pyrox.dev / nixpkgs
lol
fork atom

nixos-install: Make compatible with Nix 2.0

The use of Nix 2.0 significantly simplifies the installer, since we
can just pass a different store URI (--store /mnt) - it's no longer
needed to set up a chroot environment for the build, and to bootstrap
Nix into the chroot.

Also, commands that need to run in the installation (namely boot
loader installation and setting a root password) are now executed
using nixos-enter.

This also removes the need for nixos-prepare-root since any required
initialisation is done by Nix or by the activation script.

Eelco Dolstra e88f2896 60cb2300

options
unified split
Changed files
+61 -139
nixos
doc
manual
development
testing-installer.xml
modules
installer
tools
nixos-install.sh
tools.nix
+4 -2
nixos/doc/manual/development/testing-installer.xml 
···

       
11

       
11

       
 

       
properly:


     

       
12

       
12

       
 

       



     

       
13

       
13

       
 

       
<screen>


     

       
14

       

       
-

       
$ nix-build -A config.system.build.nixos-install


     

       
15

       
14

       
 

       
# mount -t tmpfs none /mnt


     

       

       
15

       
+

       
# nixos-generate-config --root /mnt


     

       

       
16

       
+

       
$ nix-build '&lt;nixpkgs/nixos>' -A config.system.build.nixos-install


     

       
16

       
17

       
 

       
# ./result/bin/nixos-install</screen>


     

       
17

       
18

       
 

       



     

       
18

       
19

       
 

       
To start a login shell in the new NixOS installation in


     

       
19

       
20

       
 

       
<filename>/mnt</filename>:


     

       
20

       
21

       
 

       



     

       
21

       
22

       
 

       
<screen>


     

       
22

       

       
-

       
# ./result/bin/nixos-install --chroot


     

       

       
23

       
+

       
$ nix-build '&lt;nixpkgs/nixos>' -A config.system.build.nixos-enter


     

       

       
24

       
+

       
# ./result/bin/nixos-enter


     

       
23

       
25

       
 

       
</screen>


     

       
24

       
26

       
 

       



     

       
25

       
27

       
 

       
</para>
+56 -127
nixos/modules/installer/tools/nixos-install.sh 
···

       
1

       
1

       
 

       
#! @shell@


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
# - make Nix store etc.


     

       
4

       

       
-

       
# - copy closure of Nix to target device


     

       
5

       

       
-

       
# - register validity


     

       
6

       

       
-

       
# - with a chroot to the target device:


     

       
7

       

       
-

       
#   * nix-env -p /nix/var/nix/profiles/system -i <nix-expr for the configuration>


     

       
8

       

       
-

       
#   * install the boot loader


     

       

       
3

       
+

       
set -e


     

       

       
4

       
+

       
shopt -s nullglob


     

       

       
5

       
+

       



     

       

       
6

       
+

       
export PATH=@path@:$PATH


     

       
9

       
7

       
 

       



     

       
10

       
8

       
 

       
# Ensure a consistent umask.


     

       
11

       
9

       
 

       
umask 0022


     

       
12

       
10

       
 

       



     

       
13

       

       
-

       
# Re-exec ourselves in a private mount namespace so that our bind


     

       
14

       

       
-

       
# mounts get cleaned up automatically.


     

       
15

       

       
-

       
if [ "$(id -u)" = 0 ]; then


     

       
16

       

       
-

       
    if [ -z "$NIXOS_INSTALL_REEXEC" ]; then


     

       
17

       

       
-

       
        export NIXOS_INSTALL_REEXEC=1


     

       
18

       

       
-

       
        exec unshare --mount --uts -- "$0" "$@"


     

       
19

       

       
-

       
    else


     

       
20

       

       
-

       
        mount --make-rprivate /


     

       
21

       

       
-

       
    fi


     

       
22

       

       
-

       
fi


     

       
23

       

       
-

       



     

       
24

       
11

       
 

       
# Parse the command line for the -I flag


     

       
25

       
12

       
 

       
extraBuildFlags=()


     

       
26

       

       
-

       
chrootCommand=(/run/current-system/sw/bin/bash)


     

       
27

       

       
-

       
buildUsersGroup="nixbld"


     

       

       
13

       
+

       



     

       

       
14

       
+

       
mountPoint=/mnt


     

       
28

       
15

       
 

       



     

       
29

       
16

       
 

       
while [ "$#" -gt 0 ]; do


     

