From 90ad879753c476154e65667f8dec12cf5a6c89d4 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:54:08 +0300 Subject: nixos stage-1: unconditionally mount /dev/pts --- nixos/modules/system/boot/initrd-ssh.nix | 3 --- nixos/modules/system/boot/stage-1-init.sh | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index 3e2805a8c341..d0a4ce51148f 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -100,9 +100,6 @@ in ''; boot.initrd.network.postCommands = '' - mkdir /dev/pts - mount -t devpts devpts /dev/pts - echo '${cfg.shell}' > /etc/shells echo 'root:x:0:0:root:/root:${cfg.shell}' > /etc/passwd echo 'passwd: files' > /etc/nsswitch.conf diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 9bffcd31b9b4..055ad2e3e844 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -70,6 +70,8 @@ mount -t sysfs sysfs /sys mount -t devtmpfs -o "size=@devSize@" devtmpfs /dev mkdir -p /run mount -t tmpfs -o "mode=0755,size=@runSize@" tmpfs /run +mkdir /dev/pts +mount -t devpts devpts /dev/pts # Log the script output to /dev/kmsg or /run/log/stage-1-init.log. mkdir -p /tmp -- cgit 1.4.1 From bd0ab027c1c83eb7c26ed50bcf0d77da0c31a1d8 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:21 +0300 Subject: nixos stage-1: recursively process binaries and libraries --- nixos/modules/system/boot/stage-1.nix | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 5e6554324ca4..d031b8a2751b 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -81,9 +81,9 @@ let # Copy ld manually since it isn't detected correctly cp -pv ${pkgs.glibc.out}/lib/ld*.so.? $out/lib - # Copy all of the needed libraries for the binaries - for BIN in $(find $out/{bin,sbin} -type f); do - echo "Copying libs for bin $BIN" + # Copy all of the needed libraries + find $out/bin $out/lib -type f | while read BIN; do + echo "Copying libs for executable $BIN" LDD="$(ldd $BIN)" || continue LIBS="$(echo "$LDD" | awk '{print $3}' | sed '/^$/d')" for LIB in $LIBS; do @@ -104,13 +104,17 @@ let stripDirs "lib bin" "-s" # Run patchelf to make the programs refer to the copied libraries. - for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs -e $out $i; fi; done + find $out/bin $out/lib -type f | while read i; do + if ! test -L $i; then + nuke-refs -e $out $i + fi + done - for i in $out/bin/*; do - if ! test -L $i; then - echo "patching $i..." - patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true - fi + find $out/bin -type f | while read i; do + if ! test -L $i; then + echo "patching $i..." + patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true + fi done # Make sure that the patchelf'ed binaries still work. -- cgit 1.4.1 From e02b5ace0b70341647ac464c1b19c2da14068147 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:43 +0300 Subject: nixos stage-1: guard udevRules from extra references --- nixos/modules/system/boot/stage-1.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index d031b8a2751b..54c3a50c2e6c 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -142,6 +142,7 @@ let udevRules = pkgs.stdenv.mkDerivation { name = "udev-rules"; + allowedReferences = [ extraUtils ]; buildCommand = '' mkdir -p $out -- cgit 1.4.1 From 3508918da2e9e18640aa12214a54940f9aa70f49 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:56:59 +0300 Subject: nixos stage-1: replace udevadm in udevRules --- nixos/modules/system/boot/stage-1.