
           ];

     

       30
       30
       +
         };

     

       31
       31
       +
       }

+5 -2

nixos/modules/system/activation/top-level.nix

···

       14
       14
        
           ${

     

       15
       15
        
             if config.boot.initrd.enable && config.boot.initrd.systemd.enable then

     

       16
       16
        
               ''

     

       17
       17
       -
                 cp ${config.system.build.bootStage2} $out/prepare-root

     

       18
       18
       -
                 substituteInPlace $out/prepare-root --subst-var-by systemConfig $out

     

       19
       17
        
                 # This must not be a symlink or the abs_path of the grub builder for the tests

     

       20
       18
        
                 # will resolve the symlink and we end up with a path that doesn't point to a

     

       21
       19
        
                 # system closure.

     

       22
       20
        
                 cp "$systemd/lib/systemd/systemd" $out/init

     

       21
       21
       +
       

     

       22
       22
       +
                 ${lib.optionalString (!config.system.nixos-init.enable) ''

     

       23
       23
       +
                   cp ${config.system.build.bootStage2} $out/prepare-root

     

       24
       24
       +
                   substituteInPlace $out/prepare-root --subst-var-by systemConfig $out

     

       25
       25
       +
                 ''}

     

       23
       26
        
               ''

     

       24
       27
        
             else

     

       25
       28
        
               ''

+54 -15

nixos/modules/system/boot/systemd/initrd.nix

···

       562
       562
        
               "${pkgs.glibc}/lib/libnss_files.so.2"

     

       563
       563
        
       

     

       564
       564
        
               # Resolving sysroot symlinks without code exec

     

       565
       565
       -
               "${pkgs.chroot-realpath}/bin/chroot-realpath"

     

       565
       565
       +
               "${config.system.nixos-init.package}/bin/chroot-realpath"

     

       566
       566
       +
               # Find the etc paths

     

       567
       567
       +
               "${config.system.nixos-init.package}/bin/find-etc"

     

       568
       568
       +
             ]

     

       569
       569
       +
             ++ lib.optionals config.system.nixos-init.enable [

     

       570
       570
       +
               "${config.system.nixos-init.package}/bin/initrd-init"

     

       566
       571
        
             ]

     

       567
       572
        
             ++ jobScripts

     

       568
       573
        
             ++ map (c: builtins.removeAttrs c [ "text" ]) (builtins.attrValues cfg.contents);

     
···

       594
       599
        
                 ) cfg.automounts

     

       595
       600
        
               );

     

       596
       601
        
       

     

       597
       597
       -
             services.initrd-find-nixos-closure = {

     

       602
       602
       +
             services.initrd-find-nixos-closure = lib.mkIf (!config.system.nixos-init.enable) {

     

       598
       603
        
               description = "Find NixOS closure";

     

       599
       604
        
       

     

       600
       605
        
               unitConfig = {

     
···

       615
       620
        
               script = # bash

     

       616
       621
        
                 ''

     

       617
       622
        
                   set -uo pipefail

     

       618
       618
       -
                   export PATH="/bin:${cfg.package.util-linux}/bin:${pkgs.chroot-realpath}/bin"

     

       623
       623
       +
                   export PATH="/bin:${

     

       624
       624
       +
                     lib.makeBinPath [

     

       625
       625
       +
                       cfg.package.util-linux

     

       626
       626
       +
                       config.system.nixos-init.package

     

       627
       627
       +
                     ]

     

       628
       628
       +
                   }"

     

       619
       629
        
       

     

       620
       630
        
                   # Figure out what closure to boot

     

       621
       631
        
                   closure=

     
···

       670
       680
        
               }

     

       671
       681
        
             ];

     

       672
       682
        
       

     

       673
       673
       -
             services.initrd-nixos-activation = {

     

       683
       683
       +
             services.initrd-nixos-activation = lib.mkIf (!config.system.nixos-init.enable) {

     

       674
       684
        
               after = [ "initrd-switch-root.target" ];

     

       675
       685
        
               requiredBy = [ "initrd-switch-root.service" ];

     

       676
       686
        
               before = [ "initrd-switch-root.service" ];

     
···

       697
       707
        
                 '';

     

       698
       708
        
             };

     

       699
       709
        
       

     

       700
       700
       -
             # This will either call systemctl with the new init as the last parameter (which

     

       701
       701
       -
             # is the case when not booting a NixOS system) or with an empty string, causing

     

       702
       702
       -
             # systemd to bypass its verification code that checks whether the next file is a systemd

     

       703
       703
       -
             # and using its compiled-in value

     

       704
       704
       -
             services.initrd-switch-root.serviceConfig = {

     

       705
       705
       -
               EnvironmentFile = "-/etc/switch-root.conf";

     

       706
       706
       -
               ExecStart = [

     

       707
       707
       -
                 ""

     

       708
       708
       -
                 ''systemctl --no-block switch-root /sysroot "''${NEW_INIT}"''

     

       709
       709
       -
               ];

     

       710
       710
       -
             };

     

       710
       710
       +
             services.initrd-switch-root =

     

       711
       711
       +
               if config.system.nixos-init.enable then

     

       712
       712
       +
                 {

     

       713
       713
       +
                   path = [

     

       714
       714
       +
                     cfg.package

     

       715
       715
       +
                     cfg.package.util-linux

     

       716
       716
       +
                     config.system.nixos-init.package

     

       717
       717
       +
                   ];

     

       718
       718
       +
                   environment = {

     

       719
       719
       +
                     FIRMWARE = "${config.hardware.firmware}/lib/firmware";

     

       720
       720
       +
                     MODPROBE_BINARY = "${pkgs.kmod}/bin/modprobe";

     

       721
       721
       +
                     NIX_STORE_MOUNT_OPTS = lib.concatStringsSep "," config.boot.nixStoreMountOpts;

     

       722
       722
       +
                   }

     

       723
       723
       +
                   // lib.optionalAttrs (config.environment.usrbinenv != null) {

     

       724
       724
       +
                     ENV_BINARY = config.environment.usrbinenv;

     

       725
       725
       +
                   }

     

       726
       726
       +
                   // lib.optionalAttrs (config.environment.binsh != null) {

     

       727
       727
       +
                     SH_BINARY = config.environment.binsh;

     

       728
       728
       +
                   };

     

       729
       729
       +
                   serviceConfig = {

     

       730
       730
       +
                     ExecStart = [

     

       731
       731
       +
                       ""

     

       732
       732
       +
                       "${config.system.nixos-init.package}/bin/initrd-init"

     

       733
       733
       +
                     ];

     

       734
       734
       +
                   };

     

       735
       735
       +
                 }

     

       736
       736
       +
               else

     

       737
       737
       +
                 # This will either call systemctl with the new init as the last parameter (which

     

       738
       738
       +
                 # is the case when not booting a NixOS system) or with an empty string, causing

     

       739
       739
       +
                 # systemd to bypass its verification code that checks whether the next file is a systemd

     

       740
       740
       +
                 # and using its compiled-in value

     

       741
       741
       +
                 {

     

       742
       742
       +
                   serviceConfig = {

     

       743
       743
       +
                     EnvironmentFile = "-/etc/switch-root.conf";

     

       744
       744
       +
                     ExecStart = [

     

       745
       745
       +
                       ""

     

       746
       746
       +
                       ''systemctl --no-block switch-root /sysroot "''${NEW_INIT}"''

     

       747
       747
       +
                     ];

     

       748
       748
       +
                   };

     

       749
       749
       +
                 };

     

       711
       750
        
       

     

       712
       751
        
             services.panic-on-fail = {

     

       713
       752
        
               wantedBy = [ "emergency.target" ];

+2 -19

nixos/modules/system/etc/etc-activation.nix

···

       144
       144
        
                 {

     

       145
       145
        
                   initrd-find-etc = {

     

       146
       146
        
                     description = "Find the path to the etc metadata image and based dir";

     

       147
       147
       -
                     requires = [

     

       148
       148
       -
                       config.boot.initrd.systemd.services.initrd-find-nixos-closure.name

     

       149
       149
       -
                     ];

     

       150
       150
       -
                     after = [

     

       151
       151
       -
                       config.boot.initrd.systemd.services.initrd-find-nixos-closure.name

     

       152
       152
       -
                     ];

     

       153
       147
        
                     before = [ "shutdown.target" ];

     

       154
       148
        
                     conflicts = [ "shutdown.target" ];

     

       155
       149
        
                     requiredBy = [ "initrd.target" ];

     

       150
       150
       +
                     path = [ config.system.nixos-init.package ];

     

       156
       151
        
                     unitConfig = {

     

       157
       152
        
                       DefaultDependencies = false;

     

       158
       153
        
                       RequiresMountsFor = "/sysroot/nix/store";

     
···

       160
       155
        
                     serviceConfig = {

     

       161
       156
        
                       Type = "oneshot";

     

       162
       157
        
                       RemainAfterExit = true;

     

       158
       158
       +
                       ExecStart = "${config.system.nixos-init.package}/bin/find-etc";

     

       163
       159
        
                     };

     

       164
       164
       -
       

     

       165
       165
       -
                     script = # bash

     

       166
       166
       -
                       ''

     

       167
       167
       -
                         set -uo pipefail

     

       168
       168
       -
       

     

       169
       169
       -
                         closure="$(realpath /nixos-closure)"

     

       170
       170
       -
       

     

       171
       171
       -
                         metadata_image="$(${pkgs.chroot-realpath}/bin/chroot-realpath /sysroot "$closure/etc-metadata-image")"

     

       172
       172
       -
                         ln -s "/sysroot$metadata_image" /etc-metadata-image

     

       173
       173
       -
       

     

       174
       174
       -
                         basedir="$(${pkgs.chroot-realpath}/bin/chroot-realpath /sysroot "$closure/etc-basedir")"

     

       175
       175
       -
                         ln -s "/sysroot$basedir" /etc-basedir

     

       176
       176
       -
                       '';

     

       177
       160
        
                   };

     

       178
       161
        
                 }

     

       179
       162
        
               ];

+54

nixos/tests/activation/nixos-init.nix

···

       1
       1
       +
       { lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         name = "nixos-init";

     

       5
       5
       +
       

     

       6
       6
       +
         meta.maintainers = with lib.maintainers; [ nikstur ];

     

       7
       7
       +
       

     

       8
       8
       +
         nodes.machine =

     

       9
       9
       +
           { modulesPath, ... }:

     

       10
       10
       +
           {

     

       11
       11
       +
             imports = [

     

       12
       12
       +
               "${modulesPath}/profiles/perlless.nix"

     

       13
       13
       +
             ];

     

       14
       14
       +
             virtualisation.mountHostNixStore = false;

     

       15
       15
       +
             virtualisation.useNixStoreImage = true;

     

       16
       16
       +
       

     

       17
       17
       +
             system.nixos-init.enable = true;

     

       18
       18
       +
             # Forcibly set this to only these specific values.

