Rename remaining uses of renamed option repart.imageFileBasename to
image.baseName.
Follow up to https://github.com/NixOS/nixpkgs/pull/401872
Removes a warning when using repart-verity-store.nix.
These derivation output one or more disk image files and metadata in
JSON, none of which seem to be good targets for patchelf, stripping
or other things that typically happen in fixupPhase.
I noticed that specifically shebang patching took a long time when
building bigger images, roughly doubling build times at times.
This might be due to a traversal of an entire disk images, dozens of
gigabytes in size while looking for interpreters.
All tests in
nix-build -A nixosTests.systemd-repart
passed, but no further testing was done yet.
From systemd-repart(8):
If not specified it is attempted to read the machine ID from the host
(or more precisely, the root directory configured via --root=) and use
it as seed instead, falling back to a randomized seed otherwise. Use
--seed=random to force a randomized seed.
The option documentation now suggests the special value "random", for
a random seed rather than relying on the implicit fact that there is
no machine ID available in the build sandbox, causing repart to fallback
on generating a random seed.
Fixes#419331
I mistakenly added extra whitespace in
https://github.com/NixOS/nixpkgs/pull/401872 which negatively affects
aesthetics of our documentation.
Thought it was part of nixfmt-rfc-styles output, but can't reproduce.
Might have had configured the wrong nixfmt.
It was easy to accidentally trigger infinite recursion if you depended
on `toplevel` in any way before. For instance, if you used
`CopyBlocks` with an image containing `toplevel`. This was because
`toplevel`'s assertion / warning logic has to be evaluated, but that
means evaluating `image.repart`'s assertions / warnings, which
requires evaluating the `repartConfig` attrsets to check for malformed
`Label`s. That causes the module system to type check *all*
`repartConfig` keys, even though most of them aren't used in the
assertions / warnings. So evaluating `system.build.image` evaluates
`repartConfig.CopyBlocks`, which evaluates `toplevel`, which evaluates
assertions / warnings, which evaluates `repartConfig.CopyBlocks` to
type check it. Infinite loop.
Even ignoring this recursion problem, it's still better for the repart
module to have its own assertions / warnings options. You don't have
to use `toplevel` in a repart image, so its assertions / warnings
would have been ignored in that case anyway. This way they're *always*
checked when you build an image.
Replace image-specific options for file name (and basename) with
unified options for basename and extension in order to increase
compatibility with nixos-rebuild build-image
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:
nix-build ci -A fmt.check
This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).
This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).
Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).
If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
The seekable format splits compressed data into a series of independent
frames, each of which can be decompressed individually. This allows to
distribute images in smaller chunks and allows image downloads to be
paused and resumed later from the same point.
Seekable archives as a whole can be decompressed with any regular zstd
decompressor. However, partial decompression requires to know the
starting position of the desired frame, which can be extracted from a
skippable frame (aka seektable) that is appended to the compressed data.
The `/usr` entry in `fileSystems` is superfluous and currently
interferes with the systemd generator. Dropping the `fileSystem` entry
requires making the appropriate module explicitly available in initrd.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
A new NixOS module that adds two new options to `system.build`:
- imageModules: An attrset mapping image variant names to a list of nixos
modules to use when building such images.
- images: An attrset mapping image variant names to a nixos instance
based on the current config plus variant-specific modules (see
`system.build.imageModules` above.
Having access to the original Nix partition definitions in the builder
should make it a bit easier to manipulate them and still provide access
to the manipulated results.
This module provides some abstraction for a multi-stage build to create
a dm-verity protected NixOS repart image.
The opinionated approach realized by this module is to first create an
immutable, verity-protected nix store partition, then embed the root
hash of the corresponding verity hash partition in a UKI, that is then
injected into the ESP of the resulting image.
The UKI can then precisely identify the corresponding data from which
the entire system is bootstrapped.
The module comes with a script that checks the UKI used in the final
image corresponds to the intermediate image created in the first step.
This is necessary to notice incompatible substitutions of
non-reproducible store paths, for example when working with distributed
builds, or when offline-signing the UKI.
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
The maximum label length is specified by UEFI and enforced/asserted by
systemd-repart. This lets evaluation fail already and give the user
some more information about what's wrong.
Also warn when the suggested label length is exceeded. This serves as a
safety mechanism for using systemd-sysupdate style A/B updates where the
version number is encoded in the label and might not be incrementable
when the maximum label size is reached.
