From 806e88c13771e5ec336f3ca14969c5f314482a67 Mon Sep 17 00:00:00 2001 From: obadz Date: Tue, 16 Aug 2016 01:15:27 +0100 Subject: [PATCH] nixos-install: cleanups & improvements to run on non-NixOS systems MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix --no-bootloader which didn't do what it advertised - Hardcode nixbld GID so that systems which do not have a nixbld user can still run nixos-install (only with --closure since they can't build anything) - Cleanup: get rid of NIX_CONF_DIR(=/tmp)/nix.conf and pass arguments instead - Cleanup: don't assume that the target system has '' or '' to see if config.users.mutableUsers. Instead check if /var/setuid-wrappers/passwd is there Installing NixOS now works from a Ubuntu host (using --closure). nix-build -A tests.installer.simple '' succeeds ✓ --- .../modules/installer/tools/nixos-install.sh | 30 +++++++++---------- nixos/modules/installer/tools/tools.nix | 1 + 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 0247925f4144..758f0cdb9d3f 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -24,7 +24,6 @@ fi # Parse the command line for the -I flag extraBuildFlags=() chrootCommand=(/run/current-system/sw/bin/bash) -bootLoader=1 while [ "$#" -gt 0 ]; do i="$1"; shift 1 @@ -51,7 +50,7 @@ while [ "$#" -gt 0 ]; do noRootPasswd=1 ;; --no-bootloader) - bootLoader=0 + noBootLoader=1 ;; --show-trace) extraBuildFlags+=("$i") @@ -142,7 +141,7 @@ mkdir -m 0755 -p \ $mountPoint/nix/var/log/nix/drvs mkdir -m 1775 -p $mountPoint/nix/store -chown root:nixbld $mountPoint/nix/store +chown root:@nixbld_gid@ $mountPoint/nix/store # There is no daemon in the chroot. @@ -155,14 +154,14 @@ export LC_ALL= export LC_TIME= -# Create a temporary Nix config file that causes the nixbld users to -# be used. -echo "build-users-group = nixbld" > $mountPoint/tmp/nix.conf # FIXME: remove in Nix 1.8 -binary_caches=$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};') -if test -n "$binary_caches"; then - echo "binary-caches = $binary_caches" >> $mountPoint/tmp/nix.conf -fi -export NIX_CONF_DIR=/tmp +# Builds will use users that are members of this group +extraBuildFlags+=(--option "build-users-group" "nixbld") + + +# Inherit binary caches from the host +binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')" +extraBuildFlags+=(--option "binary-caches" "$binary_caches") + touch $mountPoint/etc/passwd $mountPoint/etc/group mount --bind -o ro /etc/passwd $mountPoint/etc/passwd @@ -263,16 +262,17 @@ touch $mountPoint/etc/NIXOS # a menu default pointing at the kernel/initrd/etc of the new # configuration. echo "finalising the installation..." -NIXOS_INSTALL_GRUB="$bootLoader" chroot $mountPoint \ - /nix/var/nix/profiles/system/bin/switch-to-configuration boot - +if [ -z "$noBootLoader" ]; then + NIXOS_INSTALL_GRUB=1 chroot $mountPoint \ + /nix/var/nix/profiles/system/bin/switch-to-configuration boot +fi # Run the activation script. chroot $mountPoint /nix/var/nix/profiles/system/activate # Ask the user to set a root password. -if [ -z "$noRootPasswd" ] && [ "$(chroot $mountPoint /run/current-system/sw/bin/sh -l -c "nix-instantiate --eval '' -A config.users.mutableUsers")" = true ] && [ -t 0 ] ; then +if [ -z "$noRootPasswd" ] && [ -x $mountPoint/var/setuid-wrappers/passwd ] && [ -t 0 ]; then echo "setting root password..." chroot $mountPoint /var/setuid-wrappers/passwd fi diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index a55c03bd9528..687a3142fa4a 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -24,6 +24,7 @@ let inherit (pkgs) perl pathsFromGraph rsync; nix = config.nix.package.out; cacert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + nixbld_gid = config.ids.gids.nixbld; nixClosure = pkgs.runCommand "closure" { exportReferencesGraph = ["refs" config.nix.package.out]; }