synit: start of mdevd migration

flake.nix

@@ -134,6 +134,8 @@
               nodes.machine = { config, lib, utils, ... }: {
                 imports = [ self.nixosModules.synit ];
                 boot.initrd.verbose = true;
+                boot.initrd.kernelModules =
+                  [ "virtio_blk" "ext4" "9p" "9pnet_virtio" "overlay" ];
                 environment.etc."syndicate/services/test-gateway.pr".text = ''
                   <require-service <relay-listener <tcp "192.168.1.1" 9001> $gatekeeper>>
                   <bind <ref { oid: "syndicate" key: #x"" }> $config #f>

nixos/modules/synit/boot/stage-1-init.sh

@@ -14,6 +14,7 @@ extraUtils="@extraUtils@"
 export LD_LIBRARY_PATH=@extraUtils@/lib
 export PATH=@extraUtils@/bin
 ln -s @extraUtils@/bin /bin
+ln -s @extraUtils@/bin /sbin
 
 # Copy the secrets to their needed location
 if [ -d "@extraUtils@/secrets" ]; then
@@ -69,14 +70,12 @@ trap 'fail' 0
 
 # Print a greeting.
 info
-info "<<< NixOS Stage 1 >>>"
+info "<<< @distroName@ Stage 1 >>>"
 info
 
 # Make several required directories.
-mkdir -p /etc/udev
 touch /etc/fstab # to shut up mount
 ln -s /proc/mounts /etc/mtab # to shut up mke2fs
-touch /etc/udev/hwdb.bin # to shut up udev
 touch /etc/initrd-release
 
 # Function for waiting for device(s) to appear.
@@ -96,7 +95,7 @@ waitDevice() {
             try=20
             while [ $try -gt 0 ]; do
                 sleep 1
-                udevadm trigger --action=add
+                mdevd-coldplug -O4 -v 3
                 if test -e $dev; then break; fi
                 echo -n "."
                 try=$((try - 1))
@@ -105,6 +104,8 @@ waitDevice() {
             [ $try -ne 0 ]
         fi
     done
+
+    kill $mdevd_pid
 }
 
 # Mount special file systems.
@@ -227,27 +228,28 @@ done
 mkdir -p /lib
 ln -s @modulesClosure@/lib/modules /lib/modules
 ln -s @modulesClosure@/lib/firmware /lib/firmware
-# see comment in stage-1.nix for explanation
-echo @extraUtils@/bin/modprobe-kernel > /proc/sys/kernel/modprobe
+echo @extraUtils@/bin/modprobe > /proc/sys/kernel/modprobe
 for i in @kernelModules@; do
     info "loading module $(basename $i)..."
     modprobe $i
 done
 
+info "loading modules from modalias files..."
+find /sys -name 'modalias' -type f -exec cat '{}' + | sort -u | xargs modprobe -b -a 2>/dev/null
+
 
 # Create device nodes in /dev.
 @preDeviceCommands@
-info "running udev..."
 ln -sfn /proc/self/fd /dev/fd
 ln -sfn /proc/self/fd/0 /dev/stdin
 ln -sfn /proc/self/fd/1 /dev/stdout
 ln -sfn /proc/self/fd/2 /dev/stderr
-mkdir -p /etc/udev
-ln -sfn @udevRules@ /etc/udev/rules.d
 mkdir -p /dev/.mdadm
-udevd --daemon
-udevadm trigger --action=add
-udevadm settle
+
+info "running mdevd..."
+mdevd -O4 -v 3 &
+mdevd_pid=$!
+mdevd-coldplug -O4 -v 3
 
 
 if test -n "$debug1devices"; then fail; fi
@@ -279,6 +281,9 @@ checkFS() {
     # Skip fsck for inherently readonly filesystems.
     if [ "$fsType" = squashfs ]; then return 0; fi
 
+    # Skip fsck.erofs because it is still experimental.
+    if [ "$fsType" = erofs ]; then return 0; fi
+
     # If we couldn't figure out the FS type, then skip fsck.
     if [ "$fsType" = auto ]; then
         echo 'cannot check filesystem with type "auto"!'
@@ -327,6 +332,14 @@ checkFS() {
     return 0
 }
 
