commit 24f8cf08cc897f0b3c2ff4118fe30c38eed85aa6 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixos/lib/make-disk-image: refactor to use nixos-install

- Replace hand-rolled version of nixos-install in make-disk-image by an
actual call to nixos-install
- Required a few cleanups of nixos-install
- nixos-install invokes an activation script which the hand-rolled version
in make-disk-image did not do. We remove /etc/machine-id as that's
a host-specific, impure, output of the activation script

Testing:

nix-build '<nixpkgs/nixos/release.nix>' -A tests.installer.simple passes

Also tried generating an image with:

nix-build -E 'let
pkgs = import <nixpkgs> {};
lib = pkgs.lib;
nixos = import <nixpkgs/nixos> {
configuration = {
fileSystems."/".device = "/dev/disk/by-label/nixos";
boot.loader.grub.devices = [ "/dev/sda" ];
boot.loader.grub.extraEntries = '"''"'
menuentry "Ubuntu" {
insmod ext2
search --set=root --label ubuntu
configfile /boot/grub/grub.cfg
}
'"''"';
};
};
in import <nixpkgs/nixos/lib/make-disk-image.nix> {
inherit pkgs lib;
config = nixos.config;
diskSize = 2000;
partitioned = false;
installBootLoader = false;
}'

Then installed the image:
$ sudo df if=./result/nixos.img of=/dev/sdaX bs=1M
$ sudo resize2fs /dev/disk/by-label/nixos
$ sudo mount /dev/disk/by-label/nixos /mnt
$ sudo mount --rbind /proc /mnt/proc
$ sudo mount --rbind /dev /mnt/dev
$ sudo chroot /mnt /nix/var/nix/profiles/system/bin/switch-to-configuration boot

[ … optionally do something about passwords … ]

and successfully rebooted to that image.

Was doing all this from inside a Ubuntu VM with a single user nix install.

obadz 9 years ago 24f8cf08 4d1d3701

+21 -42

3 changed files

expand all

unified split

nixos

lib

make-disk-image.nix

modules

installer

tools

nixos-install.sh

tools.nix

+13 -32

nixos/lib/make-disk-image.nix

··· 67 67 mkdir /mnt 68 68 mount $rootDisk /mnt 69 69 70 - # The initrd expects these directories to exist. 71 - mkdir /mnt/dev /mnt/proc /mnt/sys 72 - 73 - mount -o bind /proc /mnt/proc 74 - mount -o bind /dev /mnt/dev 75 - mount -o bind /sys /mnt/sys 76 - 77 - # Copy all paths in the closure to the filesystem. 78 - storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure) 79 - 80 - mkdir -p /mnt/nix/store 81 - echo "copying everything (will take a while)..." 82 - set -f 83 - cp -prd $storePaths /mnt/nix/store/ 84 - 85 70 # Register the paths in the Nix database. 86 71 printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \ 87 - chroot /mnt ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" 72 + ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group "" 88 73 89 74 # Add missing size/hash fields to the database. FIXME: 90 75 # exportReferencesGraph should provide these directly. 91 - chroot /mnt ${config.nix.package.out}/bin/nix-store --verify --check-contents 76 + ${config.nix.package.out}/bin/nix-store --verify --check-contents --option build-users-group "" 92 77 93 - # Create the system profile to allow nixos-rebuild to work. 94 - chroot /mnt ${config.nix.package.out}/bin/nix-env --option build-users-group "" \ 95 - -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel} 78 + # In case the bootloader tries to write to /dev/sda… 79 + ln -s vda /dev/xvda 80 + ln -s vda /dev/sda 96 81 97 - # `nixos-rebuild' requires an /etc/NIXOS. 98 - mkdir -p /mnt/etc 99 - touch /mnt/etc/NIXOS 100 - 101 - # `switch-to-configuration' requires a /bin/sh 102 - mkdir -p /mnt/bin 103 - ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh 82 + # Install the closure onto the image 83 + USER=root ${config.system.build.nixos-install}/bin/nixos-install \ 84 + --closure ${config.system.build.toplevel} \ 85 + --no-channel-copy \ 86 + --no-root-passwd \ 87 + ${optionalString (!installBootLoader) "--no-bootloader"} 104 88 105 89 # Install a configuration.nix. 106 90 mkdir -p /mnt/etc/nixos ··· 108 92 cp ${configFile} /mnt/etc/nixos/configuration.nix 109 93 ''} 110 94 111 - # Generate the GRUB menu. 112 - ln -s vda /dev/xvda 113 - ln -s vda /dev/sda 114 - ${optionalString installBootLoader "chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot"} 95 + # Remove /etc/machine-id so that each machine cloning this image will get its own id 96 + rm -f /mnt/etc/machine-id 115 97 116 - umount /mnt/proc /mnt/dev /mnt/sys 117 98 umount /mnt 118 99 119 100 # Do a fsck to make sure resize2fs works.

