pseudofile: allow setting uid and gid of files

Necessary for Dropbear to accept non-root authorized_keys files.
make initramfs busybox (very slightly) smaller
2023-04-14 23:12:52 +01:00 · 2023-04-11 23:08:02 +01:00
3 changed files with 25 additions and 9 deletions
--- a/modules/initramfs.nix
+++ b/modules/initramfs.nix
@ -22,13 +22,20 @@ in
    outputs = {
      initramfs =
        let
-          bb = pkgs.busybox.override {
+          bb1 = pkgs.busybox.override {
            enableStatic = true;
            enableMinimal = true;
            enableAppletSymlinks  = false;
+
            extraConfig  = ''
-              CONFIG_ASH y
-              CONFIG_LS y
+              CONFIG_DESKTOP n
+              CONFIG_ASH n
+              CONFIG_HUSH y
+              CONFIG_HUSH_TICK y
+              CONFIG_HUSH_LOOPS y
+              CONFIG_HUSH_CASE y
+              CONFIG_HUSH_ECHO y
+              CONFIG_HUSH_SET y
              CONFIG_LN y
              CONFIG_CAT y
              CONFIG_MOUNT y
@ -40,18 +47,23 @@ in
              CONFIG_CHMOD y
              CONFIG_MKDIR y
              CONFIG_MKNOD y
-              CONFIG_SH_IS_ASH y
              CONFIG_BASH_IS_NONE y
+              CONFIG_SH_IS_NONE y
+              CONFIG_SH_IS_ASH n
              CONFIG_FEATURE_SH_STANDALONE y
              CONFIG_FEATURE_PREFER_APPLETS y
+              CONFIG_BUSYBOX_EXEC_PATH "/bin/busybox"
            '';
          };
+          bb = bb1.overrideAttrs(o: {
+            makeFlags = [];
+          });
          slashinit = pkgs.writeScript "init" ''
-            #!/bin/sh
+            #!/bin/hush
            exec >/dev/console
            echo Running in initramfs
            mount -t proc none /proc
-            set -- $(cat /proc/cmdline)
+            set -- `cat /proc/cmdline`
            for i in "$@" ; do
              case "''${i}" in
                root=*)
@ -62,7 +74,7 @@ in
            echo mount -t jffs2 ''${rootdevice} /target/persist
            mount -t jffs2 ''${rootdevice} /target/persist
            mount -o bind /target/persist/nix /target/nix
-            sh /target/persist/activate /target
+            hush /target/persist/activate /target
            cd /target
            mount -o bind /target /
            exec chroot . /bin/init "$@"
@ -80,7 +92,8 @@ in
          nod /dev/console 0600 0 0 c 5 1
          dir /bin 0755 0 0
          file /bin/busybox ${bb}/bin/busybox 0755 0 0
-          slink /bin/sh /bin/busybox 0755 0 0
+          slink /bin/hush /bin/busybox 0755 0 0
+          slink /bin/chroot /bin/busybox 0755 0 0
          file /init ${slashinit} 0755 0 0
          SPECIALS
        '';
--- a/modules/users.nix
+++ b/modules/users.nix
@ -69,6 +69,7 @@ in {
            (name: val: dir {
              ".ssh" = dir {
                authorized_keys = {
+                  inherit (val) uid gid;
                  type = "f";
                  mode = "0400";
                  file = lib.concatStringsSep
--- a/pkgs/pseudofile/default.nix
+++ b/pkgs/pseudofile/default.nix
@ -20,12 +20,14 @@ let
            , file ? null
            , major ? null
            , minor ? null
+            , uid ? 0
+            , gid ? 0
          }:
            let
              mode' = if mode != null then mode else
                (if type == "d" then "0755" else "0644");
              pathname = "${prefix}/${filename}";
-              line = "${pathname} ${type} ${mode'} 0 0";
+              line = "${pathname} ${type} ${mode'} ${toString uid} ${toString gid}";
            in
              if type == "f" then
                "${line} echo -n \"${qprint file}\" |qprint -d"
Author	SHA1	Message	Date
Brian McKenna	fb796e61e0	pseudofile: allow setting uid and gid of files Necessary for Dropbear to accept non-root authorized_keys files.	2023-04-14 23:12:52 +01:00
Daniel Barlow	9f3c80e774	make initramfs busybox (very slightly) smaller	2023-04-11 23:08:02 +01:00