nixos/systemd-stage-1: Do not run code from stage 2 until it's actually time... (cb88cda0) · Commits · nix / nixpkgs

nixos/modules/system/boot/systemd/initrd.nix

+9 −10

Original line number	Diff line number	Diff line
		@@ -482,6 +482,9 @@ in {

		# so NSS can look up usernames
		"${pkgs.glibc}/lib/libnss_files.so.2"

		# Resolving sysroot symlinks without code exec
		"${pkgs.chroot-realpath}/bin/chroot-realpath"
		] ++ optionals cfg.package.withCryptsetup [
		# fido2 support
		"${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
		@@ -522,7 +525,7 @@ in {

		script = /* bash */ ''
		set -uo pipefail
		export PATH="/bin:${cfg.package.util-linux}/bin"
		export PATH="/bin:${cfg.package.util-linux}/bin:${pkgs.chroot-realpath}/bin"

		# Figure out what closure to boot
		closure=
		@@ -543,7 +546,7 @@ in {

		# Resolve symlinks in the init parameter. We need this for some boot loaders
		# (e.g. boot.loader.generationsDir).
		closure="$(chroot /sysroot ${pkgs.coreutils}/bin/realpath "$closure")"
		closure="$(chroot-realpath /sysroot "$closure")"

		# Assume the directory containing the init script is the closure.
		closure="$(dirname "$closure")"
		@@ -578,14 +581,10 @@ in {
		];

		services.initrd-nixos-activation = {
		requires = [
		config.boot.initrd.systemd.services.initrd-find-nixos-closure.name
		];
		after = [
		"initrd-fs.target"
		config.boot.initrd.systemd.services.initrd-find-nixos-closure.name
		];
		requiredBy = [ "initrd.target" ];
		after = [ "initrd-switch-root.target" ];
		requiredBy = [ "initrd-switch-root.service" ];
		before = [ "initrd-switch-root.service" ];
		unitConfig.DefaultDependencies = false;
		unitConfig = {
		AssertPathExists = "/etc/initrd-release";
		RequiresMountsFor = [

+2 −2

Original line number	Diff line number	Diff line
		@@ -139,10 +139,10 @@

		closure="$(realpath /nixos-closure)"

		metadata_image="$(chroot /sysroot ${lib.getExe' pkgs.coreutils "realpath"} "$closure/etc-metadata-image")"
		metadata_image="$(${pkgs.chroot-realpath}/bin/chroot-realpath /sysroot "$closure/etc-metadata-image")"
		ln -s "/sysroot$metadata_image" /etc-metadata-image

		basedir="$(chroot /sysroot ${lib.getExe' pkgs.coreutils "realpath"} "$closure/etc-basedir")"
		basedir="$(${pkgs.chroot-realpath}/bin/chroot-realpath /sysroot "$closure/etc-basedir")"
		ln -s "/sysroot$basedir" /etc-basedir
		'';
		};

0 → 100644

+21 −0

Original line number	Diff line number	Diff line
		{
		lib,
		rustPlatform,
		}:

		let
		cargo = lib.importTOML ./src/Cargo.toml;
		in
		rustPlatform.buildRustPackage {
		pname = cargo.package.name;
		version = cargo.package.version;

		src = ./src;

		cargoLock.lockFile = ./src/Cargo.lock;

		meta = {
		description = "Output a path's realpath within a chroot.";
		maintainers = [ lib.maintainers.elvishjerricco ];
		};
		}

0 → 100644

+7 −0

Original line number	Diff line number	Diff line
		# This file is automatically @generated by Cargo.
		# It is not intended for manual editing.
		version = 3

		[[package]]
		name = "chroot-realpath"
		version = "0.1.0"

0 → 100644

+9 −0