Commit graph

297 commits

Author SHA1 Message Date
Eelco Dolstra
74783a4510 * More refactoring; move some of the boot time options into the
options framework.

svn path=/nixos/trunk/; revision=7317
2006-12-11 16:10:23 +00:00
Eelco Dolstra
7573a88ca6 * More refactoring.
svn path=/nixos/trunk/; revision=7316
2006-12-11 15:47:30 +00:00
Eelco Dolstra
ce29e4efc7 * More refactoring.
svn path=/nixos/trunk/; revision=7314
2006-12-11 15:42:02 +00:00
Eelco Dolstra
16a9702c4a * Move some stuff out of boot-environment.nix.
svn path=/nixos/trunk/; revision=7313
2006-12-11 15:32:10 +00:00
Eelco Dolstra
970924e487 * Forgotten to add.
svn path=/nixos/trunk/; revision=7312
2006-12-11 14:16:03 +00:00
Eelco Dolstra
1561e2421d * Enable PAM in the SSH daemon.
svn path=/nixos/trunk/; revision=7311
2006-12-11 03:25:13 +00:00
Eelco Dolstra
efa9b1ba88 * Grmbl.
svn path=/nixos/trunk/; revision=7309
2006-12-11 03:03:42 +00:00
Eelco Dolstra
b80769d5ae * Hm, "set" doesn't seem to do the right thing.
svn path=/nixos/trunk/; revision=7308
2006-12-11 02:55:28 +00:00
Eelco Dolstra
85fc6aedf2 * Cleanup.
svn path=/nixos/trunk/; revision=7307
2006-12-11 02:52:23 +00:00
Eelco Dolstra
f327b072cb * Very basic PAM configuration. We now use Blowfish hashing for
/etc/shadow.

svn path=/nixos/trunk/; revision=7306
2006-12-11 02:44:26 +00:00
Eelco Dolstra
06256e22d8 * A script to test configurations, i.e., make them current without
making them the boot default.  So if we screw up, we can just reset
  to get back to normal.

svn path=/nixos/trunk/; revision=7303
2006-12-11 01:03:26 +00:00
Eelco Dolstra
578b56d3c6 * Make halt/reboot work again (umount and reboot were no longer in
$PATH).

* Use the login from pam_login instead of shadowutils.

svn path=/nixos/trunk/; revision=7302
2006-12-11 00:52:36 +00:00
Eelco Dolstra
c063ea2bfa * Use runCommand.
svn path=/nixos/trunk/; revision=7300
2006-12-10 22:43:04 +00:00
Eelco Dolstra
acf656125c * Lots of refactoring.
* Clear the PATH in most scripts.  This helps to ensure purity.

svn path=/nixos/trunk/; revision=7299
2006-12-10 22:29:44 +00:00
Eelco Dolstra
4ac288e724 * Allow switching to a new configuration without rebooting. However,
we don't stop/start/restart Upstart jobs yet.

svn path=/nixos/trunk/; revision=7297
2006-12-10 00:04:58 +00:00
Eelco Dolstra
9986bda673 * Move the stuff in boot-stage-2-init.sh that doesn't have to happen
at boot time into a separate script.  This will allow us to change
  the configuration without rebooting (provided that the configuration
  doesn't have a different kernel, init, etc.).

svn path=/nixos/trunk/; revision=7294
2006-12-09 19:25:23 +00:00
Eelco Dolstra
af8dc724d1 * Remove symlinks in /etc that are not in the current configuration.
svn path=/nixos/trunk/; revision=7293
2006-12-09 18:18:27 +00:00
Eelco Dolstra
2fe4badb9a * Start the Nix daemon to enable multi-user package management in
NixOS.

svn path=/nixos/trunk/; revision=7291
2006-12-09 03:11:14 +00:00
Eelco Dolstra
f049c35a86 * More semi-purification of /etc.
svn path=/nixos/trunk/; revision=7290
2006-12-09 02:51:42 +00:00
Eelco Dolstra
f20d572814 * Multi-user Nix setup has changed.
svn path=/nixos/trunk/; revision=7285
2006-12-09 00:06:18 +00:00
Eelco Dolstra
bc3f4f8352 * Set up Nix so that builds are never performed as root, but rather
under nix-build-N.