+escapeFstab() {
+    local original="$1"
+
+    # Replace space
+    local escaped="${original// /\\040}"
+    # Replace tab
+    echo "${escaped//$'\t'/\\011}"
+}
 
 # Function for mounting a file system.
 mountFS() {
@@ -349,22 +362,6 @@ mountFS() {
 
     checkFS "$device" "$fsType"
 
-    # Optionally resize the filesystem.
-    case $options in
-        *x-nixos.autoresize*)
-            if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then
-                modprobe "$fsType"
-                echo "resizing $device..."
-                e2fsck -fp "$device"
-                resize2fs "$device"
-            elif [ "$fsType" = f2fs ]; then
-                echo "resizing $device..."
-                fsck.f2fs -fp "$device"
-                resize.f2fs "$device"
-            fi
-            ;;
-    esac
-
     # Create backing directories for overlayfs
     if [ "$fsType" = overlay ]; then
         for i in upper work; do
@@ -388,6 +385,11 @@ mountFS() {
         n=$((n + 1))
     done
 
+    # For bind mounts, busybox has a tendency to ignore options, which can be a
+    # security issue (e.g. "nosuid"). Remounting the partition seems to fix the
+    # issue.
+    mount "/mnt-root$mountPoint" -o "remount,$optionsPrefixed"
+
     [ "$mountPoint" == "/" ] &&
         [ -f "/mnt-root/etc/NIXOS_LUSTRATE" ] &&
         lustrateRoot "/mnt-root"
@@ -399,7 +401,7 @@ lustrateRoot () {
     local root="$1"
 
     echo
-    echo -e "\e[1;33m<<< NixOS is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m"
+    echo -e "\e[1;33m<<< @distroName@ is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m"
     echo
 
     mkdir -m 0755 -p "$root/old-root.tmp"
@@ -415,7 +417,7 @@ lustrateRoot () {
         mv -v "$d" "$root/old-root.tmp"
     done
 
-    # Use .tmp to make sure subsequent invokations don't clash
+    # Use .tmp to make sure subsequent invocations don't clash
     mv -v "$root/old-root.tmp" "$root/old-root"
 
     mkdir -m 0755 -p "$root/etc"
@@ -435,33 +437,6 @@ lustrateRoot () {
 }
 
 
-
-if test -e /sys/power/resume -a -e /sys/power/disk; then
-    if test -n "@resumeDevice@" && waitDevice "@resumeDevice@"; then
-        resumeDev="@resumeDevice@"
-        resumeInfo="$(udevadm info -q property "$resumeDev" )"
-    else
-        for sd in @resumeDevices@; do
-            # Try to detect resume device. According to Ubuntu bug:
-            # https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/923326/comments/1
-            # when there are multiple swap devices, we can't know where the hibernate
-            # image will reside. We can check all of them for swsuspend blkid.
-            if waitDevice "$sd"; then
-                resumeInfo="$(udevadm info -q property "$sd")"
-                if [ "$(echo "$resumeInfo" | sed -n 's/^ID_FS_TYPE=//p')" = "swsuspend" ]; then
-                    resumeDev="$sd"
-                    break
-                fi
-            fi
-        done
-    fi
-    if test -n "$resumeDev"; then
-        resumeMajor="$(echo "$resumeInfo" | sed -n 's/^MAJOR=//p')"
-        resumeMinor="$(echo "$resumeInfo" | sed -n 's/^MINOR=//p')"
-        echo "$resumeMajor:$resumeMinor" > /sys/power/resume 2> /dev/null || echo "failed to resume..."
-    fi
-fi
-
 # If we have a path to an iso file, find the iso and link it to /dev/root
 if [ -n "$isoPath" ]; then
   mkdir -p /findiso
@@ -523,10 +498,6 @@ while read -u 3 mountPoint; do
         echo "Timed out waiting for device $device, trying to mount anyway."
     fi
 