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 54c3a50c2e6c..56a9c38b8f2b 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -165,7 +165,8 @@ let --replace /sbin/mdadm ${extraUtils}/bin/mdadm \ --replace /bin/sh ${extraUtils}/bin/sh \ --replace /usr/bin/readlink ${extraUtils}/bin/readlink \ - --replace /usr/bin/basename ${extraUtils}/bin/basename + --replace /usr/bin/basename ${extraUtils}/bin/basename \ + --replace ${udev}/bin/udevadm ${extraUtils}/bin/udevadm done # Work around a bug in QEMU, which doesn't implement the "READ -- cgit 1.4.1 From d3e3e643cbcaf423f9595abd0e791cda51dfdc07 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 22:57:14 +0300 Subject: nixos stage-1: set extraUtils variable --- nixos/modules/system/boot/stage-1-init.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index 055ad2e3e844..d4277ebd80cf 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -3,6 +3,7 @@ targetRoot=/mnt-root console=tty1 +extraUtils="@extraUtils@" export LD_LIBRARY_PATH=@extraUtils@/lib export PATH=@extraUtils@/bin ln -s @extraUtils@/bin /bin -- cgit 1.4.1 From a2d4235fe13292c7dce2e71963d0ed0f9c204436 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 6 Jul 2016 23:00:44 +0300 Subject: plymouth service: init --- nixos/modules/module-list.nix | 1 + nixos/modules/system/boot/plymouth.nix | 129 +++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 nixos/modules/system/boot/plymouth.nix (limited to 'nixos/modules/system') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index be72c0ef29c0..33ce19dd6528 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -522,6 +522,7 @@ ./system/boot/luksroot.nix ./system/boot/modprobe.nix ./system/boot/networkd.nix + ./system/boot/plymouth.nix ./system/boot/resolved.nix ./system/boot/shutdown.nix ./system/boot/stage-1.nix diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix new file mode 100644 index 000000000000..82c1032937c6 --- /dev/null +++ b/nixos/modules/system/boot/plymouth.nix @@ -0,0 +1,129 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + inherit (pkgs) plymouth; + + cfg = config.boot.plymouth; + + themesEnv = pkgs.buildEnv { + name = "plymouth-themes"; + paths = [ plymouth ] ++ cfg.themePackages; + }; + + configFile = pkgs.writeText "plymouthd.conf" '' + [Daemon] + ShowDelay=0 + Theme=${cfg.theme} + ''; + +in + +{ + + options = { + + boot.plymouth = { + + enable = mkEnableOption "Plymouth boot splash screen"; + + themePackages = mkOption { + default = []; + type = types.listOf types.package; + description = '' + Extra theme packages for plymouth. + ''; + }; + + theme = mkOption { + default = "fade-in"; + type = types.str; + description = '' + Splash screen theme. + ''; + }; + + logo = mkOption { + type = types.path; + default = pkgs.fetchurl { + url = "https://nixos.org/logo/nixos-hires.png"; + sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; + }; + description = '' + Logo which is displayed on the splash screen. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + boot.kernelParams = [ "splash" ]; + + # To be discoverable by systemd. + environment.systemPackages = [ plymouth ]; + + environment.etc."plymouth/plymouthd.conf".source = configFile; + environment.etc."plymouth/plymouthd.defaults".source = "${plymouth}/share/plymouth/plymouth.defaults"; + environment.etc."plymouth/logo.png".source = cfg.logo; + environment.etc."plymouth/themes".source = "${themesEnv}/share/plymouth/themes"; + # XXX: Needed because we supply a different set of plugins in initrd. + environment.etc."plymouth/plugins".source = "${plymouth}/lib/plymouth"; + + systemd.packages = [ plymouth ]; + + systemd.services.plymouth-kexec.wantedBy = [ "kexec.target" ]; + systemd.services.plymouth-halt.wantedBy = [ "halt.target" ]; + systemd.services.plymouth-quit = { + wantedBy = [ "multi-user.target" ]; + after = [ "display-manager.service" "multi-user.target" ]; + }; + systemd.services.plymouth-poweroff.wantedBy = [ "poweroff.target" ]; + systemd.services.plymouth-reboot.wantedBy = [ "reboot.target" ]; + systemd.services.plymouth-read-write.wantedBy = [ "sysinit.target" ]; + + boot.initrd.extraUtilsCommands = '' + copy_bin_and_libs ${pkgs.plymouth}/bin/plymouthd + copy_bin_and_libs ${pkgs.plymouth}/bin/plymouth + + moduleName="$(sed -n 's,ModuleName *= *,,p' ${themesEnv}/share/plymouth/themes/${cfg.theme}/${cfg.theme}.plymouth)" + + mkdir -p $out/lib/plymouth/renderers + cp ${plymouth}/lib/plymouth/{text,details,$moduleName}.so $out/lib/plymouth + cp ${plymouth}/lib/plymouth/renderers/{drm,frame-buffer}.so $out/lib/plymouth/renderers + + mkdir -p $out/share/plymouth/themes + cp ${plymouth}/share/plymouth/plymouthd.defaults $out/share/plymouth + cp -r ${themesEnv}/share/plymouth/themes/{text,details,${cfg.theme}} $out/share/plymouth/themes + cp ${cfg.logo} $out/share/plymouth/logo.png + ''; + + boot.initrd.extraUtilsCommandsTest = '' + $out/bin/plymouthd --help >/dev/null + $out/bin/plymouth --help >/dev/null + ''; + + boot.initrd.extraUdevRulesCommands = '' + cp ${config.systemd.package}/lib/udev/rules.d/{70-uaccess,71-seat}.rules $out + sed -i '/loginctl/d' $out/71-seat.rules + ''; + + boot.initrd.preLVMCommands = mkAfter '' + mkdir -p /etc/plymouth + ln -s ${configFile} /etc/plymouth/plymouthd.conf + ln -s $extraUtils/share/plymouth/plymouthd.defaults /etc/plymouth/plymouthd.defaults + ln -s $extraUtils/share/plymouth/logo.png /etc/plymouth/logo.png + ln -s $extraUtils/share/plymouth/themes /etc/plymouth/themes + ln -s $extraUtils/lib/plymouth /etc/plymouth/plugins + + plymouthd --mode=boot --pid-file=/run/plymouth/pid --attach-to-session + plymouth --show-splash + ''; + + }; + +} -- cgit 1.4.1 From c69c76ca7efecba24aba555c2a03f933997d1fd5 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Thu, 7 Jul 2016 00:44:02 +0300 Subject: nixos stage-1: try to quit plymouth if started on failure --- nixos/modules/system/boot/luksroot.nix | 26 ++++++++++++++++++++++---- nixos/modules/system/boot/stage-1-init.sh | 3 +++ 2 files changed, 25 insertions(+), 4 deletions(-) (limited to 'nixos/modules/system') diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 8dad09c89207..15881b6d3714 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -36,7 +36,7 @@ let ${optionalString (header != null) "--header=${header}"} \ ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \ > /.luksopen_args - cryptsetup-askpass + get_password "Enter LUKS Passphrase" cryptsetup-askpass rm /.luksopen_args } @@ -78,9 +78,7 @@ let for try in $(seq 3); do ${optionalString yubikey.twoFactor '' - echo -n "Enter two-factor passphrase: " - read -s k_user - echo + k_user="$(get_password "Enter two-factor passphrase" cat)" ''} if [ ! -z "$k_user" ]; then @@ -463,6 +461,26 @@ in ''} ''; + boot.initrd.preDeviceCommands = '' + get_password() { + local ret + local reply + local tty_stat + + tty_stat="$(stty -g)" + stty -echo + for i in `seq 1 3`; do + echo -n "$1: " + read reply + echo "$reply" | "$2" + if [ "$?" = "0" ]; then + break + fi + done + stty "$tty_stat" + } + ''; + boot.initrd.preLVMCommands = concatStrings (mapAttrsToList openCommand preLVM); boot.initrd.postDeviceCommands = concatStrings (mapAttrsToList openCommand postLVM); diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh index d4277ebd80cf..6b1bf0b3e028 100644 --- a/nixos/modules/system/boot/stage-1-init.sh +++ b/nixos/modules/system/boot/stage-1-init.sh @@ -14,6 +14,9 @@ export LVM_SUPPRESS_FD_WARNINGS=true fail() { if [ -n "$panicOnFail" ]; then exit 1; fi + # If we have a splash screen started, quit it. + command -v plymouth >/dev/null 2>&1 && plymouth quit + # If starting stage 2 failed, allow the user to repair the problem # in an interactive shell. cat <