svn path=/nixos/trunk/; revision=7172
2006-11-29 23:41:21 +00:00
Eelco Dolstra
ec764b7c08 * Helper script to check for and create accounts.
svn path=/nixos/trunk/; revision=7171
2006-11-29 23:10:22 +00:00
Eelco Dolstra
79464e0d9c * Don't start X by default.
svn path=/nixos/trunk/; revision=7170
2006-11-29 22:34:59 +00:00
Eelco Dolstra
8532f2be8e * Add the X server as an Upstart service. The X server is pure,
except for the fonts, which are still hardcoded.  The current
  configuration uses the VESA driver, which should work on most
  machines.  Of course, the configuration should now be generated from
  a higher-level specification.

svn path=/nixos/trunk/; revision=7165
2006-11-28 22:27:56 +00:00
Eelco Dolstra
a66bae7b2f * Strip.
svn path=/nixos/trunk/; revision=7164
2006-11-28 17:40:56 +00:00
Eelco Dolstra
39ac293b58 * Create setuid wrappers for a few programs (su and passwd). This is
still a bit ad hoc, but it works.

svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00
Eelco Dolstra
4b3525fa80 * Handle the case where nix-env is a symlink.
svn path=/nixos/trunk/; revision=7162
2006-11-28 16:59:47 +00:00
Eelco Dolstra
362f0f752b * Don't put every package in the boot environment in $PATH but rather
create a symlink tree and put that in $PATH.

svn path=/nixos/trunk/; revision=7161
2006-11-28 16:47:14 +00:00
Eelco Dolstra
cb6c02f092 * Set NIX_CONF_DIR.
svn path=/nixos/trunk/; revision=7158
2006-11-28 15:06:08 +00:00
Eelco Dolstra
cba92bbdf1 * First step towards setuid/setgid support: a setuid/setgid wrapper
program.

  The Nix store cannot directly support setuid binaries for a number
  of reasons:

  - Builds are generally not performed as root (and they shouldn't
    be), so the builder cannot chown/chmod executables to the right
    setuid ownership.

  - Unpacking a NAR archive containing a setuid binary would only work
    when Nix is run as root.

  - Worst of all, setuid binaries don't fit in the purely functional
    model: if a security bug is discovered in a setuid binary, that
    binary should be removed from the system to prevent users from
    calling it.  But we cannot garbage collect it unless all
    references to it are gone, which might never happen.  Of course,
    we could just remove setuid permission, but that would also be
    impure.

  So the solution is to keep setuid-ness out of the Nix store.
  Rather, for programs that we want to execute as setuid, we generate
  wrapper programs (as root) that are setuid and do an execve() to
  call the real, non-setuid program in the Nix store.

  That's what setuid-wrapper does.  It determines its own name (e.g.,
  /var/setuid-wrappers/passwd), reads the name of the wrapped program
  from <self>.real (e.g., /var/setuid-wrappers/passwd.real, which
  might contain /nix/var/nix/profiles/system/bin/passwd), and executes
  it.  Thus, the non-setuid passwd in the Nix store would be executed
  with the effective user set to root.

  Setuid-wrapper also performs a few security checks to prevent it
  from reading a fake <self>.real file through hard-linking tricks.

svn path=/nixos/trunk/; revision=7157
2006-11-28 13:36:27 +00:00
Eelco Dolstra
5c89e891df * Refactoring.
svn path=/nixos/trunk/; revision=7156
2006-11-28 10:45:21 +00:00
Eelco Dolstra
0817c307dc * Moving stuff around.
svn path=/nixos/trunk/; revision=7155
2006-11-27 19:49:05 +00:00
Eelco Dolstra
1a0fcfdf1a * User configuration: use the `networking.hostname' option to
configure the host name.

svn path=/nixu/trunk/; revision=7150
2006-11-27 16:26:51 +00:00
Eelco Dolstra
67bada0886 * Utility: rebuild the NixOS configuration and switch to it.
svn path=/nixu/trunk/; revision=7149
2006-11-27 15:32:11 +00:00
Eelco Dolstra
e68fc42aa3 * Prototyping a bit: first class options. We want the configuration
of NixOS to be specified externally from the main Nix expressions
  (since an installation would be hard to maintain if users started
  editing the NixOS expressions directory).  But to make that
  user-friendly we need:

  - Hierarchical options (just like the Nixpkgs configuration).
  - Option descriptions from which documentation can be generated.
  - Validation (e.g., does each option exist? does it have a valid
    value?).
  - The option declarations should be inside the Nix expressions to
    which they are relevant (rather than, say, one big file with option
    declarations).

svn path=/nixu/trunk/; revision=7148
2006-11-27 15:07:46 +00:00
Eelco Dolstra
5bc78ac151 * Don't hardcode selinux=0 etc.
* Store the paths of init and initrd.

svn path=/nixu/trunk/; revision=7147
2006-11-27 13:59:50 +00:00
Eelco Dolstra
8c0b223c3c * Only run grub-install in switch-to-configuration when
NIXOS_INSTALL_GRUB is set (which we do in the installer).

svn path=/nixu/trunk/; revision=7146
2006-11-27 13:51:08 +00:00
Eelco Dolstra
3a70748bb5 * Show a splash screen during booting. The splash screen is displayed
by the program /sbin/splash_helper in the initrd and is called even
  before /init.
* make-initrd.nix: allow a list of FSOs to be placed in the initrd,
  with a symlink to each top-level FSO (e.g., /init,
  /sbin/splash_helper, /etc/splash).
* make-initrd.nix: pre-create /proc, /dev and /sys, because
  splash_helper needs them.

svn path=/nixu/trunk/; revision=7144
2006-11-27 01:35:34 +00:00
Eelco Dolstra
0905c1525a * Refactoring.
svn path=/nixu/trunk/; revision=7142
2006-11-26 23:54:49 +00:00
Eelco Dolstra
05acdb8610 * Put something on the logging console.
svn path=/nixu/trunk/; revision=7141
2006-11-26 23:32:15 +00:00
Eelco Dolstra
19659d26c2 * Allow the tty-backgrounds service to be stopped, and remove the
themes from all consoles when we do so.

svn path=/nixu/trunk/; revision=7140
2006-11-26 23:26:37 +00:00
Eelco Dolstra
0b1caba9d8 * Use fbsplash / splashutils to give virtual consoles a nice
background.  Each console can have a different theme.  The mapping
  from consoles to themes is specified in splash-themes.nix.

svn path=/nixu/trunk/; revision=7137
2006-11-26 23:00:30 +00:00
Eelco Dolstra
81856426cf * Run the virtual consoles in 1024x768x16.
svn path=/nixu/trunk/; revision=7136
2006-11-26 22:57:35 +00:00
Eelco Dolstra
66574e789c * Include etc/profile.d/nix.sh.
svn path=/nixu/trunk/; revision=7127
2006-11-25 00:39:43 +00:00
Eelco Dolstra
6f91f8768f * Need /var/state/dhcp.
svn path=/nixu/trunk/; revision=7122
2006-11-24 16:38:22 +00:00
Eelco Dolstra
3055ff0ae6 * Don't use /sys/class/net/*/operstate to find out the active interface,
since there seems to be a delay after the interface is brought up before
  operstate reflects that.

svn path=/nixu/trunk/; revision=7121
2006-11-24 16:31:01 +00:00
Eelco Dolstra
9ac2e48e26 * Don't daemonise sshd.
svn path=/nixu/trunk/; revision=7120
2006-11-24 15:56:11 +00:00
Eelco Dolstra
9d1be4d54f * Create /boot/grub.
svn path=/nixu/trunk/; revision=7119
2006-11-24 15:31:28 +00:00
Eelco Dolstra
f4dc05da97 * /var/run: create earlier.
svn path=/nixu/trunk/; revision=7118
2006-11-24 15:31:20 +00:00
Eelco Dolstra
bb0a2b0d78 * In stage 1, fsck the root device before mounting it. If automatic
repair fails, drop the user into an emergency shell.

svn path=/nixu/trunk/; revision=7117
2006-11-24 12:13:11 +00:00