       
30

       
17

       
 

       
    i="$1"; shift 1


     
···

       
42

       
29

       
 

       
            mountPoint="$1"; shift 1


     

       
43

       
30

       
 

       
            ;;


     

       
44

       
31

       
 

       
        --closure)


     

       
45

       

       
-

       
            closure="$1"; shift 1


     

       
46

       

       
-

       
            buildUsersGroup=""


     

       

       
32

       
+

       
            # FIXME: --closure is a misnomer


     

       

       
33

       
+

       
            system="$1"; shift 1


     

       
47

       
34

       
 

       
            ;;


     

       
48

       
35

       
 

       
        --no-channel-copy)


     

       
49

       
36

       
 

       
            noChannelCopy=1


     
···

       
57

       
44

       
 

       
        --show-trace)


     

       
58

       
45

       
 

       
            extraBuildFlags+=("$i")


     

       
59

       
46

       
 

       
            ;;


     

       
60

       

       
-

       
        --chroot)


     

       
61

       

       
-

       
            runChroot=1


     

       
62

       

       
-

       
            if [[ "$@" != "" ]]; then


     

       
63

       

       
-

       
                chrootCommand=("$@")


     

       
64

       

       
-

       
            fi


     

       
65

       

       
-

       
            break


     

       
66

       

       
-

       
            ;;


     

       
67

       
47

       
 

       
        --help)


     

       
68

       
48

       
 

       
            exec man nixos-install


     

       
69

       
49

       
 

       
            exit 1


     

       

       
50

       
+

       
            ;;


     

       

       
51

       
+

       
        --debug)


     

       

       
52

       
+

       
            set -x


     

       
70

       
53

       
 

       
            ;;


     

       
71

       
54

       
 

       
        *)


     

       
72

       
55

       
 

       
            echo "$0: unknown option \`$i'"


     
···

       
74

       
57

       
 

       
            ;;


     

       
75

       
58

       
 

       
    esac


     

       
76

       
59

       
 

       
done


     

       
77

       

       
-

       



     

       
78

       

       
-

       
set -e


     

       
79

       

       
-

       
shopt -s nullglob


     

       
80

       

       
-

       



     

       
81

       

       
-

       
if test -z "$mountPoint"; then


     

       
82

       

       
-

       
    mountPoint=/mnt


     

       
83

       

       
-

       
fi


     

       
84

       
60

       
 

       



     

       
85

       
61

       
 

       
if ! test -e "$mountPoint"; then


     

       
86

       
62

       
 

       
    echo "mount point $mountPoint doesn't exist"


     
···

       
88

       
64

       
 

       
fi


     

       
89

       
65

       
 

       



     

       
90

       
66

       
 

       
# Get the path of the NixOS configuration file.


     

       
91

       

       
-

       
if test -z "$NIXOS_CONFIG"; then


     

       
92

       

       
-

       
    NIXOS_CONFIG=/etc/nixos/configuration.nix


     

       

       
67

       
+

       
if [[ -z $NIXOS_CONFIG ]]; then


     

       

       
68

       
+

       
    NIXOS_CONFIG=$mountPoint/etc/nixos/configuration.nix


     

       
93

       
69

       
 

       
fi


     

       
94

       
70

       
 

       



     

       
95

       

       
-

       
if [ ! -e "$mountPoint/$NIXOS_CONFIG" ] && [ -z "$closure" ]; then


     

       
96

       

       
-

       
    echo "configuration file $mountPoint/$NIXOS_CONFIG doesn't exist"


     

       

       
71

       
+

       
if [[ ${NIXOS_CONFIG:0:1} != / ]]; then


     

       

       
72

       
+

       
    echo "$0: \$NIXOS_CONFIG is not an absolute path"


     

       
97

       
73

       
 

       
    exit 1


     

       
98

       
74

       
 

       
fi


     

       
99

       
75

       
 

       



     

       
100

       

       
-

       



     

       
101

       

       
-

       
# Builds will use users that are members of this group


     

       
102

       

       
-

       
extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup")


     

       
103

       

       
-

       



     

       
104

       

       
-

       
# Inherit binary caches from the host


     

       
105

       

       
-

       
# TODO: will this still work with Nix 1.12 now that it has no perl? Probably not...


     

       
106

       

       
-

       
binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')"


     

       
107

       