     

       19
       19
       +
             boot.nixStoreMountOpts = lib.mkForce [

     

       20
       20
       +
               "nodev"

     

       21
       21
       +
               "nosuid"

     

       22
       22
       +
             ];

     

       23
       23
       +
           };

     

       24
       24
       +
       

     

       25
       25
       +
         testScript =

     

       26
       26
       +
           { nodes, ... }: # python

     

       27
       27
       +
           ''

     

       28
       28
       +
             with subtest("init"):

     

       29
       29
       +
               with subtest("/nix/store is mounted with the correct options"):

     

       30
       30
       +
                 findmnt_output = machine.succeed("findmnt --direction backward --first-only --noheadings --output OPTIONS /nix/store").strip()

     

       31
       31
       +
                 print(findmnt_output)

     

       32
       32
       +
                 t.assertIn("nodev", findmnt_output)

     

       33
       33
       +
                 t.assertIn("nosuid", findmnt_output)

     

       34
       34
       +
       

     

       35
       35
       +
               t.assertEqual("${nodes.machine.system.build.toplevel}", machine.succeed("readlink /run/booted-system").strip())

     

       36
       36
       +
       

     

       37
       37
       +
             with subtest("activation"):

     

       38
       38
       +
               t.assertEqual("${nodes.machine.system.build.toplevel}", machine.succeed("readlink /run/current-system").strip())

     

       39
       39
       +
               t.assertEqual("${nodes.machine.hardware.firmware}/lib/firmware", machine.succeed("cat /sys/module/firmware_class/parameters/path").strip())

     

       40
       40
       +
               t.assertEqual("${pkgs.kmod}/bin/modprobe", machine.succeed("cat /proc/sys/kernel/modprobe").strip())

     

       41
       41
       +
               t.assertEqual("${nodes.machine.environment.usrbinenv}", machine.succeed("readlink /usr/bin/env").strip())

     

       42
       42
       +
               t.assertEqual("${nodes.machine.environment.binsh}", machine.succeed("readlink /bin/sh").strip())

     

       43
       43
       +
       

     

       44
       44
       +
             machine.wait_for_unit("multi-user.target")

     

       45
       45
       +
             with subtest("systemd state passing"):

     

       46
       46
       +
               systemd_analyze_output = machine.succeed("systemd-analyze")

     

       47
       47
       +
               print(systemd_analyze_output)

     

       48
       48
       +
               t.assertIn("(initrd)", systemd_analyze_output, "systemd-analyze has no information about the initrd")

     

       49
       49
       +
       

     

       50
       50
       +
               ps_output = machine.succeed("ps ax -o command | grep systemd | head -n 1")

     

       51
       51
       +
               print(ps_output)

     

       52
       52
       +
               t.assertIn("--deserialize", ps_output, "--deserialize flag wasn't passed to systemd")

     

       53
       53
       +
           '';

     

       54
       54
       +
       }

nixos/tests/all-tests.nix

···

       190
       190
        
         activation-etc-overlay-mutable = runTest ./activation/etc-overlay-mutable.nix;

     

       191
       191
        
         activation-lib = pkgs.callPackage ../modules/system/activation/lib/test.nix { };

     

       192
       192
        
         activation-nix-channel = runTest ./activation/nix-channel.nix;

     

       193
       193
       +
         activation-nixos-init = runTest ./activation/nixos-init.nix;

     

       193
       194
        
         activation-perlless = runTest ./activation/perlless.nix;

     

       194
       195
        
         activation-var = runTest ./activation/var.nix;

     

       195
       196
        
         actual = runTest ./actual.nix;

+1 -1

nixos/tests/installer.nix

···

       774
       774
        
                         config.boot.bootspec.package

     

       775
       775
        
                       ]

     

       776
       776
        
                       ++ optionals clevisTest [ pkgs.klibc ]

     

       777
       777
       -
                       ++ optional systemdStage1 pkgs.chroot-realpath;

     

       777
       777
       +
                       ++ optional systemdStage1 config.system.nixos-init.package;

     

       778
       778
        
       

     

       779
       779
        
                     nix.settings = {

     

       780
       780
        
                       substituters = mkForce [ ];

-21

pkgs/by-name/ch/chroot-realpath/package.nix

···

       1
       1
       -
       {

     

       2
       2
       -
         lib,

     

       3
       3
       -
         rustPlatform,

     

       4
       4
       -
       }:

     

       5
       5
       -
       

     

       6
       6
       -
       let

     

       7
       7
       -
         cargo = lib.importTOML ./src/Cargo.toml;

     

       8
       8
       -
       in

     

       9
       9
       -
       rustPlatform.buildRustPackage {

     

       10
       10
       -
         pname = cargo.package.name;

     

       11
       11
       -
         version = cargo.package.version;

     

       12
       12
       -
       

     

       13
       13
       -
         src = ./src;

     

       14
       14
       -
       

     

       15
       15
       -
         cargoLock.lockFile = ./src/Cargo.lock;

     

       16
       16
       -
       

     

       17
       17
       -
         meta = {

     

       18
       18
       -
           description = "Output a path's realpath within a chroot";

     

       19
       19
       -
           maintainers = [ lib.maintainers.elvishjerricco ];

     

       20
       20
       -
         };

     

       21
       21
       -
       }

-16

pkgs/by-name/ch/chroot-realpath/src/Cargo.lock

···

       1
       1
       -
       # This file is automatically @generated by Cargo.

     

       2
       2
       -
       # It is not intended for manual editing.

     

       3
       3
       -
       version = 4

     

       4
       4
       -
       

     

       5
       5
       -
       [[package]]

     

       6
       6
       -
       name = "anyhow"

     

       7
       7
       -
       version = "1.0.98"

     

       8
       8
       -
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       9
       9
       -
       checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"

     

       10
       10
       -
       

     

       11
       11
       -
       [[package]]

     

       12
       12
       -
       name = "chroot-realpath"

     

       13
       13
       -
       version = "0.1.0"

     

       14
       14
       -
       dependencies = [

     

       15
       15
       -
        "anyhow",

     

       16
       16
       -
       ]

-10

pkgs/by-name/ch/chroot-realpath/src/Cargo.toml

···

       1
       1
       -
       [package]

     

       2
       2
       -
       name = "chroot-realpath"

     

       3
       3
       -
       version = "0.1.0"

     

       4
       4
       -
       edition = "2021"

     

       5
       5
       -
       

     

       6
       6
       -
       [dependencies]

     

       7
       7
       -
       anyhow = "1.0.98"

     

       8
       8
       -
       

     

       9
       9
       -
       [profile.release]

     

       10
       10
       -
       opt-level = "z"

-26

pkgs/by-name/ch/chroot-realpath/src/src/main.rs

···

       1
       1
       -
       use std::env;

     

       2
       2
       -
       use std::io::{stdout, Write};

     

       3
       3
       -
       use std::os::unix::ffi::OsStrExt;

     

       4
       4
       -
       use std::os::unix::fs;

     

       5
       5
       -
       

     

       6
       6
       -
       use anyhow::{bail, Context, Result};

     

       7
       7
       -
       

     

       8
       8
       -
       fn main() -> Result<()> {

     

       9
       9
       -
           let args: Vec<String> = env::args().collect();

     

       10
       10
       -
       

     

       11
       11
       -
           if args.len() != 3 {

     

       12
       12
       -
               bail!("Usage: {} <chroot> <path>", args[0]);

     

       13
       13
       -
           }

     

       14
       14
       -
       

     

       15
       15
       -
           fs::chroot(&args[1]).context("Failed to chroot")?;

     

       16
       16
       -
           std::env::set_current_dir("/").context("Failed to change directory")?;

     

       17
       17
       -
       

     

       18
       18
       -
           let path = std::fs::canonicalize(&args[2])

     

       19
       19
       -
               .with_context(|| format!("Failed to canonicalize {}", args[2]))?;

     

       20
       20
       -
       

     

       21
       21
       -
           stdout()

     

       22
       22
       -
               .write_all(path.into_os_string().as_bytes())

     

       23
       23
       -
               .context("Failed to write output")?;

     

       24
       24
       -
       

     

       25
       25
       -
           Ok(())

     

       26
       26
       -
       }

pkgs/by-name/ni/nixos-init/.gitignore

···

       1
       1
       +
       .direnv/

     

       2
       2
       +
       result*

     

       3
       3
       +
       

     

       4
       4
       +
       # Rust

     

       5
       5
       +
       **/*.rs.bk # These are backup files generated by rustfmt

     

       6
       6
       +
       target/

+312

pkgs/by-name/ni/nixos-init/Cargo.lock

···

       1
       1
       +
       # This file is automatically @generated by Cargo.

     

       2
       2
       +
       # It is not intended for manual editing.

     

       3
       3
       +
       version = 4

     

       4
       4
       +
       

     

       5
       5
       +
       [[package]]

     

       6
       6
       +
       name = "anyhow"

     

       7
       7
       +
       version = "1.0.98"

     

       8
       8
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       9
       9
       +
       checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"

     

       10
       10
       +
       

     

       11
       11
       +
       [[package]]

     

       12
       12
       +
       name = "bitflags"

     

       13
       13
       +
       version = "2.9.1"

     

       14
       14
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       15
       15
       +
       checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"

     

       16
       16
       +
       

     

       17
       17
       +
       [[package]]

     

       18
       18
       +
       name = "cfg-if"

     

       19
       19
       +
       version = "1.0.1"

     

       20
       20
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       21
       21
       +
       checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"

     

       22
       22
       +
       

     

       23
       23
       +
       [[package]]

     

       24
       24
       +
       name = "env_filter"

     

       25
       25
       +
       version = "0.1.3"

     

       26
       26
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       27
       27
       +
       checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0"

     

       28
       28
       +
       dependencies = [

     

       29
       29
       +
        "log",

     

       30
       30
       +
       ]

     

       31
       31
       +
       

     

       32
       32
       +
       [[package]]

     

       33
       33
       +
       name = "env_logger"

     

       34
       34
       +
       version = "0.11.8"

     

       35
       35
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       36
       36
       +
       checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f"

     

       37
       37
       +
       dependencies = [

     

       38
       38
       +
        "env_filter",

     

       39
       39
       +
        "log",

     

       40
       40
       +
       ]

     

       41
       41
       +
       

     

       42
       42
       +
       [[package]]

     

       43
       43
       +
       name = "errno"

     

       44
       44
       +
       version = "0.3.13"

     

       45
       45
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       46
       46
       +
       checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad"

     

       47
       47
       +
       dependencies = [

     

       48
       48
       +
        "libc",

     

       49
       49
       +
        "windows-sys 0.60.2",

     

       50
       50
       +
       ]

     

       51
       51
       +
       

     

       52
       52
       +
       [[package]]

     

       53
       53
       +
       name = "fastrand"

     

       54
       54
       +
       version = "2.3.0"

