diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-04-10 14:39:12 +0000 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-04-10 14:39:12 +0000 |
commit | f37b453b1987aba2468cc692bd22cbae3995219b (patch) | |
tree | 978d8b435326b8a91fddfeb35e4a14e529974db6 | |
parent | d2a6be078eb1109338a8dec2d55a9e8d4fba37d7 (diff) | |
download | nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar.gz nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar.bz2 nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar.lz nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar.xz nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.tar.zst nixpkgs-f37b453b1987aba2468cc692bd22cbae3995219b.zip |
* nixos-install: Ensure that builds are done by the nixbld users
rather than root. Also copy all manifests into the chroot so that any nix-pull done outside the chroot is "inherited". svn path=/nixos/trunk/; revision=33725
-rw-r--r-- | modules/installer/tools/nixos-install.sh | 58 |
1 files changed, 40 insertions, 18 deletions
diff --git a/modules/installer/tools/nixos-install.sh b/modules/installer/tools/nixos-install.sh index 0d24dd6a8e1..d539b8bb014 100644 --- a/modules/installer/tools/nixos-install.sh +++ b/modules/installer/tools/nixos-install.sh @@ -10,6 +10,7 @@ # * run the activation script of the configuration (also installs Grub) set -e +shopt -s nullglob if test -z "$mountPoint"; then mountPoint=/mnt @@ -35,27 +36,30 @@ if ! test -e "$NIXOS_CONFIG"; then fi -# Enable networking in the chroot. -mkdir -m 0755 -p $mountPoint/etc -touch /etc/resolv.conf -cp -f /etc/resolv.conf $mountPoint/etc/ -rm -f $mountPoint/etc/hosts -cat /etc/hosts > $mountPoint/etc/hosts -rm -f $mountPoint/etc/nsswitch.conf -cat /etc/nsswitch.conf > $mountPoint/etc/nsswitch.conf - -# Mount some stuff in the target root directory. -mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/mnt +# Do a nix-pull to speed up building. +if test -n "@nixpkgsURL@" -a ${NIXOS_PULL:-1} != 0; then + @nix@/bin/nix-pull @nixpkgsURL@/MANIFEST || true +fi + + +# Mount some stuff in the target root directory. We bind-mount /etc +# into the chroot because we need networking and the nixbld user +# accounts in /etc/passwd. But we do need the target's /etc/nixos. +mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/mnt $mountPoint/etc mount --rbind /dev $mountPoint/dev mount --rbind /proc $mountPoint/proc mount --rbind /sys $mountPoint/sys mount --rbind / $mountPoint/mnt +mount --bind /etc $mountPoint/etc +mount --bind $mountPoint/mnt/$mountPoint/etc/nixos $mountPoint/etc/nixos cleanup() { + set +e umount -l $mountPoint/mnt umount -l $mountPoint/dev umount -l $mountPoint/proc umount -l $mountPoint/sys + mountpoint -q $mountPoint/etc && umount -l $mountPoint/etc } trap "cleanup" EXIT @@ -75,8 +79,15 @@ mkdir -m 0755 -p \ $mountPoint/nix/var/nix/db \ $mountPoint/nix/var/log/nix/drvs -mkdir -m 1777 -p \ - $mountPoint/nix/store \ +mkdir -m 1775 -p $mountPoint/nix/store +chown root.nixbld $mountPoint/nix/store + + +# Make manifests available in the chroot. +rm -f $mountPoint/nix/var/nix/manifests/* +for i in /nix/var/nix/manifests/*.nixmanifest; do + cp "$(readlink -f "$i")" $mountPoint/nix/var/nix/manifests +done # Get the store paths to copy from the references graph. @@ -97,6 +108,12 @@ export LC_ALL= export LC_TIME= +# Create a temporary Nix config file that causes the nixbld users to +# be used. +echo "build-users-group = nixbld" > /mnt/tmp/nix.conf +export NIX_CONF_DIR=/tmp + + # Register the paths in the Nix closure as valid. This is necessary # to prevent them from being deleted the first time we install # something. (I.e., Nix will see that, e.g., the glibc path is not @@ -117,11 +134,6 @@ ln -sf @shell@ $mountPoint/bin/sh export NIX_OTHER_STORES=/mnt/nix:$NIX_OTHER_STORES -# Do a nix-pull to speed up building. -if test -n "@nixpkgsURL@" -a ${NIXOS_PULL:-1} != 0; then - chroot $mountPoint @nix@/bin/nix-pull @nixpkgsURL@/MANIFEST || true -fi - if test -n "$NIXOS_PREPARE_CHROOT_ONLY"; then echo "User requested only to prepare chroot. Exiting." exit 0; @@ -135,6 +147,16 @@ NIX_PATH=nixpkgs=/mnt/etc/nixos/nixpkgs:nixos=/mnt/etc/nixos/nixos:nixos-config= -p /nix/var/nix/profiles/system -f '<nixos>' --set -A system --show-trace +# Get rid of the manifests. +rm -f $mountPoint/nix/var/nix/manifests/* + + +# We're done building/downloading, so we don't need the /etc bind +# mount anymore. In fact, below we want to modify the target's /etc. +umount $mountPoint/etc/nixos +umount $mountPoint/etc + + # Make a backup of the old NixOS/Nixpkgs sources. echo "copying NixOS/Nixpkgs sources to /etc/nixos...." |