public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace the activation script by one which is completely generated. 

svn path=/nixos/branches/fix-style/; revision=13683
This commit is contained in:
Nicolas Pierron 2009-01-02 16:07:24 +00:00
parent 1b32260084
commit 7cdb7d38ef
4 changed files with 117 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
system/activate-configuration.nix
View File

@ -2,15 +2,26 @@
{pkgs, config, ...}: {pkgs, config, ...}:
let let
inherit (pkgs.stringsWithDeps) textClosureOverridable; inherit (pkgs.stringsWithDeps) textClosureOverridable noDepEntry;
inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten id; inherit (pkgs.lib) mkOption mergeTypedOption mergeAttrs mapRecordFlatten mapAttrs;
textClosure = steps: textClosure = steps:
textClosureOverridable steps textClosureOverridable steps (
(["#!/bin/sh"] ++ (mapRecordFlatten (a: v: v) steps)); [(noDepEntry "#!/bin/sh")]
++ (mapRecordFlatten (a: v: v) steps)
);
aggregateScripts = name: steps: aggregateScripts = name: steps:
pkgs.writeScript name (textClosure steps); pkgs.writeScript name (textClosure steps);
addAttributeName = mapAttrs (a: v: {
text = ''
#### ${a} begin
${v.text}
#### ${a} end
'';
inherit (v) deps;
});
in in
{ {
@ -34,7 +45,7 @@ in
and so on). and so on).
''; '';
merge = mergeTypedOption "script" builtins.isAttrs mergeAttrs; merge = mergeTypedOption "script" builtins.isAttrs mergeAttrs;
apply = lib: { apply = set: let lib = addAttributeName set; in {
inherit lib; # used to fetch dependencies. inherit lib; # used to fetch dependencies.
script = aggregateScripts "activationScript" lib; script = aggregateScripts "activationScript" lib;
}; };

58
system/activate-configuration.sh
View File

@ -1,58 +0,0 @@
#! @shell@
source @newActivationScript@
# Make a few setuid programs work.
PATH=@systemPath@/bin:@systemPath@/sbin:$PATH
save_PATH="$PATH"
# Add the default profile to the search path for setuid executables.
PATH="/nix/var/nix/profiles/default/sbin:$PATH"
PATH="/nix/var/nix/profiles/default/bin:$PATH"
wrapperDir=@wrapperDir@
if test -d $wrapperDir; then rm -f $wrapperDir/*; fi
mkdir -p $wrapperDir
for i in @setuidPrograms@; do
program=$(type -tp $i)
if test -z "$program"; then
# XXX: It would be preferable to detect this problem before
# `activate-configuration' is invoked.
#echo "WARNING: No executable named \`$i' was found" >&2
#echo "WARNING: but \`$i' was specified as a setuid program." >&2
true
else
cp "$(type -tp setuid-wrapper)" $wrapperDir/$i
echo -n "$program" > $wrapperDir/$i.real
chown root.root $wrapperDir/$i
chmod 4755 $wrapperDir/$i
fi
done
@adjustSetuidOwner@
PATH="$save_PATH"
# Set the host name. Don't clear it if it's not configured in the
# NixOS configuration, since it may have been set by dhclient in the
# meantime.
if test -n "@hostName@"; then
hostname @hostName@
else
# dhclient won't do anything if the hostname isn't empty.
if test "$(hostname)" = "(none)"; then
hostname ''
fi
fi
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /var/run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
# Prevent the current configuration from being garbage-collected.
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system

