these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
The maximum label length is specified by UEFI and enforced/asserted by
systemd-repart. This lets evaluation fail already and give the user
some more information about what's wrong.
Also warn when the suggested label length is exceeded. This serves as a
safety mechanism for using systemd-sysupdate style A/B updates where the
version number is encoded in the label and might not be incrementable
when the maximum label size is reached.
As a follow-up to https://github.com/NixOS/nixpkgs/pull/294096 this
should further improve the flexibility around building OS images with
systemd-repart:
* Previously the attribute set `compression` needed to be fully
populated, including `algorithm` and `level` because
`compression.enable` was evaluated by bash, after being interpolated
as strings into the `buildCommand`. Now it's sufficient to pass
`compression.enable = false` to the builder, e.g. in `overrideAttrs`,
to disable the compression.
* Using mkDerivation allows for much more customization than the
previously used `runCommand`, making use of phases and pre/post hooks.
This is especially helpful for building multiple images from the same
system configuration, e.g. to build an image `Y` based on a partially
built raw image `X`, by injecting a UKI that depends on `X` into a
defered ESP.
* Before this change it was non-trivial to conduct further manipulations
on the amended repart definitions. Now, the definitions that
systemd-repart uses to build the image can be easily manipulated in
`postPatch` or `preBuild`.
Aside from this, the build is now executed in the build directory, rather
than `$out`. This allows references to relative paths in the build
environment to be used, especially for `--definitions`, which previously
required an absolute path.
The version option is needed if you want to implement partition &
systemd-boot based A/B booting where the version information is encoded
in the files on the ESP. See systemd-sysupate docs for more details on
this:
https://www.freedesktop.org/software/systemd/man/latest/sysupdate.d.html
Note, however, that this is not *only* useful for systemd-sysupdate but
also for other similar updating tools/mechanisms.
Since the repart image is built on the build platform, use
`buildPackages` to construct the image. This allows for systemd-repart
images for cross-compiled nixos configurations to work properly.
literalExpression triggers the following error when building the
manual:
Cacheable portion of option doc build failed.
Usually this means that an option attribute that ends up in documentation (eg `default` or `description`) depends on the restricted module arguments `config` or `pkgs`.
Allow giving a custom package containing the `systemd-repart` binary.
Defaults to `pkgs.systemd`. This option opens up the possibility to use
a different package for the image builder and the system configuration.
For example, someone could use this option to build an image with a
patched systemd while still using the upstream nixpkgs systemd package
(i.e., `pkgs.systemd`) for the system configuration installed to the
created image.
Write the output of `systemd-repart` as a JSON file to
`$out/repart-output.json`.
Depending on the repart configuration, the output of `systemd-repart`
contains important information, for example, when creating verity
partitions:
> The verity root hash itself will be included in the output of
> systemd-repart.
See `Verity=` in repart.d(5).
