Commit Graph

476 Commits

Author SHA1 Message Date
Nikolay Amiantov
193ab8be67 Revert "nixos stage-1: try to quit plymouth if started on failure"
This reverts commit c69c76ca7e.

This patch was messed up during a rebase -- the commit title doesn't match what
it really does at all (it is actually a broken attempt to get LUKS passphrase
prompts in Plymouth).
2016-07-17 15:03:13 +03:00
Nikolay Amiantov
1848bfc92d Merge branch 'plymouth' into staging 2016-07-13 03:54:38 +03:00
Nikolay Amiantov
c69c76ca7e nixos stage-1: try to quit plymouth if started on failure 2016-07-12 22:22:29 +03:00
Nikolay Amiantov
a2d4235fe1 plymouth service: init 2016-07-12 22:22:29 +03:00
Nikolay Amiantov
d3e3e643cb nixos stage-1: set extraUtils variable 2016-07-12 22:22:29 +03:00
Nikolay Amiantov
3508918da2 nixos stage-1: replace udevadm in udevRules 2016-07-12 22:22:28 +03:00
Nikolay Amiantov
e02b5ace0b nixos stage-1: guard udevRules from extra references 2016-07-12 22:22:28 +03:00
Nikolay Amiantov
bd0ab027c1 nixos stage-1: recursively process binaries and libraries 2016-07-12 22:22:28 +03:00
Nikolay Amiantov
90ad879753 nixos stage-1: unconditionally mount /dev/pts 2016-07-12 22:22:28 +03:00
Bjørn Forsman
2eb8aab42c nixos/systemd: disable timer units with service
A disabled systemd service with a "startAt" attribute, like this:

  systemd.services.foo-service = {
    enable = false;
    startAt = "*-*-* 05:15:00";
    ...
  };

will cause the following errors in the system journal:

  systemd[1]: foo-service.timer: Refusing to start, unit to trigger not loaded.
  systemd[1]: Failed to start foo-service.timer.

Fix it by not generating the corresponding timer unit when the service
is disabled.
2016-07-11 22:42:47 +02:00
Jookia
b187c869f4 systemd-coredump: Add systemd service and fix sysctl pattern. 2016-07-10 18:07:37 +10:00
Tuomas Tynkkynen
931706cdc1 extlinux-conf-builder: Choose whether to use DTBs on per-generation basis
Previously, the value from stdenv.platform.kernelDTB was used. That
doesn't work well if both kinds (DTB and non-DTB) of generations exist
in the system profile.
2016-07-10 03:03:51 +03:00
Bjørn Forsman
aeb516c741 nixos/grub: change state file device separator from ':' to ','
':' is currently used as separator in /boot/grub/state for the list of
devices GRUB should be installed to. The problem is that ':' itself may
appear in a device path:

  /dev/disk/by-id/usb-SanDisk_Cruzer_20043512300546C0B317-0:0

With such a path, NixOS will install GRUB *every* time, because it
thinks the configuration differs from the state file (due to the wrong
list split). Fix it by using ',' as separator.

For existing systems with GRUB installed on multiple devices, this
change means that GRUB will be installed one extra time.
2016-07-06 00:11:57 +02:00
Guillaume Maudoux
86dfaafad2 systemd-logind: reload when logind.conf changed 2016-07-03 00:38:37 +02:00
Alexander Ried
a31e07fc11 modules.resolved: Enhance by upstream options (#15897) 2016-06-26 22:58:04 +02:00
Eelco Dolstra
d0b2524633 Merge pull request #16021 from Baughn/systemd-linger
systemd: Set KillUserProcesses=no in logind.conf
2016-06-20 14:54:03 +02:00
Svein Ove Aas
93c160fabc systemd: Set KillUserProcesses=no in logind.conf
Full discussion at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825394