103
system/system-options.nix
View File

@ -1,4 +1,5 @@
# this file contains all extendable options originally defined in system.nix # this file contains all extendable options originally defined in system.nix
# TODO: split it to make it readable.
{pkgs, config, ...}: {pkgs, config, ...}:
###### interface ###### interface
@ -73,6 +74,7 @@ in
###### implementation ###### implementation
let let
inherit (pkgs.stringsWithDeps) noDepEntry FullDepEntry PackEntry; inherit (pkgs.stringsWithDeps) noDepEntry FullDepEntry PackEntry;
inherit (pkgs.lib) mapRecordFlatten;
activateLib = config.system.activationScripts.lib; activateLib = config.system.activationScripts.lib;
in in
@ -120,7 +122,7 @@ in
# Create the required /bin/sh symlink; otherwise lots of things # Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work. # (notably the system() function) won't work.
mkdir -m 0755 -p $mountPoint/bin mkdir -m 0755 -p $mountPoint/bin
ln -sfn @bash@/bin/sh $mountPoint/bin/sh ln -sfn ${pkgs.bash}/bin/sh $mountPoint/bin/sh
'' [ '' [
activateLib.defaultPath # path to ln & mkdir activateLib.defaultPath # path to ln & mkdir
activateLib.stdio # ? activateLib.stdio # ?
@ -132,7 +134,7 @@ in
# when the kernel (or some module) auto-loads a module. # when the kernel (or some module) auto-loads a module.
# !!! maybe this should only happen at boot time, since we shouldn't # !!! maybe this should only happen at boot time, since we shouldn't
# use modules that don't match the running kernel. # use modules that don't match the running kernel.
echo @modprobe@/sbin/modprobe > /proc/sys/kernel/modprobe echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
'' [ '' [
# ? # ?
]; ];
@ -175,7 +177,7 @@ in
touch /etc/shadow; chmod 0600 /etc/shadow touch /etc/shadow; chmod 0600 /etc/shadow
# Can't use useradd, since it complains that it doesn't know us # Can't use useradd, since it complains that it doesn't know us
# (bootstrap problem!). # (bootstrap problem!).
echo "root:x:0:0:System administrator:$rootHome:@defaultShell@" >> /etc/passwd echo "root:x:0:0:System administrator:$rootHome:${config.system.shell}" >> /etc/passwd
echo "root::::::::" >> /etc/shadow echo "root::::::::" >> /etc/shadow
echo | passwd --stdin root echo | passwd --stdin root
fi fi
@ -213,6 +215,101 @@ in
activateLib.etc # /etc/nix.conf activateLib.etc # /etc/nix.conf
activateLib.users # nixbld group activateLib.users # nixbld group
]; ];
path = FullDepEntry ''
PATH=${config.system.path}/bin:${config.system.path}/sbin:$PATH
'' [
activateLib.defaultPath
];
setuid =
let
setuidPrograms = builtins.toString (
config.security.setuidPrograms ++
config.security.extraSetuidPrograms ++
map (x: x.program) config.security.setuidOwners
);
adjustSetuidOwner = pkgs.lib.concatStrings (map
(_entry: let entry = {
owner = "nobody";
group = "nogroup";
setuid = false;
setgid = false;
} //_entry; in
''
chown ${entry.owner}.${entry.group} $wrapperDir/${entry.program}
chmod u${if entry.setuid then "+" else "-"}s $wrapperDir/${entry.program}
chmod g${if entry.setgid then "+" else "-"}s $wrapperDir/${entry.program}
'')
config.security.setuidOwners);
in FullDepEntry ''
# Make a few setuid programs work.
save_PATH="$PATH"
# Add the default profile to the search path for setuid executables.
PATH="/nix/var/nix/profiles/default/sbin:$PATH"
PATH="/nix/var/nix/profiles/default/bin:$PATH"
wrapperDir=${config.system.wrapperDir}
if test -d $wrapperDir; then rm -f $wrapperDir/*; fi # */
mkdir -p $wrapperDir
for i in ${setuidPrograms}; do
program=$(type -tp $i)
if test -z "$program"; then
# XXX: It would be preferable to detect this problem before
# `activate-configuration' is invoked.
#echo "WARNING: No executable named \`$i' was found" >&2
#echo "WARNING: but \`$i' was specified as a setuid program." >&2
true
else
cp "$(type -tp setuid-wrapper)" $wrapperDir/$i
echo -n "$program" > $wrapperDir/$i.real
chown root.root $wrapperDir/$i
chmod 4755 $wrapperDir/$i
fi
done
${adjustSetuidOwner}
PATH="$save_PATH"
'' [
activateLib.path
activateLib.users
];
hostname = FullDepEntry ''
# Set the host name. Don't clear it if it's not configured in the
# NixOS configuration, since it may have been set by dhclient in the
# meantime.
${if config.networking.hostName == "" then
''hostname "${config.networking.hostName}"''
else ''
# dhclient won't do anything if the hostname isn't empty.
if test "$(hostname)" = "(none)"; then
hostname ""
fi
''}
'' [
activateLib.path
];
# The activation have to be done at the end. Therefore, this entry
# depends on all scripts declared in the activation library.
activate = FullDepEntry ''
# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /var/run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /var/run/current-system
# Prevent the current configuration from being garbage-collected.
ln -sfn /var/run/current-system /nix/var/nix/gcroots/current-system
'' (mapRecordFlatten (a: v: v)
# should be removed if this does not cause an infinite recursion.
(activateLib // { activate = { text = ""; deps = []; }; })
);
}; };
}; };
} }

31
system/system.nix
View File

@ -186,36 +186,7 @@ rec {
# The script that activates the configuration, i.e., it sets up # The script that activates the configuration, i.e., it sets up
# /etc, accounts, etc. It doesn't do anything that can only be done # /etc, accounts, etc. It doesn't do anything that can only be done
# at boot time (such as start `init'). # at boot time (such as start `init').
# DO NOT EXTEND THIS. You should use the option system-option.nix activateConfiguration = config.system.activationScripts.script;
activateConfiguration = pkgs.substituteAll rec {
src = ./activate-configuration.sh;
isExecutable = true;
newActivationScript = config.system.activationScripts.script;
inherit wrapperDir systemPath modprobe defaultShell kernel;
hostName = config.networking.hostName;
setuidPrograms =
config.security.setuidPrograms ++
config.security.extraSetuidPrograms ++
map ( x : x.program ) config.security.setuidOwners;
bash = pkgs.bashInteractive;
adjustSetuidOwner = pkgs.lib.concatStrings (map
(_entry: let entry = {
owner = "nobody";
group = "nogroup";
setuid = false;
setgid = false;
} //_entry; in
''
chown ${entry.owner}.${entry.group} $wrapperDir/${entry.program}
chmod u${if entry.setuid then "+" else "-"}s $wrapperDir/${entry.program}
chmod g${if entry.setgid then "+" else "-"}s $wrapperDir/${entry.program}
'')
config.security.setuidOwners);
};
# The init script of boot stage 2, which is supposed to do # The init script of boot stage 2, which is supposed to do