nixos/etc-overlay: clean up temporary directories (#339802)

2024-11-22 15:03:28 +00:00 · 2024-11-05 17:13:27 +01:00 · 2024-11-05 17:13:27 +01:00 · 0c02b3076c
commit 0c02b3076c
parent baf38dff6f 65f375d172
3 changed files with 47 additions and 4 deletions
--- a/nixos/modules/system/etc/etc.nix
+++ b/nixos/modules/system/etc/etc.nix
@ -231,13 +231,13 @@ in
      if [[ ! $IN_NIXOS_SYSTEMD_STAGE1 ]] && [[ "${config.system.build.etc}/etc" != "$(readlink -f /run/current-system/etc)" ]]; then
        echo "remounting /etc..."

-        tmpMetadataMount=$(mktemp --directory)
+        tmpMetadataMount=$(mktemp --directory -t nixos-etc-metadata.XXXXXXXXXX)
        mount --type erofs ${config.system.build.etcMetadataImage} $tmpMetadataMount

        # Mount the new /etc overlay to a temporary private mount.
        # This needs the indirection via a private bind mount because you
        # cannot move shared mounts.
-        tmpEtcMount=$(mktemp --directory)
+        tmpEtcMount=$(mktemp --directory -t nixos-etc.XXXXXXXXXX)
        mount --bind --make-private $tmpEtcMount $tmpEtcMount
        mount --type overlay overlay \
          --options lowerdir=$tmpMetadataMount::${config.system.build.etcBasedir},${etcOverlayOptions} \
@ -276,6 +276,22 @@ in

        # Unmount the top /etc mount to atomically reveal the new mount.
        umount --lazy --recursive /etc
+
+        # Unmount the temporary mount
+        umount --lazy "$tmpEtcMount"
+        rmdir "$tmpEtcMount"
+
+        # Unmount old metadata mounts
+        # For some reason, `findmnt /tmp --submounts` does not show the nested
+        # mounts. So we'll just find all mounts of type erofs and filter on the
+        # name of the mountpoint.
+        findmnt --type erofs --list --kernel --output TARGET | while read -r mountPoint; do
+          if [[ "$mountPoint" =~ ^/tmp/nixos-etc-metadata\..{10}$ &&
+                "$mountPoint" != "$tmpMetadataMount" ]]; then
+            umount --lazy $mountPoint
+            rmdir "$mountPoint"
+          fi
+        done
      fi
    '' else ''
      # Set up the statically computed bits of /etc.
--- a/nixos/tests/activation/etc-overlay-immutable.nix
+++ b/nixos/tests/activation/etc-overlay-immutable.nix
@ -27,9 +27,14 @@
    specialisation.new-generation.configuration = {
      environment.etc."newgen".text = "newgen";
    };
+    specialisation.newer-generation.configuration = {
+      environment.etc."newergen".text = "newergen";
+    };
  };

-  testScript = ''
+  testScript = /* python */ ''
+    newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip()
+
    with subtest("/run/etc-metadata/ is mounted"):
      print(machine.succeed("mountpoint /run/etc-metadata"))

@ -79,5 +84,13 @@
      print(machine.succeed("ls /etc/mountpoint"))
      print(machine.succeed("stat /etc/mountpoint/extra-file"))
      print(machine.succeed("findmnt /etc/filemount"))
+
+      machine.succeed(f"{newergen} switch")
+
+      tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip()
+      metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip()
+
+      assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts"
+      assert metaMounts == "1", f"Found {metaMounts} remaining metamounts"
  '';
 }
--- a/nixos/tests/activation/etc-overlay-mutable.nix
+++ b/nixos/tests/activation/etc-overlay-mutable.nix
@ -15,9 +15,14 @@
    specialisation.new-generation.configuration = {
      environment.etc."newgen".text = "newgen";
    };
+    specialisation.newer-generation.configuration = {
+      environment.etc."newergen".text = "newergen";
+    };
  };

-  testScript = ''
+  testScript = /* python */ ''
+    newergen = machine.succeed("realpath /run/current-system/specialisation/newer-generation/bin/switch-to-configuration").rstrip()
+
    with subtest("/run/etc-metadata/ is mounted"):
      print(machine.succeed("mountpoint /run/etc-metadata"))

@ -55,5 +60,14 @@
      print(machine.succeed("findmnt /etc/mountpoint"))
      print(machine.succeed("stat /etc/mountpoint/extra-file"))
      print(machine.succeed("findmnt /etc/filemount"))
+
+      machine.succeed(f"{newergen} switch")
+      assert machine.succeed("cat /etc/newergen") == "newergen"
+
+      tmpMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc\\..*' | wc -l").rstrip()
+      metaMounts = machine.succeed("find /tmp -maxdepth 1 -type d -regex '/tmp/nixos-etc-metadata\\..*' | wc -l").rstrip()
+
+      assert tmpMounts == "0", f"Found {tmpMounts} remaining tmpmounts"
+      assert metaMounts == "1", f"Found {metaMounts} remaining metamounts"
  '';
 }