| 22 May 2023 |
 @nikstur:matrix.org | Ahh they do more cherry-picking and delaying than I thought they do | 19:05:15 |
| @nikstur:matrix.org | Because the commit was on the 14th Feb and they tagged the release on the 15th | 19:05:42 |
| @nikstur:matrix.org | In reply to @arianvp:matrix.org
Ill make a PR to add the repart definitions file to config.system.build.repartDefitions so that it can be consumed by image builder I thought about that too. The biggest problem is that you likely want to create different partitions in the disk image than you want systemd-repart to create on the final disk (e.g. create a root, A/B partitions etc.) | 19:13:35 |
 Arian | Ah good point | 19:42:26 |
| Arian | Yeh maybe i make a new Nixos module option then. OTOH repart just skips partitions that already exist. So might just work | 19:42:49 |
| @nikstur:matrix.org | Yes it skips existing ones but you'd have the opposite problem: you'd create partitions earlier (during disk creation) than you would actually want them (on first boot). | 20:19:35 |
| Arian | Separate config it is then :) | 21:53:51 |
| @nikstur:matrix.org | Is this something you want to upstream into Nixpkgs? | 21:59:56 |
| @nikstur:matrix.org | The image builder? | 22:00:10 |
| Arian | Definitely | 22:07:30 |
| @nikstur:matrix.org | Ok, I have some code for it already, we can cooperate if you're interested | 22:11:09 |
| 23 May 2023 |
|  emily joined the room. | 09:32:49 |
| Arian | cool | 11:38:33 |
| Arian | This is the code I have now (But doesn't work yet as the patch doesnt apply cleanly to v253.3 yet) https://github.com/arianvp/server-optimised-nixos/blob/5d0be3e285deea85e8ebbdc4291bfb6798fea831/modules/image.nix | 11:38:53 |
| Arian | Probably want to move away from UKI to creating bootloader entry files such that the image is immediately compatible with nixos-rebuild after booting | 11:39:23 |
| @nikstur:matrix.org | Doesn't the NixOS systemd boot installer just ignore your UKI and build its own entries? | 11:56:46 |
| Arian | yeh so maybe it's actually fine. NixOS will not touch /EFI/Linux so I can put the UKI there and then NixOS can put its own entires in /loader/entries | 12:45:47 |
| Arian | nikstur: are you building against systemd master to get repart working in the sandbox? | 12:46:16 |
| @nikstur:matrix.org | I'm doing something way nastier:
systemd-repart = pkgsUnstable.systemdMinimal.overrideAttrs (finalAttrs: previousAttrs: {
src = prev.fetchFromGitHub {
owner = "systemd";
repo = "systemd";
rev = "1eb86ddde4f36165a99732b53cc97cef1acc3aa7";
hash = "sha256-Frf0QwJCw/fG+YQ/+frqq8aD2Jv32Ozw1JMwjZSBTHc=";
};
# Only this patch is necessary to build systemd. This package will not be
# usable as a general replacement of systemd for NixOS but the tools like
# systemd-repart will work.
patches = [ (builtins.elemAt previousAttrs.patches 10) ];
});
| 13:46:59 |
| @nikstur:matrix.org | pkgsUnstable is nixos-unstable | 13:47:14 |
| Arian | I see | 14:03:16 |
| Arian | Redacted or Malformed Event | 14:03:20 |
| Arian | Note that systemd-repart does not change the UIDs/GIDs of any copied files and directories. When running systemd-repart as an unprivileged user to build an image of files and directories owned
by the same user, you can run systemd-repart in a user namespace with the current user mapped to the root user to make sure the files and directories in the image are owned by the root user. | 14:03:31 |
| Arian | we don't support user namespaces inside the build sandbox do we? or do we these days? | 14:03:53 |
| Arian | because I want th uid to be 0. not the uid of nixbld | 14:04:30 |
| Arian | for files in the image | 14:04:36 |
| @nikstur:matrix.org | I call systemd-repart with fakeroot | 14:05:35 |
| @nikstur:matrix.org | And then there are quite a few things you need to do to make it reproducibleish | 14:05:58 |
| Arian | you have this code somewhere? | 14:06:14 |
| @nikstur:matrix.org | Not yet in the wild. This is what I currently do:
fakeroot systemd-repart \
--dry-run=no \
--empty=create \
--size=auto \
--root=buildroot \
--definitions="$repartDefinitions" \
--split=true \
image.raw
which is definetely not enough for reproducibility
| 14:07:33 |