     

       55
       55
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       56
       56
       +
       checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"

     

       57
       57
       +
       

     

       58
       58
       +
       [[package]]

     

       59
       59
       +
       name = "getrandom"

     

       60
       60
       +
       version = "0.3.3"

     

       61
       61
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       62
       62
       +
       checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"

     

       63
       63
       +
       dependencies = [

     

       64
       64
       +
        "cfg-if",

     

       65
       65
       +
        "libc",

     

       66
       66
       +
        "r-efi",

     

       67
       67
       +
        "wasi",

     

       68
       68
       +
       ]

     

       69
       69
       +
       

     

       70
       70
       +
       [[package]]

     

       71
       71
       +
       name = "indoc"

     

       72
       72
       +
       version = "2.0.6"

     

       73
       73
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       74
       74
       +
       checksum = "f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd"

     

       75
       75
       +
       

     

       76
       76
       +
       [[package]]

     

       77
       77
       +
       name = "libc"

     

       78
       78
       +
       version = "0.2.174"

     

       79
       79
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       80
       80
       +
       checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"

     

       81
       81
       +
       

     

       82
       82
       +
       [[package]]

     

       83
       83
       +
       name = "linux-raw-sys"

     

       84
       84
       +
       version = "0.9.4"

     

       85
       85
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       86
       86
       +
       checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12"

     

       87
       87
       +
       

     

       88
       88
       +
       [[package]]

     

       89
       89
       +
       name = "log"

     

       90
       90
       +
       version = "0.4.27"

     

       91
       91
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       92
       92
       +
       checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"

     

       93
       93
       +
       

     

       94
       94
       +
       [[package]]

     

       95
       95
       +
       name = "nixos-init"

     

       96
       96
       +
       version = "0.1.0"

     

       97
       97
       +
       dependencies = [

     

       98
       98
       +
        "anyhow",

     

       99
       99
       +
        "env_logger",

     

       100
       100
       +
        "indoc",

     

       101
       101
       +
        "log",

     

       102
       102
       +
        "tempfile",

     

       103
       103
       +
       ]

     

       104
       104
       +
       

     

       105
       105
       +
       [[package]]

     

       106
       106
       +
       name = "once_cell"

     

       107
       107
       +
       version = "1.21.3"

     

       108
       108
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       109
       109
       +
       checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"

     

       110
       110
       +
       

     

       111
       111
       +
       [[package]]

     

       112
       112
       +
       name = "r-efi"

     

       113
       113
       +
       version = "5.3.0"

     

       114
       114
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       115
       115
       +
       checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"

     

       116
       116
       +
       

     

       117
       117
       +
       [[package]]

     

       118
       118
       +
       name = "rustix"

     

       119
       119
       +
       version = "1.0.8"

     

       120
       120
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       121
       121
       +
       checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8"

     

       122
       122
       +
       dependencies = [

     

       123
       123
       +
        "bitflags",

     

       124
       124
       +
        "errno",

     

       125
       125
       +
        "libc",

     

       126
       126
       +
        "linux-raw-sys",

     

       127
       127
       +
        "windows-sys 0.60.2",

     

       128
       128
       +
       ]

     

       129
       129
       +
       

     

       130
       130
       +
       [[package]]

     

       131
       131
       +
       name = "tempfile"

     

       132
       132
       +
       version = "3.20.0"

     

       133
       133
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       134
       134
       +
       checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1"

     

       135
       135
       +
       dependencies = [

     

       136
       136
       +
        "fastrand",

     

       137
       137
       +
        "getrandom",

     

       138
       138
       +
        "once_cell",

     

       139
       139
       +
        "rustix",

     

       140
       140
       +
        "windows-sys 0.59.0",

     

       141
       141
       +
       ]

     

       142
       142
       +
       

     

       143
       143
       +
       [[package]]

     

       144
       144
       +
       name = "wasi"

     

       145
       145
       +
       version = "0.14.2+wasi-0.2.4"

     

       146
       146
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       147
       147
       +
       checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"

     

       148
       148
       +
       dependencies = [

     

       149
       149
       +
        "wit-bindgen-rt",

     

       150
       150
       +
       ]

     

       151
       151
       +
       

     

       152
       152
       +
       [[package]]

     

       153
       153
       +
       name = "windows-link"

     

       154
       154
       +
       version = "0.1.3"

     

       155
       155
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       156
       156
       +
       checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"

     

       157
       157
       +
       

     

       158
       158
       +
       [[package]]

     

       159
       159
       +
       name = "windows-sys"

     

       160
       160
       +
       version = "0.59.0"

     

       161
       161
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       162
       162
       +
       checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"

     

       163
       163
       +
       dependencies = [

     

       164
       164
       +
        "windows-targets 0.52.6",

     

       165
       165
       +
       ]

     

       166
       166
       +
       

     

       167
       167
       +
       [[package]]

     

       168
       168
       +
       name = "windows-sys"

     

       169
       169
       +
       version = "0.60.2"

     

       170
       170
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       171
       171
       +
       checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"

     

       172
       172
       +
       dependencies = [

     

       173
       173
       +
        "windows-targets 0.53.3",

     

       174
       174
       +
       ]

     

       175
       175
       +
       

     

       176
       176
       +
       [[package]]

     

       177
       177
       +
       name = "windows-targets"

     

       178
       178
       +
       version = "0.52.6"

     

       179
       179
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       180
       180
       +
       checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"

     

       181
       181
       +
       dependencies = [

     

       182
       182
       +
        "windows_aarch64_gnullvm 0.52.6",

     

       183
       183
       +
        "windows_aarch64_msvc 0.52.6",

     

       184
       184
       +
        "windows_i686_gnu 0.52.6",

     

       185
       185
       +
        "windows_i686_gnullvm 0.52.6",

     

       186
       186
       +
        "windows_i686_msvc 0.52.6",

     

       187
       187
       +
        "windows_x86_64_gnu 0.52.6",

     

       188
       188
       +
        "windows_x86_64_gnullvm 0.52.6",

     

       189
       189
       +
        "windows_x86_64_msvc 0.52.6",

     

       190
       190
       +
       ]

     

       191
       191
       +
       

     

       192
       192
       +
       [[package]]

     

       193
       193
       +
       name = "windows-targets"

     

       194
       194
       +
       version = "0.53.3"

     

       195
       195
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       196
       196
       +
       checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"

     

       197
       197
       +
       dependencies = [

     

       198
       198
       +
        "windows-link",

     

       199
       199
       +
        "windows_aarch64_gnullvm 0.53.0",

     

       200
       200
       +
        "windows_aarch64_msvc 0.53.0",

     

       201
       201
       +
        "windows_i686_gnu 0.53.0",

     

       202
       202
       +
        "windows_i686_gnullvm 0.53.0",

     

       203
       203
       +
        "windows_i686_msvc 0.53.0",

     

       204
       204
       +
        "windows_x86_64_gnu 0.53.0",

     

       205
       205
       +
        "windows_x86_64_gnullvm 0.53.0",

     

       206
       206
       +
        "windows_x86_64_msvc 0.53.0",

     

       207
       207
       +
       ]

     

       208
       208
       +
       

     

       209
       209
       +
       [[package]]

     

       210
       210
       +
       name = "windows_aarch64_gnullvm"

     

       211
       211
       +
       version = "0.52.6"

     

       212
       212
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       213
       213
       +
       checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"

     

       214
       214
       +
       

     

       215
       215
       +
       [[package]]

     

       216
       216
       +
       name = "windows_aarch64_gnullvm"

     

       217
       217
       +
       version = "0.53.0"

     

       218
       218
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       219
       219
       +
       checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"

     

       220
       220
       +
       

     

       221
       221
       +
       [[package]]

     

       222
       222
       +
       name = "windows_aarch64_msvc"

     

       223
       223
       +
       version = "0.52.6"

     

       224
       224
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       225
       225
       +
       checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"

     

       226
       226
       +
       

     

       227
       227
       +
       [[package]]

     

       228
       228
       +
       name = "windows_aarch64_msvc"

     

       229
       229
       +
       version = "0.53.0"

     

       230
       230
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       231
       231
       +
       checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"

     

       232
       232
       +
       

     

       233
       233
       +
       [[package]]

     

       234
       234
       +
       name = "windows_i686_gnu"

     

       235
       235
       +
       version = "0.52.6"

     

       236
       236
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       237
       237
       +
       checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"

     

       238
       238
       +
       

     

       239
       239
       +
       [[package]]

     

       240
       240
       +
       name = "windows_i686_gnu"

     

       241
       241
       +
       version = "0.53.0"

     

       242
       242
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       243
       243
       +
       checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3"

     

       244
       244
       +
       

     

       245
       245
       +
       [[package]]

     

       246
       246
       +
       name = "windows_i686_gnullvm"

     

       247
       247
       +
       version = "0.52.6"

     

       248
       248
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       249
       249
       +
       checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"

     

       250
       250
       +
       

     

       251
       251
       +
       [[package]]

     

       252
       252
       +
       name = "windows_i686_gnullvm"

     

       253
       253
       +
       version = "0.53.0"

     

       254
       254
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       255
       255
       +
       checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"

     

       256
       256
       +
       

     

       257
       257
       +
       [[package]]

     

       258
       258
       +
       name = "windows_i686_msvc"

     

       259
       259
       +
       version = "0.52.6"

     

       260
       260
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       261
       261
       +
       checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"

     

       262
       262
       +
       

     

       263
       263
       +
       [[package]]

     

       264
       264
       +
       name = "windows_i686_msvc"

     

       265
       265
       +
       version = "0.53.0"

     

       266
       266
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       267
       267
       +
       checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"

     

       268
       268
       +
       

     

       269
       269
       +
       [[package]]

     

       270
       270
       +
       name = "windows_x86_64_gnu"

     

       271
       271
       +
       version = "0.52.6"

     

       272
       272
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       273
       273
       +
       checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"

     

       274
       274
       +
       

     

       275
       275
       +
       [[package]]

     

       276
       276
       +
       name = "windows_x86_64_gnu"

     

       277
       277
       +
       version = "0.53.0"

     

       278
       278
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       279
       279
       +
       checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"

     

       280
       280
       +
       

     

       281
       281
       +
       [[package]]

     

       282
       282
       +
       name = "windows_x86_64_gnullvm"

     

       283
       283
       +
       version = "0.52.6"

     

       284
       284
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       285
       285
       +
       checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"

     

       286
       286
       +
       

     

       287
       287
       +
       [[package]]

     

       288
       288
       +
       name = "windows_x86_64_gnullvm"

     

       289
       289
       +
       version = "0.53.0"

     

       290
       290
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       291
       291
       +
       checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"

     

       292
       292
       +
       

     

       293
       293
       +
       [[package]]

     

       294
       294
       +
       name = "windows_x86_64_msvc"

