nixos/lib/make-disk-image.nix: fix to reserve correct number of inodes#280
Open
chessai-ar wants to merge 62 commits into
Open
nixos/lib/make-disk-image.nix: fix to reserve correct number of inodes#280chessai-ar wants to merge 62 commits into
chessai-ar wants to merge 62 commits into
Conversation
so it depends on grafana
To configure necessary timeouts and parameterize user/group.
To avoid the situation where a service unit file may have a [Unit] but
no valid [Service].
This warning is explicitly omitted for some services that are generated
by packages instead of by the systemd module.
Co-authored-by: Parnell Springmeyer <parnell@arista.com>
Mel Zuser <mel.zuser@arista.com>
Tomas Drtina <tdrtina-ext@arista.com>
Co-Authored-By: John Soo <jsoo1@users.noreply.github.com>
mailsend-go is a rewrite of mailsend in go. mailsend is not receiving feature updates as of 2019-02-11.
Introduces clickhouse-jdbc, liquibase-clickhouse Java modules. Uses liquibase-clickhouse local version to avoid use of obsolete clickhouse-jdbc Make clickhouse users.xml configurable Use `shaded` uberjar for liquibase-clickhouse to avoid managing transitive dependencies.
This change adds a derivation for the [`terraform-cloud-agent`][1] executable and a NixOS module that defines a systemd service for running that agent. [1]: https://developer.hashicorp.com/terraform/cloud-docs/agents. `stripRoot = false` Specify the hash Install tfc-agent binaries to `$out/bin` Declare the `mainProgram` metadata for this package ... so that it can be used with `lib.getExe`. Use `lib.getExe` Suggested by @jsoo1. Use freeformType for NixOS options that are turned into flags Suggested by @jsoo1. No need to guard on whether `cache-dir` and `data-dir` are null Suggested by @jsoo1. Ensure `/etc/terraform-cloud-agent/` Suggested by @jsoo1. Use the systemd-configured configuration directory Use the standard systemd environment identifiers `%S` and `%C` Suggested by @jsoo1. Add `user` and `group` and drop privileges Rider: add sandoxing arguments cribbed from the nginx module. Just give the `flags` attrset as an argument Sequence after `network-online.target` instead ... since that's what we really mean. Add doc strings and examples
- preActivationHook is inserted after: nix-build before: switch-to-configuration - postActivationHook is inserted after: switch-to-configuration before: reboot
Since the configuration assumes nscd.conf exists and nss is configured
This reverts commit 2ffdba9.
This reverts commit d1a97b0.
and disable tests
Creating the build directory in `..` may be OK in a sandbox, but this makes it unnecessarily annoying when trying to work with this in a source-checkout. Hence, move the `build/` directory into the source tree.
Closes NixOS#482394 Seems like low-severity, given > There is no known application impact for this CVE, and the > feature is generally non-functional with the two flags. (from https://sourceware.org/bugzilla/show_bug.cgi?id=33814)
The string returned by confstr(_CS_PATH)[*1], which is also the
output of the command 'getconf PATH'[*2], contains a default path
that is guaranteed to find (at least) all POSIX standard utilities.
The current value is:
/run/current-system/sw/bin:/bin:/usr/bin
The default profile binaries directory is not in it. This is a problem
because the default NixOS installation lacks several mandatory standard
POSIX utilities. The command recommended by the system's error message
for a missing command to install a missing package foo is 'nix-env -iA
nixos.foo'. When this is done as root, the corresponding binaries are
installed for all users in /nix/var/nix/profiles/default/bin.
This commit fixes these problems as follows:
pkgs/development/libraries/glibc/fix_path_attribute_in_getconf.patch:
- CS_PATH: Add default profile path '/nix/var/nix/profiles/default/bin'
at the end.
- Retain /bin:/usr/bin; it is necessary for third-party sytems that use
nixpkgs, linking against the nixpkgs version of glibc. It is retained
*before* the profile directory to avoid overriding native system
utilities on these systems (at least those that in fact store them in
/bin and /usr/bin).
[*1] https://pubs.opengroup.org/onlinepubs/9799919799/functions/confstr.html
[*2] https://pubs.opengroup.org/onlinepubs/9799919799/utilities/getconf.html
Fixes: NixOS#65512
To fix build with glibc-2.42. Failing Hydra build: https://hydra.nixos.org/build/308474067
Failing Hydra build: https://hydra.nixos.org/build/308320851 Upstream bug report: https://bugs.openjdk.org/browse/JDK-8354941 Only patching JDK8, newer versions received backports.
The second item (severity: High) has possible unauthenticated RCE: https://www.openwall.com/lists/oss-security/2026/01/27/5 https://github.com/openssl/openssl/blob/openssl-3.6.1/CHANGES.md#openssl-36 The patches differ in whitespace only, as that's what upstream changed.
https://curl.se/ch/8.18.0.html https://github.com/curl/curl/releases/tag/curl-8_18_0 Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
This reverts commit ef4313c. It's superfluous now.
This reverts commit 8a5a3e1. It's superfluous now.
If disk size computation is set to auto in nixos/lib/make-disk-image.nix, it computes the required space for the disk image by measuring the closure size that is to be copied onto the image. This computation takes into account the number of required inodes. However, when creating the disk image, the number of required inodes is not explicitly specified, so that mkfs.${fsType} uses the default inode ratio (which seems to be 1 inode for every 16384 bytes for ext4). This might be too low; see for example the failing example flake given in NixOS#292737. In that case, builds may fail with the error cptofs failed. diskSize might be too small for closure. during the call to cp2fs.
To avoid this, this pull request sets the number of inodes (multiplied with a factor compute_fudge that was already used in the storage calculation to add some margin) explicitly during the call to mkfs.${fsType} using the -N flag of mkfs.ext4. It also adds some additional logging output concerning the number of calculated inodes.
Co-authored-by: chessai <chessai@arista.com>
5bbbc14 to
5c0532e
Compare
jsoo1
reviewed
Mar 9, 2026
| } | ||
|
|
||
| echo "copying staging root to image..." | ||
| cptofs -p ${lib.optionalString (partitionTableType != "none") "-P ${rootPartition}"} \ |
Collaborator
There was a problem hiding this comment.
Did you want to add any flags to cptofs?
Collaborator
Author
There was a problem hiding this comment.
This will be a subsequent PR after patching nixpkgs, this version of lkl is about 6 months too old for that
jsoo1
approved these changes
Mar 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a re-work of the commit at NixOS#292737.
If disk size computation is set to auto in nixos/lib/make-disk-image.nix, it computes the required space for the disk image by measuring the closure size that is to be copied onto the image. This computation takes into account the number of required inodes. However, when creating the disk image, the number of required inodes is not explicitly specified, so that mkfs.${fsType} uses the default inode ratio (which seems to be 1 inode for every 16384 bytes for ext4). This might be too low; see for example the failing example flake given in NixOS#292737. In that case, builds may fail with the error cptofs failed. diskSize might be too small for closure. during the call to cp2fs.
To avoid this, this pull request sets the number of inodes (multiplied with a factor compute_fudge that was already used in the storage calculation to add some margin) explicitly during the call to mkfs.${fsType} using the -N flag of mkfs.ext4. It also adds some additional logging output concerning the number of calculated inodes.
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.Add a 👍 reaction to pull requests you find important.