From 611a21a91956b050932797ed232315c61f73e2a9 Mon Sep 17 00:00:00 2001 From: j-keck Date: Sat, 24 Jan 2015 20:37:55 +0100 Subject: nixos-container: add missing 'nixos-container update' in usage * in nixos-container.pl the mode 'update' is missing in the usage --- nixos/modules/virtualisation/nixos-container.pl | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/nixos-container.pl b/nixos/modules/virtualisation/nixos-container.pl index 9ae5331786cc..a94501ea3426 100644 --- a/nixos/modules/virtualisation/nixos-container.pl +++ b/nixos/modules/virtualisation/nixos-container.pl @@ -22,6 +22,7 @@ Usage: nixos-container list nixos-container start nixos-container stop nixos-container status + nixos-container update [--config ] nixos-container login nixos-container root-login nixos-container run -- args... -- cgit 1.4.1 From 80202fbd2590f7057c117da2072c32f9651c50b8 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Thu, 26 Mar 2015 09:09:18 +0000 Subject: GCE image: Add some recommended sysctl settings. Disable OS level firewall by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991. --- .../virtualisation/google-compute-image.nix | 81 +++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index 98985d2d2c57..b841e0d44227 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -7,6 +7,9 @@ in { imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ]; + # https://cloud.google.com/compute/docs/tutorials/building-images + networking.firewall.enable = lib.mkDefault false; + system.build.googleComputeImage = pkgs.vmTools.runInLinuxVM ( pkgs.runCommand "google-compute-image" @@ -95,6 +98,7 @@ in boot.kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; boot.initrd.kernelModules = [ "virtio_scsi" ]; + boot.kernelModules = [ "virtio_pci" "virtio_net" ]; # Generate a GRUB menu. Amazon's pv-grub uses this to boot our kernel/initrd. boot.loader.grub.device = "/dev/sda"; @@ -108,6 +112,7 @@ in # at instance creation time. services.openssh.enable = true; services.openssh.permitRootLogin = "without-password"; + services.openssh.passwordAuthentication = false; # Force getting the hostname from Google Compute. networking.hostName = mkDefault ""; @@ -178,5 +183,79 @@ in serviceConfig.RemainAfterExit = true; serviceConfig.StandardError = "journal+console"; serviceConfig.StandardOutput = "journal+console"; - }; + }; + + # Setings taken from https://cloud.google.com/compute/docs/tutorials/building-images#providedkernel + boot.kernel.sysctl = { + # enables syn flood protection + "net.ipv4.tcp_syncookies" = lib.mkDefault "1"; + + # ignores source-routed packets + "net.ipv4.conf.all.accept_source_route" = lib.mkDefault "0"; + + # ignores source-routed packets + "net.ipv4.conf.default.accept_source_route" = lib.mkDefault "0"; + + # ignores ICMP redirects + "net.ipv4.conf.all.accept_redirects" = lib.mkDefault "0"; + + # ignores ICMP redirects + "net.ipv4.conf.default.accept_redirects" = lib.mkDefault "0"; + + # ignores ICMP redirects from non-GW hosts + "net.ipv4.conf.all.secure_redirects" = lib.mkDefault "1"; + + # ignores ICMP redirects from non-GW hosts + "net.ipv4.conf.default.secure_redirects" = lib.mkDefault "1"; + + # don't allow traffic between networks or act as a router + "net.ipv4.ip_forward" = lib.mkDefault "0"; + + # don't allow traffic between networks or act as a router + "net.ipv4.conf.all.send_redirects" = lib.mkDefault "0"; + + # don't allow traffic between networks or act as a router + "net.ipv4.conf.default.send_redirects" = lib.mkDefault "0"; + + # reverse path filtering - IP spoofing protection + "net.ipv4.conf.all.rp_filter" = lib.mkDefault "1"; + + # reverse path filtering - IP spoofing protection + "net.ipv4.conf.default.rp_filter" = lib.mkDefault "1"; + + # ignores ICMP broadcasts to avoid participating in Smurf attacks + "net.ipv4.icmp_echo_ignore_broadcasts" = lib.mkDefault "1"; + + # ignores bad ICMP errors + "net.ipv4.icmp_ignore_bogus_error_responses" = lib.mkDefault "1"; + + # logs spoofed, source-routed, and redirect packets + "net.ipv4.conf.all.log_martians" = lib.mkDefault "1"; + + # log spoofed, source-routed, and redirect packets + "net.ipv4.conf.default.log_martians" = lib.mkDefault "1"; + + # implements RFC 1337 fix + "net.ipv4.tcp_rfc1337" = lib.mkDefault "1"; + + # randomizes addresses of mmap base, heap, stack and VDSO page + "kernel.randomize_va_space" = lib.mkDefault "2"; + + # provides protection from ToCToU races + "fs.protected_hardlinks" = lib.mkDefault "1"; + + # provides protection from ToCToU races + "fs.protected_symlinks" = lib.mkDefault "1"; + + # makes locating kernel addresses more difficult + "kernel.kptr_restrict" = lib.mkDefault "1"; + + # set ptrace protections + "kernel.yama.ptrace_scope" = lib.mkDefault "1"; + + # set perf only available to root + "kernel.perf_event_paranoid" = lib.mkDefault "2"; + + }; + } -- cgit 1.4.1 From cbb14299c935c5a6a58f5cdd4775273af4a897c1 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Thu, 26 Mar 2015 09:15:09 +0000 Subject: GCE image: Remove some unnecessary lib prefixes. --- .../virtualisation/google-compute-image.nix | 50 +++++++++++----------- 1 file changed, 25 insertions(+), 25 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index b841e0d44227..ee5485071a35 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -8,7 +8,7 @@ in imports = [ ../profiles/headless.nix ../profiles/qemu-guest.nix ]; # https://cloud.google.com/compute/docs/tutorials/building-images - networking.firewall.enable = lib.mkDefault false; + networking.firewall.enable = mkDefault false; system.build.googleComputeImage = pkgs.vmTools.runInLinuxVM ( @@ -112,7 +112,7 @@ in # at instance creation time. services.openssh.enable = true; services.openssh.permitRootLogin = "without-password"; - services.openssh.passwordAuthentication = false; + services.openssh.passwordAuthentication = mkDefault false; # Force getting the hostname from Google Compute. networking.hostName = mkDefault ""; @@ -188,73 +188,73 @@ in # Setings taken from https://cloud.google.com/compute/docs/tutorials/building-images#providedkernel boot.kernel.sysctl = { # enables syn flood protection - "net.ipv4.tcp_syncookies" = lib.mkDefault "1"; + "net.ipv4.tcp_syncookies" = mkDefault "1"; # ignores source-routed packets - "net.ipv4.conf.all.accept_source_route" = lib.mkDefault "0"; + "net.ipv4.conf.all.accept_source_route" = mkDefault "0"; # ignores source-routed packets - "net.ipv4.conf.default.accept_source_route" = lib.mkDefault "0"; + "net.ipv4.conf.default.accept_source_route" = mkDefault "0"; # ignores ICMP redirects - "net.ipv4.conf.all.accept_redirects" = lib.mkDefault "0"; + "net.ipv4.conf.all.accept_redirects" = mkDefault "0"; # ignores ICMP redirects - "net.ipv4.conf.default.accept_redirects" = lib.mkDefault "0"; + "net.ipv4.conf.default.accept_redirects" = mkDefault "0"; # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.all.secure_redirects" = lib.mkDefault "1"; + "net.ipv4.conf.all.secure_redirects" = mkDefault "1"; # ignores ICMP redirects