obfuscate store path for min-copy-closure

otherwise the systemconfig closure drags in a bunch of build system
things (bash, etc) which we don't want or need to copy to the device

pkgs/systemconfig/build-system-install.sh

@@ -9,7 +9,9 @@ die() {
     exit 1
 }
 
-PATH=@min-copy-closure@/bin:$PATH
+# add min-copy-closure to the path. removing junk characters
+# inserted by default.nix (q.v.)
+min_copy_closure=@min-copy-closure@; PATH=${min_copy_closure//_/}/bin:$PATH
 
 ssh_command=${SSH_COMMAND-ssh}
 
@@ -37,6 +39,7 @@ test -e $toplevel/etc/nix-store-paths || die "missing etc/nix-store-paths, is th
 echo installing from systemConfiguration $toplevel to host $target_host
 
 min-copy-closure $target_host $toplevel
+set -x
 $ssh_command $target_host $toplevel/bin/install
 case "$reboot" in
     reboot)

pkgs/systemconfig/default.nix

@@ -83,7 +83,10 @@ in attrset:
       $STRIP --remove-section=.note  --remove-section=.comment --strip-all makedevs -o $out/bin/activate
       ln -s ${s6-init-bin}/bin/init $out/bin/init
       cp -p ${writeFennel "restart-services" {} ./restart-services.fnl} $out/bin/restart-services
-      substitute ${./build-system-install.sh} $out/install.sh --subst-var-by min-copy-closure ${buildPackages.min-copy-closure}
+      # obfuscate the store path of min-copy-closure so that the output
+      # closure doesn't include a bunch of build system stuff
+      f=${buildPackages.min-copy-closure}; f=$(echo $f | sed 's/\(.....\)/\1_/g')
+      substitute ${./build-system-install.sh} $out/install.sh --subst-var-by min-copy-closure $f
       chmod +x $out/install.sh
       cat > $out/bin/install <<EOF
       #!/bin/sh -e