     

       295
       295
       +
       version = "0.52.6"

     

       296
       296
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       297
       297
       +
       checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"

     

       298
       298
       +
       

     

       299
       299
       +
       [[package]]

     

       300
       300
       +
       name = "windows_x86_64_msvc"

     

       301
       301
       +
       version = "0.53.0"

     

       302
       302
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       303
       303
       +
       checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"

     

       304
       304
       +
       

     

       305
       305
       +
       [[package]]

     

       306
       306
       +
       name = "wit-bindgen-rt"

     

       307
       307
       +
       version = "0.39.0"

     

       308
       308
       +
       source = "registry+https://github.com/rust-lang/crates.io-index"

     

       309
       309
       +
       checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"

     

       310
       310
       +
       dependencies = [

     

       311
       311
       +
        "bitflags",

     

       312
       312
       +
       ]

+27

pkgs/by-name/ni/nixos-init/Cargo.toml

···

       1
       1
       +
       [package]

     

       2
       2
       +
       name = "nixos-init"

     

       3
       3
       +
       version = "0.1.0"

     

       4
       4
       +
       edition = "2024"

     

       5
       5
       +
       

     

       6
       6
       +
       [dependencies]

     

       7
       7
       +
       anyhow = "1.0.98"

     

       8
       8
       +
       log = "0.4.27"

     

       9
       9
       +
       env_logger = { version = "0.11.8", default-features = false }

     

       10
       10
       +
       

     

       11
       11
       +
       [dev-dependencies]

     

       12
       12
       +
       tempfile = "3.20.0"

     

       13
       13
       +
       indoc = "2.0.6"

     

       14
       14
       +
       

     

       15
       15
       +
       [profile.release]

     

       16
       16
       +
       opt-level = "z"

     

       17
       17
       +
       panic = "abort"

     

       18
       18
       +
       lto = true

     

       19
       19
       +
       strip = true

     

       20
       20
       +
       

     

       21
       21
       +
       [lints.rust]

     

       22
       22
       +
       unsafe_code = "forbid"

     

       23
       23
       +
       

     

       24
       24
       +
       [lints.clippy]

     

       25
       25
       +
       all = { level = "deny" }

     

       26
       26
       +
       pedantic = { level = "deny" }

     

       27
       27
       +
       missing_errors_doc = { level = "allow", priority = 1 }

+67

pkgs/by-name/ni/nixos-init/README.md

···

       1
       1
       +
       # `nixos-init`

     

       2
       2
       +
       

     

       3
       3
       +
       A system for the initialization of NixOS.

     

       4
       4
       +
       

     

       5
       5
       +
       The most important task of `nixos-init` is to work around the constraints of the

     

       6
       6
       +
       Filesystem Hierarchy Standard (FHS) that are imposed by other tools (most

     

       7
       7
       +
       importantly systemd itself).

     

       8
       8
       +
       

     

       9
       9
       +
       The primary design principle is to do the minimal work required to start

     

       10
       10
       +
       systemd. Everything that can be done later SHOULD be done later (i.e. after

     

       11
       11
       +
       systemd has already started). This isn't controversial either, this is the

     

       12
       12
       +
       basic principle behind initrds in the first place.

     

       13
       13
       +
       

     

       14
       14
       +
       Adding functionality to this init should be done with care and only when

     

       15
       15
       +
       strictly necessary. It should always be a last resort. It is explicitly not

     

       16
       16
       +
       designed to be extended dynamically by downstream users of NixOS.

     

       17
       17
       +
       

     

       18
       18
       +
       The goal of `nixos-init` is to eventually entirely replace

     

       19
       19
       +
       `system.activationScripts` for booting, enable bashless activation and

     

       20
       20
       +
       ultimately make NixOS overall more

     

       21
       21
       +
       robust.

     

       22
       22
       +
       

     

       23
       23
       +
       ## Reasoning

     

       24
       24
       +
       

     

       25
       25
       +
       - We already have a native API that can be used to easily extend the system

     

       26
       26
       +
         (`systemd.services`). This is in all ways superior to the stringified and

     

       27
       27
       +
         sequential nature of `system.activationScripts`.

     

       28
       28
       +
       - For the remaining functionality, a fully fledged programming language makes

     

       29
       29
       +
         writing correct software easier and should improve the quality of the NixOS

     

       30
       30
       +
         boot code.

     

       31
       31
       +
       - Most things can be started much later than one might assume. Because systemd

     

       32
       32
       +
         services are parallelized, this should improve start up time.

     

       33
       33
       +
       

     

       34
       34
       +
       ## Invariants

     

       35
       35
       +
       

     

       36
       36
       +
       For now, this does not try to replace all uses of `system.activationScripts`.

     

       37
       37
       +
       For the first iteration it only tries to offer an alternative to the

     

       38
       38
       +
       prepare-root in the systemd initrd.

     

       39
       39
       +
       

     

       40
       40
       +
       It never intends to improve or replace scripted initrd. Scripted initrd is

     

       41
       41
       +
       being phased out, supporting it is out of scope.

     

       42
       42
       +
       

     

       43
       43
       +
       ## Components

     

       44
       44
       +
       

     

       45
       45
       +
       `nixos-init` consists of a few components split into separate entrypoints.

     

       46
       46
       +
       However, these are not separate binaries but a single multicall binary. This

     

       47
       47
       +
       allows us to re-use the libc of the main binary and thus reduce the size of the

     

       48
       48
       +
       closure. Currently nixos-init comes in at ~500 KiB.

     

       49
       49
       +
       

     

       50
       50
       +
       - `initrd-init`: Initializes the system on boot, setting up the tree for

     

       51
       51
       +
         systemd to start.

     

       52
       52
       +
       - `find-etc`: Finds the `/etc` paths in `/sysroot` so that the initrd doesn't

     

       53
       53
       +
         directly depend on the toplevel reducing the need to rebuild the initrd on

     

       54
       54
       +
         every generation.

     

       55
       55
       +
       - `chroot-realpath`: Figures out the canonical path inside a chroot.

     

       56
       56
       +
       

     

       57
       57
       +
       ## Future

     

       58
       58
       +
       

     

       59
       59
       +
       Current usages of `activationScripts`:

     

       60
       60
       +
       

     

       61
       61
       +
       1. Initialization of the system

     

       62
       62
       +
         1.1. In initrd

     

       63
       63
       +
         1.2. As PID 1 if there is no initrd (e.g. for containers or cloud VMs).

     

       64
       64
       +
       2. Re-activation of the system via switch-to-configuration.

     

       65
       65
       +
       3. Installation of a system with `nixos-enter` (chroot).

     

       66
       66
       +
       

     

       67
       67
       +
       Currently, `nixos-init` only addresses 1.1. At least 1.2 is also in scope.

+64

pkgs/by-name/ni/nixos-init/package.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         rustPlatform,

     

       4
       4
       +
         clippy,

     

       5
       5
       +
         rustfmt,

     

       6
       6
       +
         nixosTests,

     

       7
       7
       +
       }:

     

       8
       8
       +
       

     

       9
       9
       +
       let

     

       10
       10
       +
         cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);

     

       11
       11
       +
       in

     

       12
       12
       +
       rustPlatform.buildRustPackage (finalAttrs: {

     

       13
       13
       +
         pname = cargoToml.package.name;

     

       14
       14
       +
         inherit (cargoToml.package) version;

     

       15
       15
       +
       

     

       16
       16
       +
         __structuredAttrs = true;

     

       17
       17
       +
       

     

       18
       18
       +
         src = lib.sourceFilesBySuffices ./. [

     

       19
       19
       +
           ".rs"

     

       20
       20
       +
           ".toml"

     

       21
       21
       +
           ".lock"

     

       22
       22
       +
         ];

     

       23
       23
       +
       

     

       24
       24
       +
         cargoLock = {

     

       25
       25
       +
           lockFile = ./Cargo.lock;

     

       26
       26
       +
         };

     

       27
       27
       +
       

     

       28
       28
       +
         stripAllList = [ "bin" ];

     

       29
       29
       +
       

     

       30
       30
       +
         passthru.tests = {

     

       31
       31
       +
           lint-format = finalAttrs.finalPackage.overrideAttrs (

     

       32
       32
       +
             _: previousAttrs: {

     

       33
       33
       +
               pname = previousAttrs.pname + "-lint-format";

     

       34
       34
       +
               nativeCheckInputs = (previousAttrs.nativeCheckInputs or [ ]) ++ [

     

       35
       35
       +
                 clippy

     

       36
       36
       +
                 rustfmt

     

       37
       37
       +
               ];

     

       38
       38
       +
               checkPhase = ''

     

       39
       39
       +
                 cargo clippy

     

       40
       40
       +
                 cargo fmt --check

     

       41
       41
       +
               '';

     

       42
       42
       +
             }

     

       43
       43
       +
           );

     

       44
       44
       +
           inherit (nixosTests) activation-nixos-init;

     

       45
       45
       +
         };

     

       46
       46
       +
       

     

       47
       47
       +
         binaries = [

     

       48
       48
       +
           "initrd-init"

     

       49
       49
       +
           "find-etc"

     

       50
       50
       +
           "chroot-realpath"

     

       51
       51
       +
         ];

     

       52
       52
       +
       

     

       53
       53
       +
         postInstall = ''

     

       54
       54
       +
           for binary in "''${binaries[@]}"; do

     

       55
       55
       +
             ln -s $out/bin/nixos-init $out/bin/$binary

     

       56
       56
       +
           done

     

       57
       57
       +
         '';

     

       58
       58
       +
       

     

       59
       59
       +
         meta = {

     

       60
       60
       +
           license = lib.licenses.mit;

     

       61
       61
       +
           maintainers = with lib.maintainers; [ nikstur ];

     

       62
       62
       +
           platforms = lib.platforms.linux;

     

       63
       63
       +
         };

     

       64
       64
       +
       })

+101

pkgs/by-name/ni/nixos-init/src/activate.rs

···

       1
       1
       +
       use std::{fs, path::Path};

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result};

     

       4
       4
       +
       

     

       5
       5
       +
       use crate::{config::Config, fs::atomic_symlink};

     

       6
       6
       +
       

     

       7
       7
       +
       /// Activate the system.

     

       8
       8
       +
       ///

     

       9
       9
       +
       /// This runs both during boot and during re-activation initiated by switch-to-configuration.