       
-

       
extraBuildFlags+=(--option "binary-caches" "$binary_caches")


     

       
108

       

       
-

       



     

       
109

       

       
-

       
# We only need nixpkgs in the path if we don't already have a system closure to install


     

       
110

       

       
-

       
if [[ -z "$closure" ]]; then


     

       
111

       

       
-

       
    nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")"


     

       
112

       

       
-

       
    export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG"


     

       

       
76

       
+

       
if [ ! -e "$NIXOS_CONFIG" ] && [ -z "$closure" ]; then


     

       

       
77

       
+

       
    echo "configuration file $NIXOS_CONFIG doesn't exist"


     

       

       
78

       
+

       
    exit 1


     

       
113

       
79

       
 

       
fi


     

       
114

       

       
-

       
unset NIXOS_CONFIG


     

       
115

       

       
-

       



     

       
116

       

       
-

       
# These get created in nixos-prepare-root as well, but we want to make sure they're here in case we're


     

       
117

       

       
-

       
# running with --chroot. TODO: --chroot should just be split into a separate tool.


     

       
118

       

       
-

       
mkdir -m 0755 -p "$mountPoint/dev" "$mountPoint/proc" "$mountPoint/sys"


     

       
119

       
80

       
 

       



     

       
120

       

       
-

       
# Set up some bind mounts we'll want regardless of chroot or not


     

       
121

       

       
-

       
mount --rbind /dev "$mountPoint/dev"


     

       
122

       

       
-

       
mount --rbind /proc "$mountPoint/proc"


     

       
123

       

       
-

       
mount --rbind /sys "$mountPoint/sys"


     

       
124

       

       
-

       



     

       
125

       

       
-

       
# If we asked for a chroot, that means we're not actually installing anything (yeah I was confused too)


     

       
126

       

       
-

       
# and we just want to run a command in the context of a $mountPoint that we're assuming has already been


     

       
127

       

       
-

       
# set up by a previous nixos-install invocation. In that case we set up some remaining bind mounts and


     

       
128

       

       
-

       
# exec the requested command, skipping the rest of the installation procedure.


     

       
129

       

       
-

       
if [ -n "$runChroot" ]; then


     

       
130

       

       
-

       
    mount -t tmpfs -o "mode=0755" none $mountPoint/run


     

       
131

       

       
-

       
    rm -rf $mountPoint/var/run


     

       
132

       

       
-

       
    ln -s /run $mountPoint/var/run


     

       
133

       

       
-

       
    for f in /etc/resolv.conf /etc/hosts; do rm -f $mountPoint/$f; [ -f "$f" ] && cp -Lf $f $mountPoint/etc/; done


     

       
134

       

       
-

       
    for f in /etc/passwd /etc/group;      do touch $mountPoint/$f; [ -f "$f" ] && mount --rbind -o ro $f $mountPoint/$f; done


     

       
135

       

       
-

       



     

       
136

       

       
-

       
    if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then


     

       
137

       

       
-

       
        echo "$0: installation not finished; cannot chroot into installation directory"


     

       
138

       

       
-

       
        exit 1


     

       
139

       

       
-

       
    fi


     

       
140

       

       
-

       
    ln -s /nix/var/nix/profiles/system $mountPoint/run/current-system


     

       
141

       

       
-

       
    exec chroot $mountPoint "${chrootCommand[@]}"


     

       
142

       

       
-

       
fi


     

       
143

       

       
-

       



     

       
144

       

       
-

       
# A place to drop temporary closures


     

       

       
81

       
+

       
# A place to drop temporary stuff.


     

       
145

       
82

       
 

       
trap "rm -rf $tmpdir" EXIT


     

       
146

       
83

       
 

       
tmpdir="$(mktemp -d)"


     

       
147

       
84

       
 

       



     

       
148

       

       
-

       
# Build a closure (on the host; we then copy it into the guest)


     

       
149

       

       
-

       
function closure() {


     

       
150

       

       
-

       
    nix-build "${extraBuildFlags[@]}" --no-out-link -E "with import <nixpkgs> {}; runCommand \"closure\" { exportReferencesGraph = [ \"x\" (buildEnv { name = \"env\"; paths = [ ($1) stdenv ]; }) ]; } \"cp x \$out\""


     

       
151

       

       
-

       
}


     

       

       
85

       
+

       
subs="local?trusted=1 https://cache.nixos.org/"


     