from non-GW hosts - "net.ipv4.conf.default.secure_redirects" = lib.mkDefault "1"; + "net.ipv4.conf.default.secure_redirects" = mkDefault "1"; # don't allow traffic between networks or act as a router - "net.ipv4.ip_forward" = lib.mkDefault "0"; + "net.ipv4.ip_forward" = mkDefault "0"; # don't allow traffic between networks or act as a router - "net.ipv4.conf.all.send_redirects" = lib.mkDefault "0"; + "net.ipv4.conf.all.send_redirects" = mkDefault "0"; # don't allow traffic between networks or act as a router - "net.ipv4.conf.default.send_redirects" = lib.mkDefault "0"; + "net.ipv4.conf.default.send_redirects" = mkDefault "0"; # reverse path filtering - IP spoofing protection - "net.ipv4.conf.all.rp_filter" = lib.mkDefault "1"; + "net.ipv4.conf.all.rp_filter" = mkDefault "1"; # reverse path filtering - IP spoofing protection - "net.ipv4.conf.default.rp_filter" = lib.mkDefault "1"; + "net.ipv4.conf.default.rp_filter" = mkDefault "1"; # ignores ICMP broadcasts to avoid participating in Smurf attacks - "net.ipv4.icmp_echo_ignore_broadcasts" = lib.mkDefault "1"; + "net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault "1"; # ignores bad ICMP errors - "net.ipv4.icmp_ignore_bogus_error_responses" = lib.mkDefault "1"; + "net.ipv4.icmp_ignore_bogus_error_responses" = mkDefault "1"; # logs spoofed, source-routed, and redirect packets - "net.ipv4.conf.all.log_martians" = lib.mkDefault "1"; + "net.ipv4.conf.all.log_martians" = mkDefault "1"; # log spoofed, source-routed, and redirect packets - "net.ipv4.conf.default.log_martians" = lib.mkDefault "1"; + "net.ipv4.conf.default.log_martians" = mkDefault "1"; # implements RFC 1337 fix - "net.ipv4.tcp_rfc1337" = lib.mkDefault "1"; + "net.ipv4.tcp_rfc1337" = mkDefault "1"; # randomizes addresses of mmap base, heap, stack and VDSO page - "kernel.randomize_va_space" = lib.mkDefault "2"; + "kernel.randomize_va_space" = mkDefault "2"; # provides protection from ToCToU races - "fs.protected_hardlinks" = lib.mkDefault "1"; + "fs.protected_hardlinks" = mkDefault "1"; # provides protection from ToCToU races - "fs.protected_symlinks" = lib.mkDefault "1"; + "fs.protected_symlinks" = mkDefault "1"; # makes locating kernel addresses more difficult - "kernel.kptr_restrict" = lib.mkDefault "1"; + "kernel.kptr_restrict" = mkDefault "1"; # set ptrace protections - "kernel.yama.ptrace_scope" = lib.mkDefault "1"; + "kernel.yama.ptrace_scope" = mkDefault "1"; # set perf only available to root - "kernel.perf_event_paranoid" = lib.mkDefault "2"; + "kernel.perf_event_paranoid" = mkDefault "2"; }; -- cgit 1.4.1 From 4868649f037c4fe80034f281212b8ccd2d0ac148 Mon Sep 17 00:00:00 2001 From: "William A. Kennington III" Date: Sat, 28 Mar 2015 17:15:41 -0700 Subject: nixos/initrd: Generic library copying --- .../scripts/ec2/amazon-hvm-install-config.nix | 6 +-- .../installer/cd-dvd/system-tarball-sheevaplug.nix | 2 +- nixos/modules/system/boot/luksroot.nix | 28 ++++------- nixos/modules/system/boot/stage-1.nix | 58 +++++++++++++--------- nixos/modules/tasks/filesystems/btrfs.nix | 6 +-- nixos/modules/tasks/filesystems/cifs.nix | 2 +- nixos/modules/tasks/filesystems/ext.nix | 5 +- nixos/modules/tasks/filesystems/f2fs.nix | 4 +- nixos/modules/tasks/filesystems/jfs.nix | 2 +- nixos/modules/tasks/filesystems/reiserfs.nix | 3 +- nixos/modules/tasks/filesystems/unionfs-fuse.nix | 5 +- nixos/modules/tasks/filesystems/vfat.nix | 3 +- nixos/modules/tasks/filesystems/xfs.nix | 2 +- nixos/modules/tasks/filesystems/zfs.nix | 13 +++-- nixos/modules/virtualisation/amazon-image.nix | 2 +- nixos/modules/virtualisation/qemu-vm.nix | 2 +- nixos/tests/virtualbox.nix | 5 +- 17 files changed, 71 insertions(+), 77 deletions(-) (limited to 'nixos/modules/virtualisation') diff --git a/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix b/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix index 530769cec5b7..c0ec38bf489a 100644 --- a/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix +++ b/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix @@ -23,9 +23,9 @@ in boot.kernelParams = [ "console=ttyS0" ]; boot.initrd.extraUtilsCommands = '' - cp -v ${pkgs.gawk}/bin/gawk $out/bin/gawk - cp -v ${pkgs.gnused}/bin/sed $out/bin/gnused - cp -v ${pkgs.utillinux}/sbin/sfdisk $out/bin/sfdisk + copy_bin_and_libs ${pkgs.gawk}/bin/gawk + copy_bin_and_libs ${pkgs.gnused}/bin/sed + copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk cp -v ${growpart} $out/bin/growpart ''; boot.initrd.postDeviceCommands = '' diff --git a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix index 4ce7582c166a..46dc1c705022 100644 --- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix +++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix @@ -98,7 +98,7 @@ in boot.initrd.extraUtilsCommands = '' - cp ${pkgs.utillinux}/sbin/hwclock $out/bin + copy_bin_and_libs ${pkgs.utillinux}/sbin/hwclock ''; boot.initrd.postDeviceCommands = diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index da5bb8fe0661..20eee8e06e07 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -405,29 +405,19 @@ in # copy the cryptsetup binary and it's dependencies boot.initrd.extraUtilsCommands = '' - cp -pdv ${pkgs.cryptsetup}/sbin/cryptsetup $out/bin - - cp -pdv ${pkgs.libgcrypt_1_6}/lib/libgcrypt*.so.* $out/lib - cp -pdv ${pkgs.libgpgerror}/lib/libgpg-error*.so.* $out/lib - cp -pdv ${pkgs.cryptsetup}/lib/libcryptsetup*.so.* $out/lib - cp -pdv ${pkgs.popt}/lib/libpopt*.so.* $out/lib + copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup ${optionalString luks.yubikeySupport '' - cp -pdv ${pkgs.ykpers}/bin/ykchalresp $out/bin - cp -pdv ${pkgs.ykpers}/bin/ykinfo $out/bin - cp -pdv ${pkgs.openssl}/bin/openssl $out/bin - - cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o $out/bin/pbkdf2-sha512 -lcrypto - strip -s $out/bin/pbkdf2-sha512 + copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp + copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo + copy_bin_and_libs ${pkgs.openssl}/bin/openssl - cp -pdv ${pkgs.libusb1}/lib/libusb*.so.* $out/lib - cp -pdv ${pkgs.ykpers}/lib/libykpers*.so.* $out/lib - cp -pdv ${pkgs.libyubikey}/lib/libyubikey*.so.* $out/lib - cp -pdv ${pkgs.openssl}/lib/libssl*.so.* $out/lib - cp -pdv ${pkgs.openssl}/lib/libcrypto*.so.* $out/lib + cc -O3 -I${pkgs.openssl}/include -L${pkgs.openssl}/lib ${./pbkdf2-sha512.c} -o pbkdf2-sha512 -lcrypto + strip -s pbkdf2-sha512 + copy_bin_and_libs pbkdf2-sha512 - mkdir -p $out/etc/ssl - cp -pdv ${pkgs.openssl}/etc/ssl/openssl.cnf $out/etc/ssl + mkdir -p $out/etc/ssl + cp -pdv ${pkgs.openssl}/etc/ssl/openssl.cnf $out/etc/ssl cat > $out/bin/openssl-wrap <&1 | grep "BusyBox" + $out/bin/blkid >/dev/null $out/bin/udevadm --version $out/bin/dmsetup --version 2>&1 | tee -a log | grep "version:" LVM_SYSTEM_DIR=$out $out/bin/lvm version 2>&1 | tee -a log | grep "LVM" diff --git a/nixos/modules/tasks/filesystems/btrfs.nix b/nixos/modules/tasks/filesystems/btrfs.nix index d0a2ac645e0b..049f7708d739 100644 --- a/nixos/modules/tasks/filesystems/btrfs.nix +++ b/nixos/modules/tasks/filesystems/btrfs.nix @@ -17,13 +17,9 @@ in boot.initrd.extraUtilsCommands = mkIf inInitrd '' - mkdir -p $out/bin - cp -v ${pkgs.btrfsProgs}/bin/btrfs $out/bin + copy_bin_and_libs ${pkgs.btrfsProgs}/bin/btrfs ln -sv btrfs $out/bin/btrfsck ln -sv btrfsck $out/bin/fsck.btrfs - # !!! Increases uncompressed initrd by 240k - cp -pv ${pkgs.zlib}/lib/libz.so* $out/lib - cp -pv ${pkgs.lzo}/lib/liblzo2.so* $out/lib ''; boot.initrd.extraUtilsCommandsTest = mkIf inInitrd diff --git a/nixos/modules/tasks/filesystems/cifs.nix b/nixos/modules/tasks/filesystems/cifs.nix index c60f175db841..3932b5c9acf9 100644 --- a/nixos/modules/tasks/filesystems/cifs.nix +++ b/nixos/modules/tasks/filesystems/cifs.nix @@ -18,7 +18,7 @@ in boot.initrd.extraUtilsCommands = mkIf inInitrd '' - cp -v ${pkgs.cifs_utils}/sbin/mount.cifs $out/bin + copy_bin_and_libs ${pkgs.cifs_utils}/sbin/mount.cifs ''; }; diff --git a/nixos/modules/tasks/filesystems/ext.nix b/nixos/modules/tasks/filesystems/ext.nix index 24592e9d5882..cc9d0ef37d59 100644 --- a/nixos/modules/tasks/filesystems/ext.nix +++ b/nixos/modules/tasks/filesystems/ext.nix @@ -10,12 +10,11 @@ boot.initrd.extraUtilsCommands = '' # Copy e2fsck and friends. - cp -v ${pkgs.e2fsprogs}/sbin/e2fsck $out/bin - cp -v ${pkgs.e2fsprogs}/sbin/tune2fs $out/bin + copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/e2fsck + copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/tune2fs ln -sv e2fsck $out/bin/fsck.ext2 ln -sv e2fsck $out/bin/fsck.ext3 ln -sv e2fsck $out/bin/fsck.ext4 - cp -pdv ${pkgs.e2fsprogs}/lib/lib*.so.* $out/lib ''; }; diff --git a/nixos/modules/tasks/filesystems/f2fs.nix b/nixos/modules/tasks/filesystems/f2fs.nix index 1ed7b1b6a62e..430ac630a885 100644 --- a/nixos/modules/tasks/filesystems/f2fs.nix +++ b/nixos/modules/tasks/filesystems/f2fs.nix @@ -13,9 +13,7 @@ in boot.initrd.availableKernelModules = mkIf inInitrd [ "f2fs" ]; boot.initrd.extraUtilsCommands = mkIf inInitrd '' - mkdir -p $out/bin $out/lib - cp -v ${pkgs.f2fs-tools}/sbin/fsck.f2fs $out/bin - cp -pdv ${pkgs.f2fs-tools}/lib/lib*.so.* $out/lib + copy_bin_and_libs ${pkgs.f2fs-tools}/sbin/fsck.f2fs ''; }; } diff --git a/nixos/modules/tasks/filesystems/jfs.nix b/nixos/modules/tasks/filesystems/jfs.nix index b7091ce9b184..fc3905c7dc20 100644 --- a/nixos/modules/tasks/filesystems/jfs.nix +++ b/nixos/modules/tasks/filesystems/jfs.nix @@ -13,7 +13,7 @@ in boot.initrd.kernelModules = mkIf inInitrd [ "jfs" ]; boot.initrd.extraUtilsCommands = mkIf inInitrd '' - cp -v ${pkgs.jfsutils}/sbin/fsck.jfs "$out/bin/" + copy_bin_and_libs ${pkgs.jfsutils}/sbin/fsck.jfs ''; }; } diff --git a/nixos/modules/tasks/filesystems/reiserfs.nix b/nixos/modules/tasks/filesystems/reiserfs.nix index a3bfb3fed8ef..900e2eb75752 100644 --- a/nixos/modules/tasks/filesystems/reiserfs.nix +++ b/nixos/modules/tasks/filesystems/reiserfs.nix @@ -17,8 +17,7 @@ in boot.initrd.extraUtilsCommands = mkIf inInitrd '' - cp -v ${pkgs.reiserfsprogs}/sbin/reiserfsck $out/bin - ln -sv reiserfsck $out/bin/fsck.reiserfs + copy_bin_and_libs ${pkgs.reiserfsprogs}/sbin/reiserfsck ''; }; diff --git a/nixos/modules/tasks/filesystems/unionfs-fuse.nix b/nixos/modules/tasks/filesystems/unionfs-fuse.nix index fe195e0db0b6..3e38bffa3ba2 100644 --- a/nixos/modules/tasks/filesystems/unionfs-fuse.nix +++ b/nixos/modules/tasks/filesystems/unionfs-fuse.nix @@ -7,9 +7,8 @@ boot.initrd.kernelModules = [ "fuse" ]; boot.initrd.extraUtilsCommands = '' - cp -v ${pkgs.fuse}/lib/libfuse* $out/lib - cp -v ${pkgs.fuse}/sbin/mount.fuse $out/bin - cp -v ${pkgs.unionfs-fuse}/bin/unionfs $out/bin + copy_bin_and_libs ${pkgs.fuse}/sbin/mount.fuse + copy_bin_and_libs ${pkgs.unionfs-fuse}/bin/unionfs substitute ${pkgs.unionfs-fuse}/sbin/mount.unionfs-fuse $out/bin/mount.unionfs-fuse \ --replace '${pkgs.bash}/bin/bash' /bin/sh \ --replace '${pkgs.fuse}/sbin' /bin \ diff --git a/nixos/modules/tasks/filesystems/vfat.nix b/nixos/modules/tasks/filesystems/vfat.nix index 4cfe6e208f7e..8ebdf0d12f81 100644 --- a/nixos/modules/tasks/filesystems/vfat.nix +++ b/nixos/modules/tasks/filesystems/vfat.nix @@ -17,8 +17,7 @@ in boot.initrd.extraUtilsCommands = mkIf inInitrd '' - cp -v ${pkgs.dosfstools}/sbin/dosfsck $out/bin - ln -sv dosfsck $out/bin/fsck.vfat + copy_bin_and_libs ${pkgs.dosfstools}/sbin/dosfsck ''; }; diff --git a/nixos/modules/tasks/filesystems/xfs.nix b/nixos/modules/tasks/filesystems/xfs.nix index 5225b62a88c5..d7c3930f4a3c 100644 --- a/nixos/modules/tasks/filesystems/xfs.nix +++ b/nixos/modules/tasks/filesystems/xfs.nix @@ -17,7 +17,7 @@ in boot.initrd.extraUtilsCommands = mkIf inInitrd '' - cp -v ${pkgs.xfsprogs}/sbin/fsck.xfs $out/bin + copy_bin_and_libs ${pkgs.xfsprogs}/sbin/fsck.xfs ''; # Trick just to set 'sh' after the extraUtils nuke-refs. diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 1ac89c4c2554..d4b10e9ed09e 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -203,11 +203,14 @@ in kernelModules = [ "spl" "zfs" ]; extraUtilsCommands = '' - cp -v ${zfsUserPkg}/sbin/zfs $out/bin - cp -v ${zfsUserPkg}/sbin/zdb $out/bin - cp -v ${zfsUserPkg}/sbin/zpool $out/bin - cp -pdv ${zfsUserPkg}/lib/lib*.so* $out/lib - cp -pdv ${pkgs.zlib}/lib/lib*.so* $out/lib + copy_bin_and_libs ${zfsUserPkg}/sbin/zfs + copy_bin_and_libs ${zfsUserPkg}/sbin/zdb + copy_bin_and_libs ${zfsUserPkg}/sbin/zpool + ''; + extraUtilsCommandsTest = mkIf inInitrd + '' + $out/bin/zfs --help >/dev/null 2>&1 + $out/bin/zpool --help >/dev/null 2>&1 ''; postDeviceCommands = concatStringsSep "\n" (['' ZFS_FORCE="${optionalString cfgZfs.forceImportRoot "-f"}" diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index 0473c2454e22..600a29f31bc5 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -165,7 +165,7 @@ in boot.initrd.extraUtilsCommands = '' # We need swapon in the initrd. - cp --remove-destination ${pkgs.utillinux}/sbin/swapon $out/bin + copy_bin_and_libs ${pkgs.utillinux}/sbin/swapon ''; # Don't put old configurations in the GRUB menu. The user has no diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index a5a133dfa5dc..8c7e840910de 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -346,7 +346,7 @@ in boot.initrd.extraUtilsCommands = '' # We need mke2fs in the initrd. - cp -vf --remove-destination ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin + copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/mke2fs ''; boot.initrd.postDeviceCommands = diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index b2b1ec877798..febe0923ba23 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -39,9 +39,8 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let ]; boot.initrd.extraUtilsCommands = '' - cp -av -t "$out/bin/" \ - "${pkgs.linuxPackages.virtualboxGuestAdditions}/sbin/mount.vboxsf" \ - "${pkgs.utillinux}/bin/unshare" + copy_bin_and_libs "${pkgs.linuxPackages.virtualboxGuestAdditions}/sbin/mount.vboxsf" + copy_bin_and_libs "${pkgs.utillinux}/bin/unshare" ${(attrs.extraUtilsCommands or (const "")) pkgs} ''; -- cgit 1.4.1