diff --git a/flake.nix b/flake.nix index c8795f6..d3d0b32 100644 --- a/flake.nix +++ b/flake.nix @@ -134,6 +134,8 @@ nodes.machine = { config, lib, utils, ... }: { imports = [ self.nixosModules.synit ]; boot.initrd.verbose = true; + boot.initrd.kernelModules = + [ "virtio_blk" "ext4" "9p" "9pnet_virtio" "overlay" ]; environment.etc."syndicate/services/test-gateway.pr".text = '' $gatekeeper>> $config #f> diff --git a/nixos/modules/synit/boot/stage-1-init.sh b/nixos/modules/synit/boot/stage-1-init.sh index 8baca35..2a83b38 100644 --- a/nixos/modules/synit/boot/stage-1-init.sh +++ b/nixos/modules/synit/boot/stage-1-init.sh @@ -14,6 +14,7 @@ extraUtils="@extraUtils@" export LD_LIBRARY_PATH=@extraUtils@/lib export PATH=@extraUtils@/bin ln -s @extraUtils@/bin /bin +ln -s @extraUtils@/bin /sbin # Copy the secrets to their needed location if [ -d "@extraUtils@/secrets" ]; then @@ -69,14 +70,12 @@ trap 'fail' 0 # Print a greeting. info -info "<<< NixOS Stage 1 >>>" +info "<<< @distroName@ Stage 1 >>>" info # Make several required directories. -mkdir -p /etc/udev touch /etc/fstab # to shut up mount ln -s /proc/mounts /etc/mtab # to shut up mke2fs -touch /etc/udev/hwdb.bin # to shut up udev touch /etc/initrd-release # Function for waiting for device(s) to appear. @@ -96,7 +95,7 @@ waitDevice() { try=20 while [ $try -gt 0 ]; do sleep 1 - udevadm trigger --action=add + mdevd-coldplug -O4 -v 3 if test -e $dev; then break; fi echo -n "." try=$((try - 1)) @@ -105,6 +104,8 @@ waitDevice() { [ $try -ne 0 ] fi done + + kill $mdevd_pid } # Mount special file systems. @@ -227,27 +228,28 @@ done mkdir -p /lib ln -s @modulesClosure@/lib/modules /lib/modules ln -s @modulesClosure@/lib/firmware /lib/firmware -# see comment in stage-1.nix for explanation -echo @extraUtils@/bin/modprobe-kernel > /proc/sys/kernel/modprobe +echo @extraUtils@/bin/modprobe > /proc/sys/kernel/modprobe for i in @kernelModules@; do info "loading module $(basename $i)..." modprobe $i done +info "loading modules from modalias files..." +find /sys -name 'modalias' -type f -exec cat '{}' + | sort -u | xargs modprobe -b -a 2>/dev/null + # Create device nodes in /dev. @preDeviceCommands@ -info "running udev..." ln -sfn /proc/self/fd /dev/fd ln -sfn /proc/self/fd/0 /dev/stdin ln -sfn /proc/self/fd/1 /dev/stdout ln -sfn /proc/self/fd/2 /dev/stderr -mkdir -p /etc/udev -ln -sfn @udevRules@ /etc/udev/rules.d mkdir -p /dev/.mdadm -udevd --daemon -udevadm trigger --action=add -udevadm settle + +info "running mdevd..." +mdevd -O4 -v 3 & +mdevd_pid=$! +mdevd-coldplug -O4 -v 3 if test -n "$debug1devices"; then fail; fi @@ -279,6 +281,9 @@ checkFS() { # Skip fsck for inherently readonly filesystems. if [ "$fsType" = squashfs ]; then return 0; fi + # Skip fsck.erofs because it is still experimental. + if [ "$fsType" = erofs ]; then return 0; fi + # If we couldn't figure out the FS type, then skip fsck. if [ "$fsType" = auto ]; then echo 'cannot check filesystem with type "auto"!' @@ -327,6 +332,14 @@ checkFS() { return 0 } +escapeFstab() { + local original="$1" + + # Replace space + local escaped="${original// /\\040}" + # Replace tab + echo "${escaped//$'\t'/\\011}" +} # Function for mounting a file system. mountFS() { @@ -349,22 +362,6 @@ mountFS() { checkFS "$device" "$fsType" - # Optionally resize the filesystem. - case $options in - *x-nixos.autoresize*) - if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then - modprobe "$fsType" - echo "resizing $device..." - e2fsck -fp "$device" - resize2fs "$device" - elif [ "$fsType" = f2fs ]; then - echo "resizing $device..." - fsck.f2fs -fp "$device" - resize.f2fs "$device" - fi - ;; - esac - # Create backing directories for overlayfs if [ "$fsType" = overlay ]; then for i in upper work; do @@ -388,6 +385,11 @@ mountFS() { n=$((n + 1)) done + # For bind mounts, busybox has a tendency to ignore options, which can be a + # security issue (e.g. "nosuid"). Remounting the partition seems to fix the + # issue. + mount "/mnt-root$mountPoint" -o "remount,$optionsPrefixed" + [ "$mountPoint" == "/" ] && [ -f "/mnt-root/etc/NIXOS_LUSTRATE" ] && lustrateRoot "/mnt-root" @@ -399,7 +401,7 @@ lustrateRoot () { local root="$1" echo - echo -e "\e[1;33m<<< NixOS is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m" + echo -e "\e[1;33m<<< @distroName@ is now lustrating the root filesystem (cruft goes to /old-root) >>>\e[0m" echo mkdir -m 0755 -p "$root/old-root.tmp" @@ -415,7 +417,7 @@ lustrateRoot () { mv -v "$d" "$root/old-root.tmp" done - # Use .tmp to make sure subsequent invokations don't clash + # Use .tmp to make sure subsequent invocations don't clash mv -v "$root/old-root.tmp" "$root/old-root" mkdir -m 0755 -p "$root/etc" @@ -435,33 +437,6 @@ lustrateRoot () { } - -if test -e /sys/power/resume -a -e /sys/power/disk; then - if test -n "@resumeDevice@" && waitDevice "@resumeDevice@"; then - resumeDev="@resumeDevice@" - resumeInfo="$(udevadm info -q property "$resumeDev" )" - else - for sd in @resumeDevices@; do - # Try to detect resume device. According to Ubuntu bug: - # https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/923326/comments/1 - # when there are multiple swap devices, we can't know where the hibernate - # image will reside. We can check all of them for swsuspend blkid. - if waitDevice "$sd"; then - resumeInfo="$(udevadm info -q property "$sd")" - if [ "$(echo "$resumeInfo" | sed -n 's/^ID_FS_TYPE=//p')" = "swsuspend" ]; then - resumeDev="$sd" - break - fi - fi - done - fi - if test -n "$resumeDev"; then - resumeMajor="$(echo "$resumeInfo" | sed -n 's/^MAJOR=//p')" - resumeMinor="$(echo "$resumeInfo" | sed -n 's/^MINOR=//p')" - echo "$resumeMajor:$resumeMinor" > /sys/power/resume 2> /dev/null || echo "failed to resume..." - fi -fi - # If we have a path to an iso file, find the iso and link it to /dev/root if [ -n "$isoPath" ]; then mkdir -p /findiso @@ -523,10 +498,6 @@ while read -u 3 mountPoint; do echo "Timed out waiting for device $device, trying to mount anyway." fi - # Wait once more for the udev queue to empty, just in case it's - # doing something with $device right now. - udevadm settle - # If copytoram is enabled: skip