dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos-install: remove root requirement for bind mount

Browse Source 
This moves the creation of the bind mount inside the `nixos-enter`
invocation. The command are executed in an unshared mount namespace, so
they can be run as an unprivileged user.
This commit is contained in:
rnhmjoj 2023-01-17 21:00:38 +01:00
parent 4f50411cfc
commit 2bc5625877
No known key found for this signature in database
GPG Key ID: BFBAF4C975F76450
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nixos/modules/installer/tools/nixos-install.sh
View File

@ -188,17 +188,6 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \
mkdir -m 0755 -p "$mountPoint/etc"
touch "$mountPoint/etc/NIXOS"
# Create a bind mount for each of the mount points inside the target file
# system. This preserves the validity of their absolute paths after changing
# the root with `nixos-enter`.
# Without this the bootloader installation may fail due to options that
# contain paths referenced during evaluation, like initrd.secrets.
if (( EUID == 0 )); then
mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint"
mount --make-rslave "$mountPoint$mountPoint"
trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT
fi
# Switch to the new system configuration. This will install Grub with
# a menu default pointing at the kernel/initrd/etc of the new
# configuration.
@ -206,7 +195,20 @@ if [[ -z $noBootLoader ]]; then
echo "installing the boot loader..."
# Grub needs an mtab.
ln -sfn /proc/mounts "$mountPoint"/etc/mtab
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot
export mountPoint
NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF'
# Create a bind mount for each of the mount points inside the target file
# system. This preserves the validity of their absolute paths after changing
# the root with `nixos-enter`.
# Without this the bootloader installation may fail due to options that
# contain paths referenced during evaluation, like initrd.secrets.
# when not root, re-execute the script in an unshared namespace
mount --rbind --mkdir / "$mountPoint"
mount --make-rslave "$mountPoint"
/run/current-system/bin/switch-to-configuration boot
umount -R "$mountPoint" && rmdir "$mountPoint"
EOF
)"
fi
# Ask the user to set a root password, but only if the passwd command