NixOS is even more of a server OS than Debian, and I can think of no
reason to make users jump through this sort of hoop.
2016-06-06 11:51:51 +01:00
Shea Levy
83c2629f15 Merge pull request #15895 from cerana/stage2-sysfs
stage2: if no /proc, also mount /sys
2016-06-03 11:32:57 -04:00
Nahum Shalman
9b0a5ced13 stage2: if no /proc, also mount /sys 2016-06-01 13:26:14 +00:00
Eelco Dolstra
e8ad22be12 Rename gummiboot module 2016-06-01 12:55:56 +02:00
Eelco Dolstra
9f0e137338 Rename boot.loader.gummiboot.enable -> boot.loader.systemd-boot.enable 2016-06-01 12:55:52 +02:00
Eelco Dolstra
f222689aba Use systemd-boot instead of gummiboot
Gummiboot is part of systemd now so we may as well use it.
2016-05-31 17:02:47 +02:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Eelco Dolstra
845c9b50bf boot.initrd.luks.devices: Change into an attribute set
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain

  boot.initrd.luks.devices.crypted.device = "/dev/disk/...";

while configuration.nix can add

  boot.initrd.luks.devices.crypted.allowDiscards = true;

Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
2016-05-25 18:04:21 +02:00
Eelco Dolstra
32bed83b18 Remove boot.loader.grub.timeout and boot.loader.gummiboot.timeout
There is a generic boot.loader.timeout option.
2016-05-25 11:39:17 +02:00
Eelco Dolstra
0c5ebbd744 Merge pull request #15598 from rnhmjoj/systemd
Remove systemd shell aliases
2016-05-23 10:28:34 +02:00
Vladimír Čunát
0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
rnhmjoj
1d9651e723
Remove systemd shell aliases 2016-05-21 19:25:21 +02:00
Nikolay Amiantov
53b8852498 initrd-ssh service: add assertions for host keys 2016-05-20 23:34:28 +03:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Nikolay Amiantov
17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
aszlig
67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
William A. Kennington III
60b3484928 dbus: Fix for new 1.10 version
(cherry picked from commit 68a4a6df3971d66aa988bba680351a30fbadbed3)
2016-05-02 13:04:20 -05:00
Nikolay Amiantov
5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Tuomas Tynkkynen
1d4b21ef42 treewide: Use correct output of config.nix.package in non-string contexts 2016-04-25 16:44:38 +02:00
Nikolay Amiantov
ab0a0c004e makeSearchPathOutputs: refactor to makeSearchPathOutput 2016-04-25 13:24:39 +03:00
Alexander Ried
1d6990db06 boot.loader.grub: fix variable name (#14855) 2016-04-20 22:27:34 +02:00
Tuomas Tynkkynen
ab428dce14 stage-1: Remove doublePatchelf hack
No longer needed with the new patchelf version.
2016-04-15 01:53:34 +03:00
Eelco Dolstra
840f3230a2 Restore default core limit of 0:infinity
Continuation of 79c3c16dcbb3b45c0f108550cb89ccd4fc855e3b. Systemd 229
sets the default RLIMIT_CORE to infinity, causing systems to be
littered with core dumps when systemd.coredump.enable is disabled.

This restores the 15.09 soft limit of 0 and hard limit of infinity.
2016-04-14 13:18:09 +02:00
Nikolay Amiantov
8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
Vladimír Čunát
39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Moritz Ulrich
e366d8294e systemd.generators: Generate folders via environment.etc. 2016-04-08 14:50:20 +02:00
Moritz Ulrich
88e2cc480f systemd.generator-packages: Option to specify packages providing generators. 2016-04-08 14:50:20 +02:00
joachifm
97c8bf61ef Merge pull request #14474 from MatrixAI/fixed-stage1
nixos/stage-1: Removed logCommands conditional for resetting the file descriptors after completion of logging
2016-04-05 22:39:14 +02:00
Roger Qiu
53e8e93939 nixos/stage-1: Removed logCommands conditional for resetting the file descriptors after completion of logging 2016-04-06 00:27:18 +10:00
Eelco Dolstra
f2af8874e8 Revert "initrd: Use modprobe from busybox"
This reverts commit 45c218f893.

Busybox's modprobe causes numerous "Unknown symbol" errors in the
kernel log, even though the modules do appear to load correctly.
2016-04-01 17:39:09 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Eelco Dolstra
54ca7e9f75 Restore core dumps
Systemd 229 sets kernel.core_pattern to "|/bin/false" by default,
unless systemd-coredump is enabled. Revert back to the default of
writing "core" in the current directory.
2016-03-25 17:29:29 +01:00