mounting the ISO and copy its content to a tmpfs. if [ -n "$copytoram" ] && [ "$device" = /dev/root ] && [ "$mountPoint" = /iso ]; then fsType=$(blkid -o value -s TYPE "$device") @@ -540,6 +511,9 @@ while read -u 3 mountPoint; do umount /tmp-iso rmdir /tmp-iso + if [ -n "$isoPath" ] && [ $fsType = "iso9660" ] && mountpoint -q /findiso; then + umount /findiso + fi continue fi @@ -560,20 +534,9 @@ exec 3>&- @postMountCommands@ -# Emit a udev rule for /dev/root to prevent systemd from complaining. -if [ -e /mnt-root/iso ]; then - eval $(udevadm info --export --export-prefix=ROOT_ --device-id-of-file=/mnt-root/iso) -else - eval $(udevadm info --export --export-prefix=ROOT_ --device-id-of-file=$targetRoot) -fi -if [ "$ROOT_MAJOR" -a "$ROOT_MINOR" -a "$ROOT_MAJOR" != 0 ]; then - mkdir -p /run/udev/rules.d - echo 'ACTION=="add|change", SUBSYSTEM=="block", ENV{MAJOR}=="'$ROOT_MAJOR'", ENV{MINOR}=="'$ROOT_MINOR'", SYMLINK+="root"' > /run/udev/rules.d/61-dev-root-link.rules -fi - - -# Stop udevd. -udevadm control --exit +# Stop mdevd. +kill $mdevd_pid +info "killed early mdevd" # Reset the logging file descriptors. # Do this just before pkill, which will kill the tee process. diff --git a/nixos/modules/synit/boot/stage-1.nix b/nixos/modules/synit/boot/stage-1.nix index e058b2c..ba9d61d 100644 --- a/nixos/modules/synit/boot/stage-1.nix +++ b/nixos/modules/synit/boot/stage-1.nix @@ -121,6 +121,11 @@ let copy_bin_and_libs $BIN done + # Copy mdevd. + for BIN in ${pkgs.mdevd}/bin/*; do + copy_bin_and_libs $BIN + done + # Copy modprobe. copy_bin_and_libs ${pkgs.kmod}/bin/kmod ln -sf kmod $out/bin/modprobe @@ -345,6 +350,9 @@ let { object = pkgs.kmod-debian-aliases; symlink = "/etc/modprobe.d/debian.conf"; } + { object = config.system.build.mdevConf; + symlink = "/etc/mdev.conf"; + } ] ++ lib.optionals config.services.multipath.enable [ { object = pkgs.runCommand "multipath.conf" { src = config.environment.etc."multipath.conf".text; @@ -416,12 +424,15 @@ let ${compressorExe} ${lib.escapeShellArgs initialRamdisk.compressorArgs} >> "$1" ''; + mdevConf = builtins.toFile "mdev.conf" '' + .* 0:0 777 + ''; in { config = mkIf config.boot.initrd.enable { - system.build = lib.mapAttrs (_: lib.mkForce) { inherit bootStage1 initialRamdisk initialRamdiskSecretAppender extraUtils; }; + system.build = lib.mapAttrs (_: lib.mkForce) { inherit bootStage1 initialRamdisk initialRamdiskSecretAppender extraUtils mdevConf; }; }; } diff --git a/nixos/modules/synit/etc/core/eudev.pr b/nixos/modules/synit/etc/core/eudev.pr deleted file mode 100644 index 97ed7c9..0000000 --- a/nixos/modules/synit/etc/core/eudev.pr +++ /dev/null @@ -1,6 +0,0 @@ -> - - -> - up>> -> diff --git a/nixos/modules/synit/etc/default.nix b/nixos/modules/synit/etc/default.nix index c47262e..495a67a 100644 --- a/nixos/modules/synit/etc/default.nix +++ b/nixos/modules/synit/etc/default.nix @@ -11,6 +11,10 @@ let in { environment.etc = { + "mdev.conf".text = '' + .* 0:0 660 + ''; + "syndicate/boot".source = substituteDirectory { src = ./boot; getty = "${pkgs.busybox}/bin/busybox getty";