diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2018-02-07 16:50:47 +0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2018-02-07 16:54:23 +0100 |
commit | df117acab7bf345500ffada26c240c9f815b7c21 (patch) | |
tree | c10f92b8a64f59d0aa51557bd0d8aa734bc11442 /nixos/lib | |
parent | 5193807750853a592bb7d0202a998d1f2c780cf2 (diff) | |
download | nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar.gz nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar.bz2 nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar.lz nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar.xz nixlib-df117acab7bf345500ffada26c240c9f815b7c21.tar.zst nixlib-df117acab7bf345500ffada26c240c9f815b7c21.zip |
ISO images: Initialize the Nix database with correct NAR hashes/sizes
The boot test now runs "nix verify" to ensure that all hashes are correct.
Diffstat (limited to 'nixos/lib')
-rw-r--r-- | nixos/lib/make-iso9660-image.nix | 9 | ||||
-rw-r--r-- | nixos/lib/make-iso9660-image.sh | 7 | ||||
-rw-r--r-- | nixos/lib/make-squashfs.nix | 42 |
3 files changed, 12 insertions, 46 deletions
diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix index 75be70dbcb2b..c6bafd48f9db 100644 --- a/nixos/lib/make-iso9660-image.nix +++ b/nixos/lib/make-iso9660-image.nix @@ -1,4 +1,4 @@ -{ stdenv, perl, pathsFromGraph, xorriso, syslinux +{ stdenv, perl, closureInfo, xorriso, syslinux , # The file name of the resulting ISO image. isoName ? "cd.iso" @@ -48,9 +48,9 @@ assert usbBootable -> isohybridMbrImage != ""; stdenv.mkDerivation { name = isoName; builder = ./make-iso9660-image.sh; - buildInputs = [perl xorriso syslinux]; + buildInputs = [ xorriso syslinux ]; - inherit isoName bootable bootImage compressImage volumeID pathsFromGraph efiBootImage efiBootable isohybridMbrImage usbBootable; + inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; # !!! should use XML. sources = map (x: x.source) contents; @@ -61,6 +61,5 @@ stdenv.mkDerivation { symlinks = map (x: x.symlink) storeContents; # For obtaining the closure of `storeContents'. - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents; + closureInfo = closureInfo { rootPaths = map (x: x.object) storeContents; }; } diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh index c623436f6c5b..45cdef1ef4df 100644 --- a/nixos/lib/make-iso9660-image.sh +++ b/nixos/lib/make-iso9660-image.sh @@ -72,16 +72,15 @@ done # Add the closures of the top-level store objects. -storePaths=$(perl $pathsFromGraph closure-*) -for i in $storePaths; do +for i in $(< $closureInfo/store-paths); do addPath "${i:1}" "$i" done # Also include a manifest of the closures in a format suitable for # nix-store --load-db. -if [ -n "$object" ]; then - printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration +if [[ ${#objects[*]} != 0 ]]; then + cp $closureInfo/registration nix-path-registration addPath "nix-path-registration" "nix-path-registration" fi diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix index 9d47a3222cc2..7ab84e47f53b 100644 --- a/nixos/lib/make-squashfs.nix +++ b/nixos/lib/make-squashfs.nix @@ -1,4 +1,4 @@ -{ stdenv, squashfsTools, perl, pathsFromGraph +{ stdenv, squashfsTools, closureInfo , # The root directory of the squashfs filesystem is filled with the # closures of the Nix store paths listed here. @@ -8,50 +8,18 @@ stdenv.mkDerivation { name = "squashfs.img"; - nativeBuildInputs = [perl squashfsTools]; - - # For obtaining the closure of `storeContents'. - exportReferencesGraph = - map (x: [("closure-" + baseNameOf x) x]) storeContents; + nativeBuildInputs = [ squashfsTools ]; buildCommand = '' - # Add the closures of the top-level store objects. - storePaths=$(perl ${pathsFromGraph} closure-*) - - # If a Hydra slave happens to have store paths with bad permissions/mtime, - # abort now so that they don't end up in ISO images in the channel. - # https://github.com/NixOS/nixpkgs/issues/32242 - hasBadPaths="" - for path in $storePaths; do - if [ -h "$path" ]; then - continue - fi - - mtime=$(stat -c %Y "$path") - mode=$(stat -c %a "$path") - - if [ "$mtime" != 1 ]; then - echo "Store path '$path' has an invalid mtime." - hasBadPaths=1 - fi - if [ "$mode" != 444 ] && [ "$mode" != 555 ]; then - echo "Store path '$path' has invalid permissions ($mode)." - hasBadPaths=1 - fi - done - - if [ -n "$hasBadPaths" ]; then - echo "You have bad paths in your store, please fix them." - exit 1 - fi + closureInfo=${closureInfo { rootPaths = storeContents; }} # Also include a manifest of the closures in a format suitable # for nix-store --load-db. - printRegistration=1 perl ${pathsFromGraph} closure-* > nix-path-registration + cp $closureInfo/registration nix-path-registration # Generate the squashfs image. - mksquashfs nix-path-registration $storePaths $out \ + mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \ -keep-as-directory -all-root -b 1048576 -comp xz -Xdict-size 100% ''; } |