Merge pull request #215381 from lilyinstarlight/fix/make-initrd-ng-wrapped-executables

make-initrd-ng: support wrapped executables
2025-01-31 09:14:28 +00:00 · 2023-02-20 14:11:48 -05:00 · 2023-02-20 14:11:48 -05:00 · bb7cd63150
commit bb7cd63150
parent d7c89bf807 1fa1b58c25
6 changed files with 52 additions and 5 deletions
--- a/nixos/modules/config/console.nix
+++ b/nixos/modules/config/console.nix
@ -168,7 +168,6 @@ in
          "${config.boot.initrd.systemd.package.kbd}/bin/setfont"
          "${config.boot.initrd.systemd.package.kbd}/bin/loadkeys"
          "${config.boot.initrd.systemd.package.kbd.gzip}/bin/gzip" # Fonts and keyboard layouts are compressed
-          "${config.boot.initrd.systemd.package.kbd.gzip}/bin/.gzip-wrapped"
        ] ++ optionals (hasPrefix builtins.storeDir cfg.font) [
          "${cfg.font}"
        ] ++ optionals (hasPrefix builtins.storeDir cfg.keyMap) [
--- a/nixos/modules/system/boot/systemd/initrd.nix
+++ b/nixos/modules/system/boot/systemd/initrd.nix
@ -427,9 +427,6 @@ in {
        # fido2 support
        "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
        "${pkgs.libfido2}/lib/libfido2.so.1"
-
-        # the unwrapped systemd-cryptsetup executable
-        "${cfg.package}/lib/systemd/.systemd-cryptsetup-wrapped"
      ] ++ jobScripts;

      targets.initrd.aliases = ["default.target"];
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -658,6 +658,7 @@ in {
  systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; };
  systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {};
  systemd-initrd-swraid = handleTest ./systemd-initrd-swraid.nix {};
+  systemd-initrd-vconsole = handleTest ./systemd-initrd-vconsole.nix {};
  systemd-journal = handleTest ./systemd-journal.nix {};
  systemd-machinectl = handleTest ./systemd-machinectl.nix {};
  systemd-networkd = handleTest ./systemd-networkd.nix {};
--- a/nixos/tests/systemd-initrd-vconsole.nix
+++ b/nixos/tests/systemd-initrd-vconsole.nix
@ -0,0 +1,33 @@
+import ./make-test-python.nix ({ lib, pkgs, ... }: {
+  name = "systemd-initrd-vconsole";
+
+  nodes.machine = { pkgs, ... }: {
+    boot.kernelParams = [ "rd.systemd.unit=rescue.target" ];
+
+    boot.initrd.systemd = {
+      enable = true;
+      emergencyAccess = true;
+    };
+
+    console = {
+      earlySetup = true;
+      keyMap = "colemak";
+    };
+  };
+
+  testScript = ''
+    # Boot into rescue shell in initrd
+    machine.start()
+    machine.wait_for_console_text("Press Enter for maintenance")
+    machine.send_console("\n")
+    machine.wait_for_console_text("Logging in with home")
+
+    # Check keymap
+    machine.send_console("(printf '%s to receive text: \\n' Ready && read text && echo \"$text\") </dev/tty1\n")
+    machine.wait_for_console_text("Ready to receive text:")
+    for key in "asdfjkl;\n":
+      machine.send_key(key)
+    machine.wait_for_console_text("arstneio")
+    machine.send_console("systemctl poweroff\n")
+  '';
+})
--- a/pkgs/build-support/kernel/make-initrd-ng/README.md
+++ b/pkgs/build-support/kernel/make-initrd-ng/README.md
@ -38,6 +38,9 @@ object is copied depends on its type.
   - If it is *also* an ELF file, then all of its direct shared
     library dependencies are also listed as objects to be copied.

+   - If an unwrapped file exists as `.[filename]-wrapped`, then it is
+     also listed as an object to be copied.
+
 2. A directory's direct children are listed as objects to be copied,
   and a directory at the same absolute path in the initrd is created.

--- a/pkgs/build-support/kernel/make-initrd-ng/src/main.rs
+++ b/pkgs/build-support/kernel/make-initrd-ng/src/main.rs
@ -1,8 +1,9 @@
 use std::collections::{HashSet, VecDeque};
 use std::env;
-use std::ffi::OsStr;
+use std::ffi::{OsStr, OsString};
 use std::fs;
 use std::hash::Hash;
+use std::iter::FromIterator;
 use std::io::{BufRead, BufReader, Error};
 use std::os::unix;
 use std::path::{Component, Path, PathBuf};
@ -163,6 +164,19 @@ fn handle_path(
                let typ = fs::symlink_metadata(&source)?.file_type();
                if typ.is_file() && !target.exists() {
                    copy_file(&source, &target, queue)?;
+
+                    if let Some(filename) = source.file_name() {
+                        source.set_file_name(OsString::from_iter([
+                                OsStr::new("."),
+                                filename,
+                                OsStr::new("-wrapped"),
+                        ]));
+
+                        let wrapped_path = source.as_path();
+                        if wrapped_path.exists() {
+                            queue.push_back(Box::from(wrapped_path));
+                        }
+                    }
                } else if typ.is_symlink() {
                    let link_target = fs::read_link(&source)?;