       
152

       
86

       
 

       



     

       
153

       

       
-

       
system_closure="$tmpdir/system.closure"


     

       
154

       

       
-

       
# Use a FIFO for piping nix-store --export into nix-store --import, saving disk


     

       
155

       

       
-

       
# I/O and space. nix-store --import is run by nixos-prepare-root.


     

       
156

       

       
-

       
mkfifo $system_closure


     

       
157

       

       
-

       



     

       
158

       

       
-

       
if [ -z "$closure" ]; then


     

       
159

       

       
-

       
    expr="(import <nixpkgs/nixos> {}).system"


     

       
160

       

       
-

       
    system_root="$(nix-build -E "$expr")"


     

       
161

       

       
-

       
    system_closure="$(closure "$expr")"


     

       
162

       

       
-

       
else


     

       
163

       

       
-

       
    system_root=$closure


     

       
164

       

       
-

       
    # Create a temporary file ending in .closure (so nixos-prepare-root knows to --import it) to transport the store closure


     

       
165

       

       
-

       
    # to the filesytem we're preparing. Also delete it on exit!


     

       
166

       

       
-

       
    # Run in background to avoid blocking while trying to write to the FIFO


     

       
167

       

       
-

       
    # $system_closure refers to


     

       
168

       

       
-

       
    nix-store --export $(nix-store -qR $closure) > $system_closure &


     

       

       
87

       
+

       
# Build the system configuration in the target filesystem.


     

       

       
88

       
+

       
if [[ -z $system ]]; then


     

       

       
89

       
+

       
    echo "building the configuration in $NIXOS_CONFIG..."


     

       

       
90

       
+

       
    outLink="$tmpdir/system"


     

       

       
91

       
+

       
    nix build --out-link "$outLink" --store "$mountPoint" "${extraBuildFlags[@]}" \


     

       

       
92

       
+

       
        --substituters "$subs" \


     

       

       
93

       
+

       
        -f '<nixpkgs/nixos>' system -I "nixos-config=$NIXOS_CONFIG"


     

       

       
94

       
+

       
    system=$(readlink -f $outLink)


     

       
169

       
95

       
 

       
fi


     

       
170

       
96

       
 

       



     

       
171

       

       
-

       
channel_root="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"


     

       
172

       

       
-

       
channel_closure="$tmpdir/channel.closure"


     

       
173

       

       
-

       
nix-store --export $channel_root > $channel_closure


     

       

       
97

       
+

       
# Set the system profile to point to the configuration. TODO: combine


     

       

       
98

       
+

       
# this with the previous step once we have a nix-env replacement with


     

       

       
99

       
+

       
# a progress bar.


     

       

       
100

       
+

       
nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \


     

       

       
101

       
+

       
        --substituters "$subs" \


     

       

       
102

       
+

       
        -p $mountPoint/nix/var/nix/profiles/system --set "$system"


     

       
174

       
103

       
 

       



     

       
175

       

       
-

       
# Populate the target root directory with the basics


     

       
176

       

       
-

       
@prepare_root@/bin/nixos-prepare-root "$mountPoint" "$channel_root" "$system_root" @nixClosure@ "$system_closure" "$channel_closure"


     

       

       
104

       
+

       
# Copy the NixOS/Nixpkgs sources to the target as the initial contents


     

       

       
105

       
+

       
# of the NixOS channel.


     

       

       
106

       
+

       
if [[ -z $noChannelCopy ]]; then


     

       

       
107

       
+

       
    channelPath="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"


     

       

       
108

       
+

       
    if [[ -n $channelPath ]]; then


     

       

       
109

       
+

       
        echo "copying channel..."


     

       

       
110

       
+

       
        mkdir -p $mountPoint/nix/var/nix/profiles/per-user/root


     

       

       
111

       
+

       
        nix-env --store "$mountPoint" --substituters 'local?trusted=1' "${extraBuildFlags[@]}" \


     

       

       
112

       
+

       
                -p $mountPoint/nix/var/nix/profiles/per-user/root/channels --set "$channelPath" --quiet


     

       

       
113

       
+

       
    fi


     

       

       
114

       
+

       
fi


     

       
177

       
115

       
 

       



     

       
178

       

       
-

       
# nixos-prepare-root doesn't currently do anything with file ownership, so we set it up here instead


     

       
179

       

       
-

       
chown @root_uid@:@nixbld_gid@ $mountPoint/nix/store


     

