Skip to content

nixos/systemd: Enable debug-shell.service.#299717

Merged
flokli merged 1 commit intoNixOS:masterfrom
ElvishJerricco:systemd-debug-shell
Apr 1, 2024
Merged

nixos/systemd: Enable debug-shell.service.#299717
flokli merged 1 commit intoNixOS:masterfrom
ElvishJerricco:systemd-debug-shell

Conversation

@ElvishJerricco
Copy link
Copy Markdown
Contributor

@ElvishJerricco ElvishJerricco commented Mar 28, 2024

Description of changes

The debug shell is an upstream systemd unit that spawns a bare shell on tty 9. It is enabled by a systemd generator with the systemd.debug_shell cmdline parameter, or the rd.systemd.debug_shell parameter for stage 1.

At first I had some security concern about this, because it's an unauthenticated shell. But you have to be able to edit the cmdline to enable it, and in that case you would be able to use init=/bin/sh anyway. So I think this is no worse than that.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@ElvishJerricco ElvishJerricco requested a review from nikstur March 28, 2024 10:02
@ElvishJerricco ElvishJerricco requested a review from a team as a code owner March 28, 2024 10:02
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. labels Mar 28, 2024
@ElvishJerricco ElvishJerricco mentioned this pull request Mar 28, 2024
Merged
13 tasks
msanft
msanft approved these changes Mar 28, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@msanft msanft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding your security concerns: This should be perfectly fine for the exact reason you've mentioned.

@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Mar 28, 2024
@wegank wegank added the 12.approvals: 2 This PR was reviewed and approved by two persons. label Mar 28, 2024
@ElvishJerricco
Copy link
Copy Markdown
Contributor Author

ElvishJerricco commented Mar 29, 2024

It should be noted that the switch to bashInteractive is a very pleasant switch, but it costs 350K in initrd size. We've been slowly inflating the initrd size for systemd stage 1, and it's up to 17M now, so this isn't exactly welcome. But I personally think it's worth it, and we're still competitive with other distros' initrd sizes. e.g. The one in the fedora 38 vagrant image is 29M.

@wegank wegank added 12.approvals: 3+ This PR was reviewed and approved by three or more persons. and removed 12.approvals: 2 This PR was reviewed and approved by two persons. labels Mar 29, 2024
@wegank wegank removed the 12.approvals: 3+ This PR was reviewed and approved by three or more persons. label Mar 29, 2024
philiptaron
philiptaron approved these changes Mar 30, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@philiptaron philiptaron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I saw the fancier (and weightier) package being added. I think it's worth it by default.

@philiptaron philiptaron added the 12.approvals: 1 This PR was reviewed and approved by one person. label Mar 30, 2024
@wegank wegank added 12.approvals: 3+ This PR was reviewed and approved by three or more persons. and removed 12.approvals: 1 This PR was reviewed and approved by one person. labels Mar 30, 2024
@flokli flokli merged commit fd61db7 into NixOS:master Apr 1, 2024
nazarewk added a commit to nazarewk-iac/nix-configs that referenced this pull request Apr 10, 2024
@nazarewk
fix: debug-shell.service tried to be linked twice
1bf1368 
caused by NixOS/nixpkgs#299717

Signed-off-by: Krzysztof Nazarewski <gpg@kdn.im>
@ElvishJerricco ElvishJerricco mentioned this pull request May 5, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philiptaron philiptaron philiptaron approved these changes

@msanft msanft msanft approved these changes

@nikstur nikstur Awaiting requested review from nikstur

+1 more reviewer

@mjm mjm mjm approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: systemd Software suite that provides an array of system components for Linux operating systems. 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 3+ This PR was reviewed and approved by three or more persons.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ElvishJerricco @mjm @philiptaron @msanft @flokli @wegank