diff --git a/pkgs/bootstrap/archlinux/default.nix b/pkgs/bootstrap/archlinux/default.nix index 46dad06..a377fe4 100644 --- a/pkgs/bootstrap/archlinux/default.nix +++ b/pkgs/bootstrap/archlinux/default.nix @@ -6,6 +6,8 @@ writeText, writeShellApplication, + resholve, + bash, cacert, coreutils, @@ -44,59 +46,64 @@ pacman_conf = concatText "pacman.conf" [ "${pacman}/etc/pacman.conf" pacman_conf_in ]; - bootstrap = writeShellApplication { - name = "archlinux-bootstrap"; + bootstrap = resholve.writeScriptBin "archlinux-bootstrap" { + interpreter = "${bash}/bin/bash"; + inputs = [ coreutils pacman systemd ]; + execer = [ + "cannot:${pacman}/bin/pacman-key" + "cannot:${systemd}/bin/systemd-nspawn" + ]; + } '' + set -o errexit + set -o nounset + set -o pipefail - runtimeInputs = [ coreutils pacman systemd ]; + if [ $# -lt 1 ]; then + echo "usage: $0 [directory] [pkgs ...]" + exit 1 + fi - text = '' - if [ $# -lt 1 ]; then - echo "usage: $0 [directory] [pkgs ...]" - exit 1 - fi + newroot="$1" + shift - newroot="$1" - shift + echo "Installing arch linux to $newroot" - echo "Installing arch linux to $newroot" + # set up new base filesystem + install -dm0755 "$newroot" + install -dm0755 "$newroot"/var/{cache/pacman/pkg,lib/pacman,log} + install -dm0755 "$newroot"/{dev,run,etc/pacman.d} + install -dm1777 "$newroot"/tmp + install -dm0555 "$newroot"/{sys,proc} - # set up new base filesystem - install -dm0755 "$newroot" - install -dm0755 "$newroot"/var/{cache/pacman/pkg,lib/pacman,log} - install -dm0755 "$newroot"/{dev,run,etc/pacman.d} - install -dm1777 "$newroot"/tmp - install -dm0555 "$newroot"/{sys,proc} + # set up mountpoint for nix + install -dm0755 "$newroot"/nix - # set up mountpoint for nix - install -dm0755 "$newroot"/nix + # temporarily set up /etc/mtab, pacman needs this to work + ln -sf /proc/mounts "$newroot"/etc/mtab - # temporarily set up /etc/mtab, pacman needs this to work - ln -sf /proc/mounts "$newroot"/etc/mtab + # fully initialize the keyring ahead of entering the container + pacman_conf="${pacman_conf}" + pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" --init + pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" \ + --populate archlinux --populate-from "${keyring}/share/pacman/keyrings" - # fully initialize the keyring ahead of entering the container - pacman_conf="${pacman_conf}" - pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" --init - pacman-key --gpgdir "$newroot"/etc/pacman.d/gnupg --config "$pacman_conf" \ - --populate archlinux --populate-from "${keyring}/share/pacman/keyrings" + # install the config file + install -Dm0755 "$pacman_conf" "$newroot"/etc/pacman.conf - # install the config file - install -Dm0755 "$pacman_conf" "$newroot"/etc/pacman.conf + # bootstrap the system. allow pacman to overwrite the existing mtab entry + systemd-nspawn -D "$newroot" --bind-ro=/nix \ + -E SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \ + -E PATH=/usr/bin/ \ + -- \ + "${pacman}/bin/pacman" -Sy --noconfirm --overwrite /etc/mtab base "$@" - # bootstrap the system. allow pacman to overwrite the existing mtab entry - systemd-nspawn -D "$newroot" --bind-ro=/nix \ - -E SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \ - -E PATH=/usr/bin/ \ - -- \ - "${pacman}/bin/pacman" -Sy --noconfirm --overwrite /etc/mtab base "$@" + # remove nix mount point + rmdir "$newroot"/nix - # remove nix mount point - rmdir "$newroot"/nix - - echo "Done installing!" - echo "Set root password:" - echo " sudo systemd-nspawn -UD \"$newroot\" -- /bin/passwd root" - echo "Boot system:" - echo " sudo systemd-nspawn -bUD \"$newroot\"" - ''; - }; + echo "Done installing!" + echo "Set root password:" + echo " sudo systemd-nspawn -UD \"$newroot\" -- /bin/passwd root" + echo "Boot system:" + echo " sudo systemd-nspawn -bUD \"$newroot\"" + ''; }