3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/system/boot
Thomas Watson af25692214 nixos/stage-1: Examine binaries for libraries in a consistent order
To reduce size, stage 1 (the initrd) is populated by copying specific
binaries in, then copying the libraries specifically needed by those
binaries. `patchelf` is then used to make the binaries search in the
directory where these libraries are copied to instead of their original
store paths.

Some filesystems (e.g. ZFS) do not guarantee that copying the same files
in the same order into a given directory will result in `find` returning
them in any particular order (though the order appears consistent so
long as the directory is not modified).

Therefore, when the binaries are scanned for libraries to copy in, they
might be scanned in a different order each time the derivation is built.
If two binaries need two different libraries with the same name, then a
different instance of the library might be copied in first, changing the
derivation contents and breaking reproducibility.

This turns out to be the case with `libudev.so.1` from both `systemd`
(needed by e.g. `mdadm`) and `systemdMinimal` (needed by e.g.
`dmsetup`). This issue is fixed by sorting the list of binaries to be
scanned instead of relying on filesystem order so that the same instance
always gets seen and copied first.

Both before this change (at least on ext4) and after this change
(without any options that affect stage 1), this is the `libudev.so.1`
from `systemdMinimal` by way of `dmsetup`. Whether this is appropriate
and how much the two different systemd configurations and udev libraries
need to be involved is a topic left for future work.
2022-12-20 08:24:19 +01:00
..
loader Merge pull request #172237 from DeterminateSystems/bootspec-rfc 2022-12-17 08:35:53 +00:00
systemd Merge master into staging-next 2022-10-22 12:01:25 +00:00
binfmt.nix nixos/binfmt: restart systemd-binfmt when registrations change 2022-11-07 11:28:47 +01:00
emergency-mode.nix
grow-partition.nix nixos/*: automatically convert option descriptions 2022-08-31 16:32:53 +02:00
initrd-network.nix
initrd-openvpn.nix nixos/*: convert options with admonitions to MD 2022-08-31 16:36:16 +02:00
initrd-ssh.nix initrd-ssh: add ignoreEmptyHostKeys option 2022-12-03 15:10:43 +01:00
kernel.nix nixos/kernel: link manual (with backport policies) from boot.kernelPackages 2022-12-06 14:38:16 +01:00
kernel_config.nix nixos/*: convert internal option descriptions to MD 2022-08-31 16:32:54 +02:00
kexec.nix
luksroot.nix Merge branch 'master' into staging 2022-10-13 08:27:55 +02:00
modprobe.nix nixos/modprobe: replace boot.isContainer with boot.modprobeConfig.enable 2022-11-24 14:07:46 +01:00
networkd.nix Merge pull request #202956 from arcnmx/systemd-networkd-wait-online 2022-12-05 17:53:26 +01:00
pbkdf2-sha512.c
plymouth.nix nixos/*: automatically convert option descriptions 2022-08-31 16:32:53 +02:00
resolved.nix
shutdown.nix
stage-1-init.sh stage-1: escape mount points and options 2022-11-06 22:15:31 +01:00
stage-1.nix nixos/stage-1: Examine binaries for libraries in a consistent order 2022-12-20 08:24:19 +01:00
stage-2-init.sh nixos: nix.readOnlyStore -> boot.readOnlyNixStore 2022-11-30 22:57:08 -05:00
stage-2.nix nixos: nix.readOnlyStore -> boot.readOnlyNixStore 2022-11-30 22:57:08 -05:00
systemd.nix nixos: disable systemd-oomd when enableUnifiedCgroupHierarchy is false 2022-11-29 20:39:05 +01:00
timesyncd.nix
tmp.nix
uvesafb.nix nixos/uvesafb: init 2022-10-23 11:47:11 -03:00