     

       10
       10
       +
       pub fn activate(prefix: &str, toplevel: impl AsRef<Path>, config: &Config) -> Result<()> {

     

       11
       11
       +
           log::info!("Setting up /run/current-system...");

     

       12
       12
       +
           atomic_symlink(&toplevel, format!("{prefix}/run/current-system"))?;

     

       13
       13
       +
       

     

       14
       14
       +
           log::info!("Setting up modprobe...");

     

       15
       15
       +
           setup_modprobe(&config.modprobe_binary)?;

     

       16
       16
       +
       

     

       17
       17
       +
           log::info!("Setting up firmware search paths...");

     

       18
       18
       +
           setup_firmware_search_path(&config.firmware)?;

     

       19
       19
       +
       

     

       20
       20
       +
           if let Some(env_path) = &config.env_binary {

     

       21
       21
       +
               log::info!("Setting up /usr/bin/env...");

     

       22
       22
       +
               setup_usrbinenv(prefix, env_path)?;

     

       23
       23
       +
           } else {

     

       24
       24
       +
               log::info!("No env binary provided. Not setting up /usr/bin/env.");

     

       25
       25
       +
           }

     

       26
       26
       +
       

     

       27
       27
       +
           if let Some(sh_path) = &config.sh_binary {

     

       28
       28
       +
               log::info!("Setting up /bin/sh...");

     

       29
       29
       +
               setup_binsh(prefix, sh_path)?;

     

       30
       30
       +
           } else {

     

       31
       31
       +
               log::info!("No sh binary provided. Not setting up /bin/sh.");

     

       32
       32
       +
           }

     

       33
       33
       +
       

     

       34
       34
       +
           Ok(())

     

       35
       35
       +
       }

     

       36
       36
       +
       

     

       37
       37
       +
       /// Setup modprobe so that the kernel can find the wrapped binary.

     

       38
       38
       +
       ///

     

       39
       39
       +
       /// See <https://docs.kernel.org/admin-guide/sysctl/kernel.html#modprobe>

     

       40
       40
       +
       fn setup_modprobe(modprobe_binary: impl AsRef<Path>) -> Result<()> {

     

       41
       41
       +
           // This uses the procfs setup in the initrd, which is fine because it points to the same kernel

     

       42
       42
       +
           // a procfs in a chroot would.

     

       43
       43
       +
           const MODPROBE_PATH: &str = "/proc/sys/kernel/modprobe";

     

       44
       44
       +
       

     

       45
       45
       +
           fs::write(

     

       46
       46
       +
               MODPROBE_PATH,

     

       47
       47
       +
               modprobe_binary.as_ref().as_os_str().as_encoded_bytes(),

     

       48
       48
       +
           )

     

       49
       49
       +
           .with_context(|| {

     

       50
       50
       +
               format!(

     

       51
       51
       +
                   "Failed to populate modprobe path with {}",

     

       52
       52
       +
                   modprobe_binary.as_ref().display()

     

       53
       53
       +
               )

     

       54
       54
       +
           })?;

     

       55
       55
       +
           Ok(())

     

       56
       56
       +
       }

     

       57
       57
       +
       

     

       58
       58
       +
       /// Setup the firmware search path so that the kernel can find the firmware.

     

       59
       59
       +
       ///

     

       60
       60
       +
       /// See <https://www.kernel.org/doc/html/latest/driver-api/firmware/fw_search_path.html>

     

       61
       61
       +
       fn setup_firmware_search_path(firmware: impl AsRef<Path>) -> Result<()> {

     

       62
       62
       +
           // This uses the sysfs setup in the initrd, which is fine because it points to the same kernel

     

       63
       63
       +
           // a procfs in a chroot would.

     

       64
       64
       +
           const FIRMWARE_SERCH_PATH: &str = "/sys/module/firmware_class/parameters/path";

     

       65
       65
       +
       

     

       66
       66
       +
           if Path::new(FIRMWARE_SERCH_PATH).exists() {

     

       67
       67
       +
               fs::write(

     

       68
       68
       +
                   FIRMWARE_SERCH_PATH,

     

       69
       69
       +
                   firmware.as_ref().as_os_str().as_encoded_bytes(),

     

       70
       70
       +
               )

     

       71
       71
       +
               .with_context(|| {

     

       72
       72
       +
                   format!(

     

       73
       73
       +
                       "Failed to populate firmware search path with {}",

     

       74
       74
       +
                       firmware.as_ref().display()

     

       75
       75
       +
                   )

     

       76
       76
       +
               })?;

     

       77
       77
       +
           }

     

       78
       78
       +
       

     

       79
       79
       +
           Ok(())

     

       80
       80
       +
       }

     

       81
       81
       +
       

     

       82
       82
       +
       /// Setup `/usr/bin/env`.

     

       83
       83
       +
       ///

     

       84
       84
       +
       /// We have to setup `/usr` for `NixOS` to work.

     

       85
       85
       +
       ///

     

       86
       86
       +
       /// We do this here accidentally. `/usr/bin/env` is currently load-bearing for `NixOS`.

     

       87
       87
       +
       fn setup_usrbinenv(prefix: &str, env_binary: impl AsRef<Path>) -> Result<()> {

     

       88
       88
       +
           const USRBINENV_PATH: &str = "/usr/bin/env";

     

       89
       89
       +
       

     

       90
       90
       +
           fs::create_dir_all(format!("{prefix}/usr/bin")).context("Failed to create /usr/bin")?;

     

       91
       91
       +
           atomic_symlink(&env_binary, format!("{prefix}{USRBINENV_PATH}"))

     

       92
       92
       +
       }

     

       93
       93
       +
       

     

       94
       94
       +
       /// Setup /bin/sh.

     

       95
       95
       +
       ///

     

       96
       96
       +
       /// `/bin/sh` is an essential part of a Linux system as this path is hardcoded in the `system()` call

     

       97
       97
       +
       /// from libc. See `man systemd(3)`.

     

       98
       98
       +
       fn setup_binsh(prefix: &str, sh_binary: impl AsRef<Path>) -> Result<()> {

     

       99
       99
       +
           const BINSH_PATH: &str = "/bin/sh";

     

       100
       100
       +
           atomic_symlink(&sh_binary, format!("{prefix}{BINSH_PATH}"))

     

       101
       101
       +
       }

+52

pkgs/by-name/ni/nixos-init/src/chroot_realpath.rs

···

       1
       1
       +
       use std::{

     

       2
       2
       +
           env,

     

       3
       3
       +
           io::{Write, stdout},

     

       4
       4
       +
           os::unix::ffi::OsStrExt,

     

       5
       5
       +
           os::unix::fs,

     

       6
       6
       +
           path::{Path, PathBuf},

     

       7
       7
       +
           process::Command,

     

       8
       8
       +
       };

     

       9
       9
       +
       

     

       10
       10
       +
       use anyhow::{Context, Result, bail};

     

       11
       11
       +
       

     

       12
       12
       +
       /// Canonicalize `path` in a chroot at the specified `root`.

     

       13
       13
       +
       pub fn canonicalize_in_chroot(root: &str, path: &Path) -> Result<PathBuf> {

     

       14
       14
       +
           let output = Command::new("chroot-realpath")

     

       15
       15
       +
               .arg(root)

     

       16
       16
       +
               .arg(path.as_os_str())

     

       17
       17
       +
               .output()

     

       18
       18
       +
               .context("Failed to run chroot-realpath. Most likely, the binary is not on PATH")?;

     

       19
       19
       +
       

     

       20
       20
       +
           if !output.status.success() {

     

       21
       21
       +
               bail!(

     

       22
       22
       +
                   "chroot-realpath exited unsuccessfully: {}",

     

       23
       23
       +
                   String::from_utf8_lossy(&output.stderr)

     

       24
       24
       +
               );

     

       25
       25
       +
           }

     

       26
       26
       +
       

     

       27
       27
       +
           let output =

     

       28
       28
       +
               String::from_utf8(output.stdout).context("Failed to decode stdout of chroot-realpath")?;

     

       29
       29
       +
       

     

       30
       30
       +
           Ok(PathBuf::from(&output))

     

       31
       31
       +
       }

     

       32
       32
       +
       

     

       33
       33
       +
       /// Entrypoint for the `chroot-realpath` binary.

     

       34
       34
       +
       pub fn chroot_realpath() -> Result<()> {

     

       35
       35
       +
           let args: Vec<String> = env::args().collect();

     

       36
       36
       +
       

     

       37
       37
       +
           if args.len() != 3 {

     

       38
       38
       +
               bail!("Usage: {} <chroot> <path>", args[0]);

     

       39
       39
       +
           }

     

       40
       40
       +
       

     

       41
       41
       +
           fs::chroot(&args[1]).context("Failed to chroot")?;

     

       42
       42
       +
           std::env::set_current_dir("/").context("Failed to change directory")?;

     

       43
       43
       +
       

     

       44
       44
       +
           let path = std::fs::canonicalize(&args[2])

     

       45
       45
       +
               .with_context(|| format!("Failed to canonicalize {}", args[2]))?;

     

       46
       46
       +
       

     

       47
       47
       +
           stdout()

     

       48
       48
       +
               .write_all(path.into_os_string().as_bytes())

     

       49
       49
       +
               .context("Failed to write output")?;

     

       50
       50
       +
       

     

       51
       51
       +
           Ok(())

     

       52
       52
       +
       }

+43

pkgs/by-name/ni/nixos-init/src/config.rs

···

       1
       1
       +
       use std::env;

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result};

     

       4
       4
       +
       

     

       5
       5
       +
       pub struct Config {

     

       6
       6
       +
           pub firmware: String,

     

       7
       7
       +
           pub modprobe_binary: String,

     

       8
       8
       +
           pub nix_store_mount_opts: Vec<String>,

     

       9
       9
       +
           pub env_binary: Option<String>,

     

       10
       10
       +
           pub sh_binary: Option<String>,

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       impl Config {

     

       14
       14
       +
           /// Read the config from the environment.

     

       15
       15
       +
           ///

     

       16
       16
       +
           /// These options are provided by wrapping the binary when assembling the toplevel.

     

       17
       17
       +
           pub fn from_env() -> Result<Self> {

     

       18
       18
       +
               let nix_store_mount_opts = required("NIX_STORE_MOUNT_OPTS")?

     

       19
       19
       +
                   .split(',')

     

       20
       20
       +
                   .map(std::borrow::ToOwned::to_owned)

     

       21
       21
       +
                   .collect();

     

       22
       22
       +
       

     

       23
       23
       +
               Ok(Self {

     

       24
       24
       +
                   firmware: required("FIRMWARE")?,

     

       25
       25
       +
                   modprobe_binary: required("MODPROBE_BINARY")?,

     

       26
       26
       +
                   nix_store_mount_opts,

     

       27
       27
       +
                   env_binary: optional("ENV_BINARY"),

     

       28
       28
       +
                   sh_binary: optional("SH_BINARY"),

     

       29
       29
       +
               })

     

       30
       30
       +
           }

     

       31
       31
       +
       }

     

       32
       32
       +
       

     

       33
       33
       +
       /// Read a required environment variable

     

       34
       34
       +
       ///

     

       35
       35
       +
       /// Fail with useful context if the variable is not set in the environment.

