nixos/iso-image: Support systemd initrd#291750
Conversation
github-actions
bot
added
6.topic: nixos
K900
left a comment
K900
left a comment
There was a problem hiding this comment.
Diff LGTM, will test on weird setups later
|
Oh, forgot to mention the weird thing with |
ofborg
bot
added
10.rebuild-darwin: 0
|
Things I found so far:
|
ElvishJerricco
force-pushed
the
systemd-initrd-iso
branch
from
9510f63 to
8690124
Compare
|
@K900 Fixed the recovery shell thing; though not in a way compliant with the |
|
Related: #217173 |
ElvishJerricco
force-pushed
the
systemd-initrd-iso
branch
from
8690124 to
c4d9e6a
Compare
|
@nikstur |
What does that mean? From my understanding, the |
|
@RaitoBezarius well that's what I mean. Ideally, systemd stage 1 would still support (most of) the same cmdline parameters (see: #170125). The |
IMO systemd's emergency shell fulfills this use case adequately, even if it's not the same exact behaviour as before. |
|
@nikstur Yea, I've come to largely the same conclusion that we don't need one to one kernel param compatibility. I'm also adding systemd's debug shell service in a separate PR (#299717), so that provides even more functionality similar to what we have in scripted stage 1. We'll just have to document the differences in the cmdline options. |
wegank
added
the
2.status: merge conflict
wegank
added
the
2.status: stale
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/custom-nixos-installer-plug-install-play-how-to-achieve-this/61710/13 |
stale
bot
removed
the
2.status: stale
nixpkgs-ci
bot
added
2.status: stale
ElvishJerricco
force-pushed
the
systemd-initrd-iso
branch
from
c4d9e6a to
c551ce5
Compare
ElvishJerricco
changed the title
nixpkgs-ci
bot
removed
the
2.status: merge conflict
ElvishJerricco
force-pushed
the
systemd-initrd-iso
branch
from
c551ce5 to
db42eeb
Compare
|
With #429845 done, I think we're ready to get this one done now. We plan to switch systemd initrd on by default in the near future, so this PR simply prepares for that by adding support for systemd initrd, rather than switching the ISO to using it directly. Also, I've decided not to try and support the |
@K900 Is this still broken? Still being able to load a NixOS ISO to a ventoy stick seems important, as that's how NixOS frequently gets installed. |
|
@flokli I've researched that pretty extensively and concluded that that was already a problem for the ISO without systemd initrd, it was just less likely. The "hook" it uses just searches the initrd for a directory it thinks it should inject a udev rule file into, but whether or not it guesses the right one correctly basically depends on the order of the hash-addressed paths in the store, and the larger number of store paths in systemd initrd just makes it more likely for that to fail. The only way to fix this is to adopt ventoy's custom protocol that lets the ISO implement ventoy support itself instead of relying on this broken "hook". I have a branch where I've implemented this but it requires a bunch of new code and I'm not happy about that EDIT: To be clear, since researching this, I have encountered countless users who have the same problem with ventoy not working for this reason with the current ISO builds. |
|
Yeah I don’t think we should block on something that’s already broken and inherently fragile. We don’t recommend Ventoy anywhere and one of the first Google results for “Ventoy NixOS” is a Reddit thread full of people talking about how Ventoy doesn’t work with NixOS ISOs. |
emilazy
left a comment
emilazy
left a comment
There was a problem hiding this comment.
Code LGTM; haven’t tested this myself but I expect you have done more thorough testing than I would. (This PR doesn’t flip the default, anyway.)
I personally don’t think it makes sense to support both systemd stage 1 and scripted stage 1 in something we ship as a self‐contained appliance, but since we’re adding support before changing the default that’s somewhat unavoidable for now anyway.
| # Most of util-linux is not included by default. | ||
| initrdBin = [ config.boot.initrd.systemd.package.util-linux ]; | ||
| services.copytoram = { | ||
| description = "Copy ISO contents to RAM"; | ||
| requiredBy = [ "initrd.target" ]; | ||
| before = [ | ||
| "${utils.escapeSystemdPath "/sysroot/nix/.ro-store"}.mount" | ||
| "initrd-switch-root.target" | ||
| ]; | ||
| unitConfig = { | ||
| RequiresMountsFor = "/sysroot/iso"; | ||
| ConditionKernelCommandLine = "copytoram"; | ||
| }; | ||
| serviceConfig = { | ||
| Type = "oneshot"; | ||
| RemainAfterExit = true; | ||
| }; | ||
| path = [ | ||
| pkgs.coreutils | ||
| config.boot.initrd.systemd.package.util-linux | ||
| ]; | ||
| script = '' | ||
| device=$(findmnt -n -o SOURCE --target /sysroot/iso) | ||
| fsSize=$(blockdev --getsize64 "$device" || stat -Lc '%s' "$device") | ||
| mkdir -p /tmp-iso | ||
| mount --bind --make-private /sysroot/iso /tmp-iso | ||
| umount /sysroot/iso | ||
| mount -t tmpfs -o size="$fsSize" tmpfs /sysroot/iso | ||
| cp -r /tmp-iso/* /sysroot/iso/ | ||
| umount /tmp-iso | ||
| rm -r /tmp-iso | ||
| ''; | ||
| }; | ||
| }; |
There was a problem hiding this comment.
(This is kind of gross, but I realize that doing anything about it is out of scope for this PR.)
nixpkgs-ci
bot
added
12.approvals: 2
nixpkgs-ci
bot
added
12.approvals: 3+
When did NixOS ISOs stop working with Ventoy? I tested NixOS 25.05 in Ventoy this week, and that worked. I will be sad if it stops working. |
@bjornfor They never worked reliably with Ventoy. The hook it uses to inject its software in our initrd often fails, seemingly depending on the specific build of the ISO you use rather than any runtime details. IIRC it basically ends up putting its udev rules (which call its small OS's-worth of binaries to set things up in a cursed way) into the wrong directory, probably because the hashes in nix store path names effectively randomizes their order on every build. systemd stage 1 just makes this problem more likely to occur, probably because we don't do the same I can fix this by using Ventoy's custom boot protocol. Tbh it's a relatively sane protocol, except that by default it wants us to scan |
github-project-automation
bot
moved this to Done
in Replace scripted networking with networkd
11 participants
Description of changes
This modifies the ISO configuration to be able to use systemd initrd. It should still work without systemd initrd as well.
Something to note is the removal of the awkward use of the
root=kernel param. In scripted stage 1, the value of this parameter ends up being symlinked to/dev/root, and previously the ISO used this to mount/iso. For one thing, this is an incorrect usage ofroot=. But, I do not know how this will affect other tools flashing the image to a bootable drive. I know we only really support directly writing the image to disk, but I don't want to degrade the experience from people's historical expectations. Also, thefindiso=mechanism will not be supported with systemd initrd. This is a niche feature to begin with, and we intend to stop using grub for the ISO in the near future anyway.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.