From a5ad8b4f69d541f1b8e456eb5d405b1558df9885 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 4 Apr 2017 22:50:48 +0200
Subject: [PATCH 1/5] stage-2: simplify exporting path

---
 nixos/modules/system/boot/stage-2-init.sh | 17 +----------------
 nixos/modules/system/boot/stage-2.nix     | 10 +++++-----
 2 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index f827e530f87..99930fb95a6 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -2,7 +2,7 @@
 
 systemConfig=@systemConfig@
 
-export HOME=/root
+export HOME=/root PATH="@path@"
 
 
 # Print a greeting.
@@ -11,21 +11,6 @@ echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
 echo
 
 
-# Set the PATH.
-setPath() {
-    local dirs="$1"
-    export PATH=/empty
-    for i in $dirs; do
-        PATH=$PATH:$i/bin
-        if test -e $i/sbin; then
-            PATH=$PATH:$i/sbin
-        fi
-    done
-}
-
-setPath "@path@"
-
-
 # Normally, stage 1 mounts the root filesystem read/writable.
 # However, in some environments, stage 2 is executed directly, and the
 # root is read-only.  So make it writable here.
diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix
index 7e4ec2a4a67..a6864bf80c3 100644
--- a/nixos/modules/system/boot/stage-2.nix
+++ b/nixos/modules/system/boot/stage-2.nix
@@ -23,11 +23,11 @@ let
     inherit (config.nix) readOnlyStore;
     inherit (config.networking) useHostResolvConf;
     inherit (config.system.build) earlyMountScript;
-    path =
-      [ pkgs.coreutils
-        pkgs.utillinux
-        pkgs.openresolv
-      ] ++ optional config.nix.readOnlyStore readonlyMountpoint;
+    path = lib.makeBinPath ([
+      pkgs.coreutils
+      pkgs.utillinux
+      pkgs.openresolv
+    ] ++ optional config.nix.readOnlyStore readonlyMountpoint);
     postBootCommands = pkgs.writeText "local-cmds"
       ''
         ${config.boot.postBootCommands}

From b42af252238d8e5a4b737ad39fda503f9d93c36f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 4 Apr 2017 23:27:51 +0200
Subject: [PATCH 2/5] stage-2: replace readonly-mountpoint by findmnt

---
 .../modules/system/boot/readonly-mountpoint.c | 20 -------------------
 nixos/modules/system/boot/stage-2-init.sh     |  4 +++-
 nixos/modules/system/boot/stage-2.nix         | 13 ++----------
 3 files changed, 5 insertions(+), 32 deletions(-)
 delete mode 100644 nixos/modules/system/boot/readonly-mountpoint.c

diff --git a/nixos/modules/system/boot/readonly-mountpoint.c b/nixos/modules/system/boot/readonly-mountpoint.c
deleted file mode 100644
index 27b66687382..00000000000
--- a/nixos/modules/system/boot/readonly-mountpoint.c
+++ /dev/null
@@ -1,20 +0,0 @@
-#include <sys/statvfs.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-int main(int argc, char ** argv) {
-	struct statvfs stat;
-	if (argc != 2) {
-		fprintf(stderr, "Usage: %s PATH", argv[0]);
-		exit(2);
-	}
-	if (statvfs(argv[1], &stat) != 0) {
-		perror("statvfs");
-		exit(3);
-	}
-	if (stat.f_flag & ST_RDONLY)
-		exit(0);
-	else
-		exit(1);
-}
-
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index 99930fb95a6..b5b2acf86ab 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -46,7 +46,9 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
 chown -f 0:30000 /nix/store
 chmod -f 1775 /nix/store
 if [ -n "@readOnlyStore@" ]; then
-    if ! readonly-mountpoint /nix/store; then
+    if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then
+        # FIXME when linux < 4.5 is EOL, switch to atomic bind mounts
+        #mount /nix/store /nix/store -o bind,remount,ro
         mount --bind /nix/store /nix/store
         mount -o remount,ro,bind /nix/store
     fi
diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix
index a6864bf80c3..8db6d2d2f73 100644
--- a/nixos/modules/system/boot/stage-2.nix
+++ b/nixos/modules/system/boot/stage-2.nix
@@ -7,15 +7,6 @@ let
   kernel = config.boot.kernelPackages.kernel;
   activateConfiguration = config.system.activationScripts.script;
 