-    # Wait once more for the udev queue to empty, just in case it's
-    # doing something with $device right now.
-    udevadm settle
-
     # If copytoram is enabled: skip mounting the ISO and copy its content to a tmpfs.
     if [ -n "$copytoram" ] && [ "$device" = /dev/root ] && [ "$mountPoint" = /iso ]; then
       fsType=$(blkid -o value -s TYPE "$device")
@@ -540,6 +511,9 @@ while read -u 3 mountPoint; do
 
       umount /tmp-iso
       rmdir /tmp-iso
+      if [ -n "$isoPath" ] && [ $fsType = "iso9660" ] && mountpoint -q /findiso; then
+       umount /findiso
+      fi
       continue
     fi
 
@@ -560,20 +534,9 @@ exec 3>&-
 @postMountCommands@
 
 
-# Emit a udev rule for /dev/root to prevent systemd from complaining.
-if [ -e /mnt-root/iso ]; then
-    eval $(udevadm info --export --export-prefix=ROOT_ --device-id-of-file=/mnt-root/iso)
-else
-    eval $(udevadm info --export --export-prefix=ROOT_ --device-id-of-file=$targetRoot)
-fi
-if [ "$ROOT_MAJOR" -a "$ROOT_MINOR" -a "$ROOT_MAJOR" != 0 ]; then
-    mkdir -p /run/udev/rules.d
-    echo 'ACTION=="add|change", SUBSYSTEM=="block", ENV{MAJOR}=="'$ROOT_MAJOR'", ENV{MINOR}=="'$ROOT_MINOR'", SYMLINK+="root"' > /run/udev/rules.d/61-dev-root-link.rules
-fi
-
-
-# Stop udevd.
-udevadm control --exit
+# Stop mdevd.
+kill $mdevd_pid
+info "killed early mdevd"
 
 # Reset the logging file descriptors.
 # Do this just before pkill, which will kill the tee process.

nixos/modules/synit/boot/stage-1.nix

@@ -121,6 +121,11 @@ let
         copy_bin_and_libs $BIN
       done
 
+      # Copy mdevd.
+      for BIN in ${pkgs.mdevd}/bin/*; do
+        copy_bin_and_libs $BIN
+      done
+
       # Copy modprobe.
       copy_bin_and_libs ${pkgs.kmod}/bin/kmod
       ln -sf kmod $out/bin/modprobe
@@ -345,6 +350,9 @@ let
         { object = pkgs.kmod-debian-aliases;
           symlink = "/etc/modprobe.d/debian.conf";
         }
+       { object = config.system.build.mdevConf;
+         symlink = "/etc/mdev.conf";
+       }
       ] ++ lib.optionals config.services.multipath.enable [
         { object = pkgs.runCommand "multipath.conf" {
               src = config.environment.etc."multipath.conf".text;
@@ -416,12 +424,15 @@ let
           ${compressorExe} ${lib.escapeShellArgs initialRamdisk.compressorArgs} >> "$1"
       '';
 
+  mdevConf = builtins.toFile "mdev.conf" ''
+    .* 0:0 777
+  '';
 in
 
 {
   config = mkIf config.boot.initrd.enable {
 
-    system.build = lib.mapAttrs (_: lib.mkForce) { inherit bootStage1 initialRamdisk initialRamdiskSecretAppender extraUtils; };
+    system.build = lib.mapAttrs (_: lib.mkForce) { inherit bootStage1 initialRamdisk initialRamdiskSecretAppender extraUtils mdevConf; };
 
   };
 }

nixos/modules/synit/etc/core/eudev.pr

@@ -1,6 +0,0 @@
-<require-service <daemon eudev>>
-<daemon eudev ["@udevd@", "--children-max=5"]>
-
-<require-service <daemon eudev-initial-scan>>
-<depends-on <daemon eudev-initial-scan> <service-state <daemon eudev> up>>
-<daemon eudev-initial-scan <one-shot "@udevadm@ trigger --type=subsystems --action=add && @udevadm@ trigger --type=devices --action=add && @udevadm@ settle --timeout=30">>

nixos/modules/synit/etc/default.nix

@@ -11,6 +11,10 @@ let
 in {
   environment.etc = {
 
+    "mdev.conf".text = ''
+      .* 0:0 660
+    '';
+
     "syndicate/boot".source = substituteDirectory {
       src = ./boot;
       getty = "${pkgs.busybox}/bin/busybox getty";