     

       36
       36
       +
       fn required(key: &str) -> Result<String> {

     

       37
       37
       +
           env::var(key).with_context(|| format!("Failed to read {key} from environment"))

     

       38
       38
       +
       }

     

       39
       39
       +
       

     

       40
       40
       +
       /// Read an optional environment variable

     

       41
       41
       +
       fn optional(key: &str) -> Option<String> {

     

       42
       42
       +
           env::var(key).ok()

     

       43
       43
       +
       }

+31

pkgs/by-name/ni/nixos-init/src/find_etc.rs

···

       1
       1
       +
       use std::{os::unix, path::Path};

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result};

     

       4
       4
       +
       

     

       5
       5
       +
       use crate::{SYSROOT_PATH, canonicalize_in_chroot, find_toplevel_in_prefix};

     

       6
       6
       +
       

     

       7
       7
       +
       /// Entrypoint for the `find-etc` binary.

     

       8
       8
       +
       ///

     

       9
       9
       +
       /// Find the etc related paths in /sysroot.

     

       10
       10
       +
       ///

     

       11
       11
       +
       /// This avoids needing a reference to the toplevel embedded in the initrd and thus reduces the

     

       12
       12
       +
       /// need to re-build it.

     

       13
       13
       +
       pub fn find_etc() -> Result<()> {

     

       14
       14
       +
           let toplevel = find_toplevel_in_prefix(SYSROOT_PATH)?;

     

       15
       15
       +
       

     

       16
       16
       +
           let etc_metadata_image = Path::new(SYSROOT_PATH).join(

     

       17
       17
       +
               canonicalize_in_chroot(SYSROOT_PATH, &toplevel.join("etc-metadata-image"))?

     

       18
       18
       +
                   .strip_prefix("/")?,

     

       19
       19
       +
           );

     

       20
       20
       +
       

     

       21
       21
       +
           let etc_basedir = Path::new(SYSROOT_PATH).join(

     

       22
       22
       +
               canonicalize_in_chroot(SYSROOT_PATH, &toplevel.join("etc-basedir"))?.strip_prefix("/")?,

     

       23
       23
       +
           );

     

       24
       24
       +
       

     

       25
       25
       +
           unix::fs::symlink(etc_metadata_image, "/etc-metadata-image")

     

       26
       26
       +
               .context("Failed to link /etc-metadata-image")?;

     

       27
       27
       +
       

     

       28
       28
       +
           unix::fs::symlink(etc_basedir, "/etc-basedir").context("Failed to link /etc-basedir")?;

     

       29
       29
       +
       

     

       30
       30
       +
           Ok(())

     

       31
       31
       +
       }

+50

pkgs/by-name/ni/nixos-init/src/fs.rs

···

       1
       1
       +
       use std::{fs, path::Path};

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result, anyhow};

     

       4
       4
       +
       

     

       5
       5
       +
       /// Atomically symlink a file.

     

       6
       6
       +
       ///

     

       7
       7
       +
       /// This will first symlink the original to a temporary path with a `.tmp` suffix and then move the

     

       8
       8
       +
       /// symlink to its actual path.

     

       9
       9
       +
       /// The temporary and actual paths are located in the same directory, which is created if it does

     

       10
       10
       +
       /// not exist.

     

       11
       11
       +
       pub fn atomic_symlink(original: impl AsRef<Path>, link: impl AsRef<Path>) -> Result<()> {

     

       12
       12
       +
           let mut i = 0;

     

       13
       13
       +
       

     

       14
       14
       +
           let tmp_path = loop {

     

       15
       15
       +
               let parent = link

     

       16
       16
       +
                   .as_ref()

     

       17
       17
       +
                   .parent()

     

       18
       18
       +
                   .ok_or(anyhow!("Failed to determine parent of {:?}", link.as_ref()))?;

     

       19
       19
       +
               if !parent.exists() {

     

       20
       20
       +
                   std::fs::create_dir(parent)?;

     

       21
       21
       +
               }

     

       22
       22
       +
       

     

       23
       23
       +
               let mut tmp_path = link.as_ref().as_os_str().to_os_string();

     

       24
       24
       +
               tmp_path.push(format!(".tmp{i}"));

     

       25
       25
       +
       

     

       26
       26
       +
               let res = std::os::unix::fs::symlink(&original, &tmp_path);

     

       27
       27
       +
               match res {

     

       28
       28
       +
                   Ok(()) => break tmp_path,

     

       29
       29
       +
                   Err(err) => {

     

       30
       30
       +
                       if err.kind() != std::io::ErrorKind::AlreadyExists {

     

       31
       31
       +
                           return Err(err).context(format!(

     

       32
       32
       +
                               "Failed to symlink to temporary file {}",

     

       33
       33
       +
                               tmp_path.display()

     

       34
       34
       +
                           ));

     

       35
       35
       +
                       }

     

       36
       36
       +
                   }

     

       37
       37
       +
               }

     

       38
       38
       +
               i += 1;

     

       39
       39
       +
           };

     

       40
       40
       +
       

     

       41
       41
       +
           fs::rename(&tmp_path, &link).with_context(|| {

     

       42
       42
       +
               format!(

     

       43
       43
       +
                   "Failed to rename {} to {}",

     

       44
       44
       +
                   tmp_path.display(),

     

       45
       45
       +
                   link.as_ref().display()

     

       46
       46
       +
               )

     

       47
       47
       +
           })?;

     

       48
       48
       +
       

     

       49
       49
       +
           Ok(())

     

       50
       50
       +
       }

+106

pkgs/by-name/ni/nixos-init/src/init.rs

···

       1
       1
       +
       use std::{fs, os::unix::fs::PermissionsExt, path::Path, process::Command};

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result};

     

       4
       4
       +
       

     

       5
       5
       +
       use crate::{activate::activate, config::Config, fs::atomic_symlink, proc_mounts::Mounts};

     

       6
       6
       +
       

     

       7
       7
       +
       const NIX_STORE_PATH: &str = "/nix/store";

     

       8
       8
       +
       

     

       9
       9
       +
       fn prefixed_store_path(prefix: &str) -> String {

     

       10
       10
       +
           format!("{prefix}{NIX_STORE_PATH}")

     

       11
       11
       +
       }

     

       12
       12
       +
       

     

       13
       13
       +
       /// Initialize the system in a prefix.

     

       14
       14
       +
       ///

     

       15
       15
       +
       /// This is done only once during the boot of the system.

     

       16
       16
       +
       ///

     

       17
       17
       +
       /// It is not designed to be re-executed during the lifetime of a system boot cycle.

     

       18
       18
       +
       pub fn init(prefix: &str, toplevel: impl AsRef<Path>, config: &Config) -> Result<()> {

     

       19
       19
       +
           log::info!("Setting up /nix/store permissions...");

     

       20
       20
       +
           setup_nix_store_permissions(prefix);

     

       21
       21
       +
       

     

       22
       22
       +
           log::info!("Remounting /nix/store with the correct options...");

     

       23
       23
       +
           remount_nix_store(prefix, &config.nix_store_mount_opts)?;

     

       24
       24
       +
       

     

       25
       25
       +
           log::info!("Setting up /run/booted-system...");

     

       26
       26
       +
           atomic_symlink(&toplevel, format!("{prefix}/run/booted-system"))?;

     

       27
       27
       +
       

     

       28
       28
       +
           log::info!("Activating the system...");

     

       29
       29
       +
           activate(prefix, toplevel, config)?;

     

       30
       30
       +
       

     

       31
       31
       +
           Ok(())

     

       32
       32
       +
       }

     

       33
       33
       +
       

     

       34
       34
       +
       /// Set up the correct permissions for the Nix Store.

     

       35
       35
       +
       ///

     

       36
       36
       +
       /// Gracefully fail if they cannot be changed to accommodate read-only filesystems.

     

       37
       37
       +
       fn setup_nix_store_permissions(prefix: &str) {

     

       38
       38
       +
           const ROOT_UID: u32 = 0;

     

       39
       39
       +
           const NIXBUILD_GID: u32 = 0;

     

       40
       40
       +
           const NIX_STORE_MODE: u32 = 0o1775;

     

       41
       41
       +
       

     

       42
       42
       +
           let nix_store_path = prefixed_store_path(prefix);

     

       43
       43
       +
       

     

       44
       44
       +
           std::os::unix::fs::chown(&nix_store_path, Some(ROOT_UID), Some(NIXBUILD_GID)).ok();

     

       45
       45
       +
           fs::metadata(&nix_store_path)

     

       46
       46
       +
               .map(|metadata| {

     

       47
       47
       +
                   let mut permissions = metadata.permissions();

     

       48
       48
       +
                   permissions.set_mode(NIX_STORE_MODE);

     

       49
       49
       +
               })

     

       50
       50
       +
               .ok();

     

       51
       51
       +
       }

     

       52
       52
       +
       

     

       53
       53
       +
       /// Remount the Nix Store in a prefix with the provided options.

     

       54
       54
       +
       fn remount_nix_store(prefix: &str, nix_store_mount_opts: &[String]) -> Result<()> {

     

       55
       55
       +
           let nix_store_path = prefixed_store_path(prefix);

     

       56
       56
       +
       

     

       57
       57
       +
           let mut missing_opts = Vec::new();

     

       58
       58
       +
           let mounts = Mounts::parse_from_proc_mounts()?;

     

       59
       59
       +
       

     

       60
       60
       +
           if let Some(last_nix_store_mount) = mounts.find_mountpoint(&nix_store_path) {

     

       61
       61
       +
               for opt in nix_store_mount_opts {

     

       62
       62
       +
                   if !last_nix_store_mount.mntopts.contains(opt) {

     

       63
       63
       +
                       missing_opts.push(opt.to_string());

     

       64
       64
       +
                   }

     

       65
       65
       +
               }

     

       66
       66
       +
               if !missing_opts.is_empty() {

     

       67
       67
       +
                   log::info!(

     

       68
       68
       +
                       "/nix/store is missing mount options: {}.",

     

       69
       69
       +
                       missing_opts.join(",")

     

       70
       70
       +
                   );

     

       71
       71
       +
               }

     

       72
       72
       +
           } else {

     

       73
       73
       +
               log::info!("/nix/store is not a mountpoint.");

     

       74
       74
       +
               missing_opts.extend_from_slice(nix_store_mount_opts);

     

       75
       75
       +
           }

     

       76
       76
       +
       

     

       77
       77
       +
           if !missing_opts.is_empty() {

     

       78
       78
       +
               log::info!("Remounting /nix/store with {}...", missing_opts.join(","));

     

       79
       79
       +
       

     

       80
       80
       +
               mount(&["--bind", &nix_store_path, &nix_store_path])?;

     

       81
       81
       +
               mount(&[

     

       82
       82
       +
                   "-o",

     

       83
       83
       +
                   &format!("remount,bind,{}", missing_opts.join(",")),

     

       84
       84
       +
                   &nix_store_path,

     

       85
       85
       +
               ])?;

     

       86
       86
       +
           }

     

       87
       87
       +
       

     

       88
       88
       +
           Ok(())

     

       89
       89
       +
       }

     

       90
       90
       +
       

     

       91
       91
       +
       /// Call `mount` with the provided `args`.