       
180

       

       
-

       



     

       
181

       

       
-

       



     

       
182

       

       
-

       



     

       
183

       

       
-

       
# Grub needs an mtab.


     

       
184

       

       
-

       
ln -sfn /proc/mounts $mountPoint/etc/mtab


     

       

       
116

       
+

       
# Mark the target as a NixOS installation, otherwise switch-to-configuration will chicken out.


     

       

       
117

       
+

       
touch "$mountPoint/etc/NIXOS"


     

       
185

       
118

       
 

       



     

       
186

       
119

       
 

       
# Switch to the new system configuration.  This will install Grub with


     

       
187

       
120

       
 

       
# a menu default pointing at the kernel/initrd/etc of the new


     

       
188

       
121

       
 

       
# configuration.


     

       
189

       

       
-

       
echo "finalising the installation..."


     

       
190

       

       
-

       
if [ -z "$noBootLoader" ]; then


     

       
191

       

       
-

       
  NIXOS_INSTALL_BOOTLOADER=1 chroot $mountPoint \


     

       
192

       

       
-

       
      /nix/var/nix/profiles/system/bin/switch-to-configuration boot


     

       

       
122

       
+

       
if [[ -z $noBootLoader ]]; then


     

       

       
123

       
+

       
    echo "installing the boot loader..."


     

       

       
124

       
+

       
    # Grub needs an mtab.


     

       

       
125

       
+

       
    ln -sfn /proc/mounts $mountPoint/etc/mtab


     

       

       
126

       
+

       
    NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot


     

       
193

       
127

       
 

       
fi


     

       
194

       
128

       
 

       



     

       
195

       

       
-

       
# Run the activation script.


     

       
196

       

       
-

       
chroot $mountPoint /nix/var/nix/profiles/system/activate


     

       
197

       

       
-

       



     

       
198

       

       
-

       



     

       
199

       

       
-

       
# Ask the user to set a root password.


     

       
200

       

       
-

       
if [ -z "$noRootPasswd" ] && chroot $mountPoint [ -x /run/wrappers/bin/passwd ] && [ -t 0 ]; then


     

       
201

       

       
-

       
    echo "setting root password..."


     

       
202

       

       
-

       
    chroot $mountPoint /run/wrappers/bin/passwd


     

       

       
129

       
+

       
# Ask the user to set a root password, but only if the passwd command


     

       

       
130

       
+

       
# exists (i.e. when mutable user accounts are enabled).


     

       

       
131

       
+

       
if [[ -z $noRootPasswd ]] && [ -t 0 ]; then


     

       

       
132

       
+

       
    nixos-enter --root "$mountPoint" -c '[[ -e /nix/var/nix/profiles/system/sw/bin/passwd ]] && echo "setting root password..." && /nix/var/nix/profiles/system/sw/bin/passwd'


     

       
203

       
133

       
 

       
fi


     

       
204

       

       
-

       



     

       
205

       
134

       
 

       



     

       
206

       
135

       
 

       
echo "installation finished!"
+1 -10
nixos/modules/installer/tools/tools.nix 
···

       
29

       
29

       
 

       
  nixos-install = makeProg {


     

       
30

       
30

       
 

       
    name = "nixos-install";


     

       
31

       
31

       
 

       
    src = ./nixos-install.sh;


     

       
32

       

       
-

       



     

       
33

       

       
-

       
    inherit (pkgs) perl pathsFromGraph rsync;


     

       
34

       
32

       
 

       
    nix = config.nix.package.out;


     

       
35

       

       
-

       
    cacert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";


     

       
36

       

       
-

       
    root_uid = config.ids.uids.root;


     

       
37

       

       
-

       
    nixbld_gid = config.ids.gids.nixbld;


     

       
38

       

       
-

       
    prepare_root = nixos-prepare-root;


     

       
39

       

       
-

       



     

       
40

       

       
-

       
    nixClosure = pkgs.runCommand "closure"


     

       
41

       

       
-

       
      { exportReferencesGraph = ["refs" config.nix.package.out]; }


     

       
42

       

       
-

       
      "cp refs $out";


     

       

       
33

       
+

       
    path = makeBinPath [ nixos-enter ];


     

       
43

       
34

       
 

       
  };


     

       
44

       
35

       
 

       



     

       
45

       
36

       
 

       
  nixos-rebuild =