nixos/generations-dir: Improve symlinking in /boot

[Majiir]

Description of changes

boot.loader.generationsDir is a simple "boot loader" that creates a directory structure in /boot with symlinks to kernel, initrd, init, and system. This is ideal for some boot loaders (e.g. old or anemic builds of U-Boot) that don't otherwise support a menu of system profiles at boot.

• f7ccb384323830c3af2b7032b6558a46f4cacc0c fixes an issue where those symlinks are broken when /boot has its own partition.
• 15d56abf52a9a404c97744fc25b917f1ce72e243 makes it easier to change the default boot profile by re-pointing the default symlink.
• 9ee1a4b60994514fff2538dc8c6840b232835674 adds an option to suppress the redundant copying of kernel, initrd and init files.
• 69cdd9fb5e9632f88a8aff5788b03fb7cccc600a changes the default for that option to false.

I tested this on an armv7l-linux system which has a U-Boot build from 2011 that lacks support for extlinux.conf. In particular, I tested that:

• U-Boot can follow the double symlinks for the default profile.
• NixOS cleanly updates /boot when upgrading to this branch.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • armv7l-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[ncfavier]

Code LGTM, not sure how to test so I'll wait for others.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/1398

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review/3032/1635

[Majiir]

Rebased and updated the stateVersion check. Still looking for a review/merge.

[RaitoBezarius]

Please wait some days so that I have time to review this properly.

[Majiir]

@RaitoBezarius Have you had a chance to look this over? Anything that can be improved? Thanks.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-in-distress/3604/70

[philiptaron]

This PR makes sense to me, given the use case that @Majiir lays out in the description, and certainly seems no worse than the current implementation.

[RaitoBezarius]

It slipped my mind… I will review it ASAP.

[RaitoBezarius]

Suggested change

	default = versionOlder config.system.stateVersion "23.11";
	default = versionOlder config.system.stateVersion "24.05";

no?

[Majiir]

Fixed the stateVersion

[RaitoBezarius]

LGTM, sorry for the delay, we can proceed once you fix the state version.

[Majiir]

• Rebased on latest master.
• Removed mdDoc usages.

[philiptaron]

I'm planning on merging this after retesting it later today. Any objections, please speak now.

[FliegendeWurst]

This should be 25.05. Looks good otherwise

[K900]

This is not how stateVersion is meant to be used.

[Majiir]

This is not how stateVersion is meant to be used.

nixos/README.md says:

• Ensure that option changes are backward compatible.
  ...
• Use lib.versionAtLeast config.system.stateVersion "24.05" on backward incompatible changes which may corrupt, change or update the state stored on existing setups.

I get that "state" was meant for handling things like Postgres upgrades, but there are plenty of stateVersion checks in nixpkgs that are using it to change a default option value without breaking existing users.

Since this change could break boot, we shouldn't quietly change behavior on users. But the existing behavior is not a good default.

If not stateVersion, then what would you suggest?

[philiptaron]

I'm planning on merging this after retesting it later today. Any objections, please speak now.

Wow, my timer did not go off.

[Majiir]

Wow, my timer did not go off.

🥲 If you look upthread, you'll find you weren't even the first! This is my personal best example of PRs that get nitpicked and delayed. stateVersion went stale three times. But the core change is good, right?

I would remove the stateVersion change to unstick things, but we need @K900 to unblock it in any case, so I think we need an answer first.

[K900]

Keep the old behavior, add a warning that it's deprecated, drop it entirely next release?

[Majiir]

• Rebased on latest master.
• Dropped the last commit (with the stateVersion check) for now.

[K900]

This feels very dangerous. Maybe at least log a warning?

[Majiir]

The delete is required. If $defaultdir is not deleted, then the following ln would error out with ln: default: cannot overwrite directory.

Further up, there is an unconditional rm -Rf /boot/system*. The updates are already destructive and not atomic. Improvements in those areas would be nice, but is it a blocker?

Is the concern that users are storing files in /boot/default other than those created by generationsDir? If so, then what kind of warning would help? At this point in the script, we either finish setting up /boot or the user is left with an unbootable system.

[K900]

It's always hard to tell what is in scope of the bootloader script. IMO if there's an existing directory that contains anything but the files we're about to put there, we should just abort.

Looking to @K900 to either say yay or nay or recuse.