     

       92
       92
       +
       fn mount(args: &[&str]) -> Result<()> {

     

       93
       93
       +
           let output = Command::new("mount")

     

       94
       94
       +
               .args(args)

     

       95
       95
       +
               .output()

     

       96
       96
       +
               .context("Failed to run mount. Most likely, the binary is not on PATH")?;

     

       97
       97
       +
       

     

       98
       98
       +
           if !output.status.success() {

     

       99
       99
       +
               return Err(anyhow::anyhow!(

     

       100
       100
       +
                   "mount executed unsuccessfully: {}",

     

       101
       101
       +
                   String::from_utf8_lossy(&output.stdout)

     

       102
       102
       +
               ));

     

       103
       103
       +
           }

     

       104
       104
       +
       

     

       105
       105
       +
           Ok(())

     

       106
       106
       +
       }

+26

pkgs/by-name/ni/nixos-init/src/initrd_init.rs

···

       1
       1
       +
       use anyhow::{Context, Result};

     

       2
       2
       +
       

     

       3
       3
       +
       use crate::{

     

       4
       4
       +
           SYSROOT_PATH, config::Config, find_init_in_prefix, init, switch_root, verify_init_is_nixos,

     

       5
       5
       +
       };

     

       6
       6
       +
       

     

       7
       7
       +
       /// Entrypoint for the `initrd-bin` binary.

     

       8
       8
       +
       ///

     

       9
       9
       +
       /// Initialize `NixOS` from a systemd initrd.

     

       10
       10
       +
       pub fn initrd_init() -> Result<()> {

     

       11
       11
       +
           let config = Config::from_env().context("Failed to get configuration")?;

     

       12
       12
       +
           let init_in_sysroot =

     

       13
       13
       +
               find_init_in_prefix(SYSROOT_PATH).context("Failed to find init in sysroot")?;

     

       14
       14
       +
       

     

       15
       15
       +
           let init_path = if let Ok(toplevel) = verify_init_is_nixos(SYSROOT_PATH, &init_in_sysroot) {

     

       16
       16
       +
               log::info!("Initializing NixOS...");

     

       17
       17
       +
               init(SYSROOT_PATH, toplevel, &config)?;

     

       18
       18
       +
               None

     

       19
       19
       +
           } else {

     

       20
       20
       +
               log::info!("Not initializing NixOS. Switching to new root immediately...");

     

       21
       21
       +
               Some(init_in_sysroot)

     

       22
       22
       +
           };

     

       23
       23
       +
       

     

       24
       24
       +
           switch_root(init_path)?;

     

       25
       25
       +
           Ok(())

     

       26
       26
       +
       }

+128

pkgs/by-name/ni/nixos-init/src/lib.rs

···

       1
       1
       +
       mod activate;

     

       2
       2
       +
       mod chroot_realpath;

     

       3
       3
       +
       mod config;

     

       4
       4
       +
       mod find_etc;

     

       5
       5
       +
       mod fs;

     

       6
       6
       +
       mod init;

     

       7
       7
       +
       mod initrd_init;

     

       8
       8
       +
       mod proc_mounts;

     

       9
       9
       +
       mod switch_root;

     

       10
       10
       +
       

     

       11
       11
       +
       use std::path::{Path, PathBuf};

     

       12
       12
       +
       

     

       13
       13
       +
       use anyhow::{Context, Result, bail};

     

       14
       14
       +
       

     

       15
       15
       +
       pub use crate::{

     

       16
       16
       +
           activate::activate,

     

       17
       17
       +
           chroot_realpath::{canonicalize_in_chroot, chroot_realpath},

     

       18
       18
       +
           find_etc::find_etc,

     

       19
       19
       +
           init::init,

     

       20
       20
       +
           initrd_init::initrd_init,

     

       21
       21
       +
           switch_root::switch_root,

     

       22
       22
       +
       };

     

       23
       23
       +
       

     

       24
       24
       +
       pub const SYSROOT_PATH: &str = "/sysroot";

     

       25
       25
       +
       

     

       26
       26
       +
       /// Find the path to the toplevel closure of the system in a prefix.

     

       27
       27
       +
       ///

     

       28
       28
       +
       /// Uses the `init=` parameter on the kernel command-line.

     

       29
       29
       +
       ///

     

       30
       30
       +
       /// Returns the relative path of the init to the prefix, e.g. without the `/sysroot` prefix.

     

       31
       31
       +
       pub fn find_toplevel_in_prefix(prefix: &str) -> Result<PathBuf> {

     

       32
       32
       +
           let init_in_sysroot = find_init_in_prefix(prefix)?;

     

       33
       33
       +
           verify_init_is_nixos(prefix, init_in_sysroot)

     

       34
       34
       +
       }

     

       35
       35
       +
       

     

       36
       36
       +
       /// Verify that an init path is inside a `NixOS` toplevel directory.

     

       37
       37
       +
       ///

     

       38
       38
       +
       /// If the path is verified, returns the path to the toplevel.

     

       39
       39
       +
       ///

     

       40
       40
       +
       /// Check for the file `nixos-version` inside the toplevel to verify.

     

       41
       41
       +
       ///

     

       42
       42
       +
       /// # Errors

     

       43
       43
       +
       ///

     

       44
       44
       +
       /// If the init is not inside a `NixOS` toplevel return an error.

     

       45
       45
       +
       pub fn verify_init_is_nixos(prefix: &str, path: impl AsRef<Path>) -> Result<PathBuf> {

     

       46
       46
       +
           let toplevel = path

     

       47
       47
       +
               .as_ref()

     

       48
       48
       +
               .parent()

     

       49
       49
       +
               .map(Path::to_path_buf)

     

       50
       50
       +
               .context("Provided init= is not in a directory")?;

     

       51
       51
       +
       

     

       52
       52
       +
           let stripped_toplevel = toplevel

     

       53
       53
       +
               .strip_prefix("/")

     

       54
       54
       +
               .with_context(|| format!("Failed to strip / from {}", toplevel.display()))?;

     

       55
       55
       +
       

     

       56
       56
       +
           let nixos_version_in_prefix = Path::new(prefix)

     

       57
       57
       +
               .join(stripped_toplevel)

     

       58
       58
       +
               .join("nixos-version");

     

       59
       59
       +
       

     

       60
       60
       +
           if !nixos_version_in_prefix

     

       61
       61
       +
               .try_exists()

     

       62
       62
       +
               .context("Failed to check whether nixos-version exists in toplevel")?

     

       63
       63
       +
           {

     

       64
       64
       +
               bail!(

     

       65
       65
       +
                   "Failed to verify init {} is inside a NixOS toplevel",

     

       66
       66
       +
                   path.as_ref().display()

     

       67
       67
       +
               )

     

       68
       68
       +
           }

     

       69
       69
       +
           Ok(toplevel)

     

       70
       70
       +
       }

     

       71
       71
       +
       

     

       72
       72
       +
       /// Find the canonical path of the init in a prefix.

     

       73
       73
       +
       ///

     

       74
       74
       +
       /// Uses the `init=` parameter on the kernel command-line.

     

       75
       75
       +
       ///

     

       76
       76
       +
       /// Returns the relative path of the init to the prefix, e.g. without the `/sysroot` prefix.

     

       77
       77
       +
       pub fn find_init_in_prefix(prefix: &str) -> Result<PathBuf> {

     

       78
       78
       +
           let cmdline = std::fs::read_to_string("/proc/cmdline")?;

     

       79
       79
       +
           let init = extract_init(&cmdline)?;

     

       80
       80
       +
           let canonicalized_init = canonicalize_in_chroot(prefix, &init)?;

     

       81
       81
       +
           log::info!("Found init: {}.", canonicalized_init.display());

     

       82
       82
       +
           Ok(canonicalized_init)

     

       83
       83
       +
       }

     

       84
       84
       +
       

     

       85
       85
       +
       /// Extract the value of the `init` parameter from the given kernel `cmdline`.

     

       86
       86
       +
       fn extract_init(cmdline: &str) -> Result<PathBuf> {

     

       87
       87
       +
           let init_params: Vec<&str> = cmdline

     

       88
       88
       +
               .split_ascii_whitespace()

     

       89
       89
       +
               .filter(|p| p.starts_with("init="))

     

       90
       90
       +
               .collect();

     

       91
       91
       +
       

     

       92
       92
       +
           if init_params.len() != 1 {

     

       93
       93
       +
               bail!("Expected exactly one init param on kernel cmdline: {cmdline}")

     

       94
       94
       +
           }

     

       95
       95
       +
       

     

       96
       96
       +
           let init = init_params

     

       97
       97
       +
               .first()

     

       98
       98
       +
               .and_then(|s| s.split('=').next_back())

     

       99
       99
       +
               .context("Failed to extract init path from kernel cmdline: {cmdline}")?;

     

       100
       100
       +
       

     

       101
       101
       +
           Ok(PathBuf::from(init))

     

       102
       102
       +
       }

     

       103
       103
       +
       

     

       104
       104
       +
       #[cfg(test)]

     

       105
       105
       +
       mod tests {

     

       106
       106
       +
           use super::*;

     

       107
       107
       +
       

     

       108
       108
       +
           use std::fs;

     

       109
       109
       +
       

     

       110
       110
       +
           use tempfile::tempdir;

     

       111
       111
       +
       

     

       112
       112
       +
           #[test]

     

       113
       113
       +
           fn test_verify_init_is_nixos() -> Result<()> {

     

       114
       114
       +
               let prefix = tempdir()?;

     

       115
       115
       +
               let toplevel = prefix.path().join("toplevel");

     

       116
       116
       +
               fs::create_dir(&toplevel)?;

     

       117
       117
       +
       

     

       118
       118
       +
               let init = &toplevel.join("init");

     

       119
       119
       +
               fs::write(init, "init")?;

     

       120
       120
       +
       

     

       121
       121
       +
               let nixos_version = toplevel.join("nixos-version");

     

       122
       122
       +
               fs::write(&nixos_version, "25.11")?;

     

       123
       123
       +
       

     

       124
       124
       +
               verify_init_is_nixos(prefix.path().to_str().unwrap(), "/toplevel/init")?;

     

       125
       125
       +
       

     

       126
       126
       +
               Ok(())

     

       127
       127
       +
           }

     

       128
       128
       +
       }

+54

pkgs/by-name/ni/nixos-init/src/main.rs

···

       1
       1
       +
       use std::{env, io::Write, process::ExitCode};

     

       2
       2
       +
       

     

       3
       3
       +
       use log::Level;

     

       4
       4
       +
       

     

       5
       5
       +
       use nixos_init::{chroot_realpath, find_etc, initrd_init};

     

       6
       6
       +
       

     

       7
       7
       +
       fn main() -> ExitCode {

     

       8
       8
       +
           let arg0 = env::args()

     

       9
       9
       +
               .next()

     

       10
       10
       +
               .and_then(|c| c.split('/').next_back().map(std::borrow::ToOwned::to_owned))

     

       11
       11
       +
               .expect("Failed to retrieve name of binary");

     

       12
       12
       +
       

     

       13
       13
       +
           setup_logger();

     

       14
       14
       +
           let entrypoint = match arg0.as_str() {

     

       15
       15
       +
               "find-etc" => find_etc,

     

       16
       16
       +
               "chroot-realpath" => chroot_realpath,

     

       17
       17
       +
               "initrd-init" => initrd_init,

     

       18
       18
       +
               _ => {

     

       19
       19
       +
                   log::error!("Command {arg0} unknown");

     

       20
       20
       +
                   return ExitCode::FAILURE;

     

       21
       21
       +
               }

     

       22
       22
       +
           };

     

       23
       23
       +
       

     

       24
       24
       +
           match entrypoint() {

     

       25
       25
       +
               Ok(()) => ExitCode::SUCCESS,

     

       26
       26
       +
               Err(err) => {

     

       27
       27
       +
                   log::error!("{err:#}.");

     

       28
       28
       +
                   ExitCode::FAILURE

     

       29
       29
       +
               }

     

       30
       30
       +
           }

     

       31
       31
       +
       }

     

       32
       32
       +
       

     

       33
       33
       +
       // Setup the logger to use the kernel's `printk()` scheme.