+7 -10

nixos/modules/installer/tools/nixos-install.sh

··· 24 24 # Parse the command line for the -I flag 25 25 extraBuildFlags=() 26 26 chrootCommand=(/run/current-system/sw/bin/bash) 27 + buildUsersGroup="nixbld" 27 28 28 29 while [ "$#" -gt 0 ]; do 29 30 i="$1"; shift 1 ··· 42 43 ;; 43 44 --closure) 44 45 closure="$1"; shift 1 46 + buildUsersGroup="" 45 47 ;; 46 48 --no-channel-copy) 47 49 noChannelCopy=1 ··· 100 102 mount -t tmpfs -o "mode=0755" none $mountPoint/var/setuid-wrappers 101 103 rm -rf $mountPoint/var/run 102 104 ln -s /run $mountPoint/var/run 103 - rm -f $mountPoint/etc/{resolv.conf,hosts} 104 - cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/ 105 + for f in /etc/resolv.conf /etc/hosts; do rm -f $mountPoint/$f; [ -f "$f" ] && cp -Lf $f $mountPoint/etc/; done 106 + for f in /etc/passwd /etc/group; do touch $mountPoint/$f; [ -f "$f" ] && mount --rbind -o ro $f $mountPoint/$f; done 105 107 106 108 cp -Lf "@cacert@" "$mountPoint/tmp/ca-cert.crt" 107 109 export SSL_CERT_FILE=/tmp/ca-cert.crt ··· 141 143 $mountPoint/nix/var/log/nix/drvs 142 144 143 145 mkdir -m 1775 -p $mountPoint/nix/store 144 - chown root:@nixbld_gid@ $mountPoint/nix/store 146 + chown @root_uid@:@nixbld_gid@ $mountPoint/nix/store 145 147 146 148 147 149 # There is no daemon in the chroot. ··· 155 157 156 158 157 159 # Builds will use users that are members of this group 158 - extraBuildFlags+=(--option "build-users-group" "nixbld") 160 + extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup") 159 161 160 162 161 163 # Inherit binary caches from the host 162 164 binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')" 163 165 extraBuildFlags+=(--option "binary-caches" "$binary_caches") 164 - 165 - 166 - touch $mountPoint/etc/passwd $mountPoint/etc/group 167 - mount --bind -o ro /etc/passwd $mountPoint/etc/passwd 168 - mount --bind -o ro /etc/group $mountPoint/etc/group 169 166 170 167 171 168 # Copy Nix to the Nix store on the target device, unless it's already there. ··· 246 243 247 244 248 245 # Get rid of the /etc bind mounts. 249 - umount $mountPoint/etc/passwd $mountPoint/etc/group 246 + for f in /etc/passwd /etc/group; do [ -f "$f" ] && umount $mountPoint/$f; done 250 247 251 248 252 249 # Grub needs an mtab.

nixos/modules/installer/tools/tools.nix

··· 24 24 inherit (pkgs) perl pathsFromGraph rsync; 25 25 nix = config.nix.package.out; 26 26 cacert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; 27 + root_uid = config.ids.uids.root; 27 28 nixbld_gid = config.ids.gids.nixbld; 28 29 29 30 nixClosure = pkgs.runCommand "closure"