-  readonlyMountpoint = pkgs.stdenv.mkDerivation {
-    name = "readonly-mountpoint";
-    unpackPhase = "true";
-    installPhase = ''
-      mkdir -p $out/bin
-      cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
-    '';
-  };
-
   bootStage2 = pkgs.substituteAll {
     src = ./stage-2-init.sh;
     shellDebug = "${pkgs.bashInteractive}/bin/bash";
@@ -23,11 +14,11 @@ let
     inherit (config.nix) readOnlyStore;
     inherit (config.networking) useHostResolvConf;
     inherit (config.system.build) earlyMountScript;
-    path = lib.makeBinPath ([
+    path = lib.makeBinPath [
       pkgs.coreutils
       pkgs.utillinux
       pkgs.openresolv
-    ] ++ optional config.nix.readOnlyStore readonlyMountpoint);
+    ];
     postBootCommands = pkgs.writeText "local-cmds"
       ''
         ${config.boot.postBootCommands}

From a17344c2adf7082b90b315eed3d954df0a4fd575 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 5 Apr 2017 00:27:25 +0200
Subject: [PATCH 3/5] stage-2: process options as first action

this way `set -x` is set early
---
 nixos/modules/system/boot/stage-2-init.sh | 30 +++++++++++------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index b5b2acf86ab..19e0877d364 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -5,6 +5,21 @@ systemConfig=@systemConfig@
 export HOME=/root PATH="@path@"
 
 
+# Process the kernel command line.
+for o in $(cat /proc/cmdline); do
+    case $o in
+        boot.debugtrace)
+            # Show each command.
+            set -x
+            ;;
+        resume=*)
+            set -- $(IFS==; echo $o)
+            resumeDevice=$2
+            ;;
+    esac
+done
+
+
 # Print a greeting.
 echo
 echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
@@ -62,21 +77,6 @@ rm -f /etc/mtab* # not that we care about stale locks
 ln -s /proc/mounts /etc/mtab
 
 
-# Process the kernel command line.
-for o in $(cat /proc/cmdline); do
-    case $o in
-        boot.debugtrace)
-            # Show each command.
-            set -x
-            ;;
-        resume=*)
-            set -- $(IFS==; echo $o)
-            resumeDevice=$2
-            ;;
-    esac
-done
-
-
 # More special file systems, initialise required directories.
 [ -e /proc/bus/usb ] && mount -t usbfs usbfs /proc/bus/usb # UML doesn't have USB by default
 mkdir -m 01777 -p /tmp

From e3f031b200dfb92ecefa73e02878b724194a1d8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 5 Apr 2017 00:28:24 +0200
Subject: [PATCH 4/5] stage-2: reduce mkdir commands

---
 nixos/modules/system/boot/stage-2-init.sh | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index 19e0877d364..2b89c888ac8 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -80,13 +80,9 @@ ln -s /proc/mounts /etc/mtab
 # More special file systems, initialise required directories.
 [ -e /proc/bus/usb ] && mount -t usbfs usbfs /proc/bus/usb # UML doesn't have USB by default
 mkdir -m 01777 -p /tmp
-mkdir -m 0755 -p /var /var/log /var/lib /var/db
-mkdir -m 0755 -p /nix/var
-mkdir -m 0700 -p /root
-chmod 0700 /root
-mkdir -m 0755 -p /bin # for the /bin/sh symlink
-mkdir -m 0755 -p /home
-mkdir -m 0755 -p /etc/nixos
+mkdir -m 0755 -p /var/{log,lib,db} /nix/var /etc/nixos/ \
+    /run/lock /home /bin # for the /bin/sh symlink
+install -m 0700 -d /root
 
 
 # Miscellaneous boot time cleanup.
@@ -98,9 +94,6 @@ rm -f /etc/{group,passwd,shadow}.lock
 rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
 
 
-mkdir -m 0755 -p /run/lock
-
-
 # For backwards compatibility, symlink /var/run to /run, and /var/lock
 # to /run/lock.
 ln -s /run /var/run

From 62c79a1de8e5e65ead62816b7760e12a6804d44b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 5 Apr 2017 00:34:54 +0200
Subject: [PATCH 5/5] stage-2: shellsheck recommendations

---
 nixos/modules/system/boot/stage-2-init.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index 2b89c888ac8..46aed44bf10 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -6,7 +6,7 @@ export HOME=/root PATH="@path@"
 
 
 # Process the kernel command line.
-for o in $(cat /proc/cmdline); do
+for o in $(</proc/cmdline); do
     case $o in
         boot.debugtrace)
             # Show each command.
@@ -107,8 +107,8 @@ fi
 
 
 # Use /etc/resolv.conf supplied by systemd-nspawn, if applicable.
-if [ -n "@useHostResolvConf@" -a -e /etc/resolv.conf ]; then
-    cat /etc/resolv.conf | resolvconf -m 1000 -a host
+if [ -n "@useHostResolvConf@" ] && [ -e /etc/resolv.conf ]; then
+    resolvconf -m 1000 -a host </etc/resolv.conf
 fi
 
 # Log the script output to /dev/kmsg or /run/log/stage-2-init.log.