     

       34
       34
       +
       //

     

       35
       35
       +
       // This way, systemd can interpret the levels correctly.

     

       36
       36
       +
       fn setup_logger() {

     

       37
       37
       +
           let env = env_logger::Env::default().filter_or("LOG_LEVEL", "info");

     

       38
       38
       +
       

     

       39
       39
       +
           env_logger::Builder::from_env(env)

     

       40
       40
       +
               .format(|buf, record| {

     

       41
       41
       +
                   writeln!(

     

       42
       42
       +
                       buf,

     

       43
       43
       +
                       "<{}>{}",

     

       44
       44
       +
                       match record.level() {

     

       45
       45
       +
                           Level::Error => 3,

     

       46
       46
       +
                           Level::Warn => 4,

     

       47
       47
       +
                           Level::Info => 6,

     

       48
       48
       +
                           Level::Debug | Level::Trace => 7,

     

       49
       49
       +
                       },

     

       50
       50
       +
                       record.args()

     

       51
       51
       +
                   )

     

       52
       52
       +
               })

     

       53
       53
       +
               .init();

     

       54
       54
       +
       }

+103

pkgs/by-name/ni/nixos-init/src/proc_mounts.rs

···

       1
       1
       +
       use std::fs;

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result};

     

       4
       4
       +
       

     

       5
       5
       +
       pub struct Mounts {

     

       6
       6
       +
           inner: Vec<Mount>,

     

       7
       7
       +
       }

     

       8
       8
       +
       

     

       9
       9
       +
       #[derive(Debug)]

     

       10
       10
       +
       pub struct Mount {

     

       11
       11
       +
           _spec: String,

     

       12
       12
       +
           file: String,

     

       13
       13
       +
           _vfstype: String,

     

       14
       14
       +
           pub mntopts: MntOpts,

     

       15
       15
       +
       }

     

       16
       16
       +
       

     

       17
       17
       +
       #[derive(Debug)]

     

       18
       18
       +
       pub struct MntOpts {

     

       19
       19
       +
           inner: Vec<String>,

     

       20
       20
       +
       }

     

       21
       21
       +
       

     

       22
       22
       +
       impl Mounts {

     

       23
       23
       +
           pub fn parse_from_proc_mounts() -> Result<Self> {

     

       24
       24
       +
               let proc_mounts =

     

       25
       25
       +
                   fs::read_to_string("/proc/mounts").context("Failed to read /proc/mounts")?;

     

       26
       26
       +
               Self::parse(&proc_mounts)

     

       27
       27
       +
           }

     

       28
       28
       +
       

     

       29
       29
       +
           fn parse(s: &str) -> Result<Self> {

     

       30
       30
       +
               let mut inner = Vec::new();

     

       31
       31
       +
               for line in s.lines() {

     

       32
       32
       +
                   let mut split = line.split_whitespace();

     

       33
       33
       +
                   let mount = Mount {

     

       34
       34
       +
                       _spec: split.next().context("Failed to parse spec")?.to_string(),

     

       35
       35
       +
                       file: split.next().context("Failed to parse file")?.to_string(),

     

       36
       36
       +
                       _vfstype: split.next().context("Failed to parse vfstype")?.to_string(),

     

       37
       37
       +
                       mntopts: MntOpts::parse(split.next().context("Failed to parse mntopts")?),

     

       38
       38
       +
                   };

     

       39
       39
       +
                   inner.push(mount);

     

       40
       40
       +
               }

     

       41
       41
       +
               Ok(Self { inner })

     

       42
       42
       +
           }

     

       43
       43
       +
       

     

       44
       44
       +
           pub fn find_mountpoint(&self, mountpoint: &str) -> Option<&Mount> {

     

       45
       45
       +
               self.inner.iter().rev().find(|m| m.file == mountpoint)

     

       46
       46
       +
           }

     

       47
       47
       +
       }

     

       48
       48
       +
       

     

       49
       49
       +
       impl MntOpts {

     

       50
       50
       +
           fn parse(s: &str) -> Self {

     

       51
       51
       +
               let mut vec = Vec::new();

     

       52
       52
       +
               for sp in s.split(',') {

     

       53
       53
       +
                   vec.push(sp.to_string());

     

       54
       54
       +
               }

     

       55
       55
       +
       

     

       56
       56
       +
               Self { inner: vec }

     

       57
       57
       +
           }

     

       58
       58
       +
       

     

       59
       59
       +
           pub fn contains(&self, s: &str) -> bool {

     

       60
       60
       +
               self.inner.contains(&s.to_string())

     

       61
       61
       +
           }

     

       62
       62
       +
       }

     

       63
       63
       +
       

     

       64
       64
       +
       #[cfg(test)]

     

       65
       65
       +
       mod tests {

     

       66
       66
       +
           use super::*;

     

       67
       67
       +
       

     

       68
       68
       +
           use indoc::indoc;

     

       69
       69
       +
       

     

       70
       70
       +
           #[test]

     

       71
       71
       +
           fn test_proc_mounts_parsing() -> Result<()> {

     

       72
       72
       +
               let s = indoc! {r"

     

       73
       73
       +
                   /dev/mapper/root / btrfs rw,noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ 0 0

     

       74
       74
       +
                   tmpfs /run tmpfs rw,nosuid,nodev,size=15350916k,nr_inodes=819200,mode=755 0 0

     

       75
       75
       +
                   devtmpfs /dev devtmpfs rw,nosuid,size=3070184k,nr_inodes=7671201,mode=755 0 0

     

       76
       76
       +
                   devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=3,mode=620,ptmxmode=666 0 0

     

       77
       77
       +
                   tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0

     

       78
       78
       +
                   proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0

     

       79
       79
       +
                   ramfs /run/keys ramfs rw,nosuid,nodev,relatime,mode=750 0 0

     

       80
       80
       +
                   sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0

     

       81
       81
       +
                   /dev/mapper/root /nix/store btrfs ro,nosuid,nodev,noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=5,subvol=/ 0 0

     

       82
       82
       +
                   securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0

     

       83
       83
       +
                   cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0

     

       84
       84
       +
                   none /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0

     

       85
       85
       +
                   efivarfs /sys/firmware/efi/efivars efivarfs rw,nosuid,nodev,noexec,relatime 0 0

     

       86
       86
       +
                   bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0

     

       87
       87
       +
                   hugetlbfs /dev/hugepages hugetlbfs rw,nosuid,nodev,relatime,pagesize=2M 0 0

     

       88
       88
       +
                   mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0

     

       89
       89
       +
                   debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0

     

       90
       90
       +
                   tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0

     

       91
       91
       +
               "};

     

       92
       92
       +
       

     

       93
       93
       +
               let mounts = Mounts::parse(s)?;

     

       94
       94
       +
               if let Some(nix_store_mount) = mounts.find_mountpoint("/nix/store") {

     

       95
       95
       +
                   println!("{nix_store_mount:?}");

     

       96
       96
       +
                   println!("{:?}", nix_store_mount.mntopts);

     

       97
       97
       +
                   assert!(nix_store_mount.mntopts.contains("ro"));

     

       98
       98
       +
                   assert!(!nix_store_mount.mntopts.contains("no"));

     

       99
       99
       +
               }

     

       100
       100
       +
       

     

       101
       101
       +
               Ok(())

     

       102
       102
       +
           }

     

       103
       103
       +
       }

+35

pkgs/by-name/ni/nixos-init/src/switch_root.rs

···

       1
       1
       +
       use std::{io::Write, path::PathBuf, process::Command};

     

       2
       2
       +
       

     

       3
       3
       +
       use anyhow::{Context, Result, bail};

     

       4
       4
       +
       

     

       5
       5
       +
       use crate::SYSROOT_PATH;

     

       6
       6
       +
       

     

       7
       7
       +
       /// Switch root from initrd.

     

       8
       8
       +
       ///

     

       9
       9
       +
       /// If the provided init is `None`, systemd is used as the next init.

     

       10
       10
       +
       pub fn switch_root(init: Option<PathBuf>) -> Result<()> {

     

       11
       11
       +
           log::info!("Switching root to {SYSROOT_PATH}...");

     

       12
       12
       +
       

     

       13
       13
       +
           let mut cmd = Command::new("systemctl");

     

       14
       14
       +
           cmd.arg("--no-block").arg("switch-root").arg(SYSROOT_PATH);

     

       15
       15
       +
       

     

       16
       16
       +
           if let Some(init) = init {

     

       17
       17
       +
               log::info!("Using init {}.", init.display());

     

       18
       18
       +
               cmd.arg(init);

     

       19
       19
       +
           } else {

     

       20
       20
       +
               log::info!("Using built-in systemd as init.");

     

       21
       21
       +
               cmd.arg("");

     

       22
       22
       +
           }

     

       23
       23
       +
       

     

       24
       24
       +
           let output = cmd

     

       25
       25
       +
               .output()

     

       26
       26
       +
               .context("Failed to run systemctl switch-root. Most likely the binary is not on PATH")?;

     

       27
       27
       +
       

     

       28
       28
       +
           let _ = std::io::stderr().write_all(&output.stderr);

     

       29
       29
       +
       

     

       30
       30
       +
           if !output.status.success() {

     

       31
       31
       +
               bail!("systemctl switch-root exited unsuccessfully");

     

       32
       32
       +
           }

     

       33
       33
       +
       

     

       34
       34
       +
           Ok(())

     

       35
       35
       +
       }