Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[staging-next] tree-wide: switch initrd generators back to gnu cpio #352498

Merged
merged 1 commit into from
Oct 31, 2024
Merged

[staging-next] tree-wide: switch initrd generators back to gnu cpio #352498

merged 1 commit into from
Oct 31, 2024
+8 −8

Conversation

yu-re-ka
Copy link
Contributor

Originally, we switched to bsdtar from libarchive to solve a reproducibility issue related to hardlinks

As of gnu cpio 2.14 the --ignore-dirnlink option is introduced and now included in --reproducible, which solves this issue

By switching back, we are in turn solving an issue in libarchive >=3.7.5 erroring out with "Error reading archive -: (null)"

Change-Id: I9eb6fc3e96e4f2676aedb147127d05b08e10fa92

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@yu-re-ka yu-re-ka changed the title tree-wide: switch initrd generators back to gnu cpio [staging-next] tree-wide: switch initrd generators back to gnu cpio Oct 31, 2024
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: kernel The Linux kernel 8.has: module (update) This PR changes an existing module in `nixos/` labels Oct 31, 2024
@nix-owners nix-owners bot requested a review from philiptaron October 31, 2024 00:10
@yu-re-ka
Copy link
Contributor Author

Weird amd-ucode is failing

> cpio: kernel/x86/microcode/AuthenticAMD.bin
> : Cannot stat: No such file or directory
For full logs, run 'nix log /nix/store/hksawd791ssz078w1m44apnyv5hiqypz-amd-ucode-20241017.drv'.

@yuyuyureka
tree-wide: switch initrd generators back to gnu cpio
0f216e2 
Originally, we switched to bsdtar from libarchive to solve a reproducibility issue related to hardlinks

As of gnu cpio 2.14 the --ignore-dirnlink option is introduced and now included in --reproducible, which solves this issue

By switching back, we are in turn solving an issue in libarchive >=3.7.5 erroring out with "Error reading archive -: (null)"

Change-Id: Ib6140d599b6547d8e941b0251ce996e303c41fa6
emilazy
emilazy approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@emilazy emilazy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Installer test passes and initrd secrets have been manually tested.

@emilazy emilazy merged commit 216529c into NixOS:staging-next Oct 31, 2024
10 of 11 checks passed
@vcunat
Copy link
Member

vcunat commented Oct 31, 2024

Uh. So do we also do this for staging-24.05? There are security fixes in libarchive...

@emilazy
Copy link
Member

emilazy commented Oct 31, 2024

If we’re bumping libarchive to the broken version, then we have to, yeah.

@github-actions GitHub Actions
Copy link
Contributor

Successfully created backport PR for staging-24.05:

@github-actions github-actions bot mentioned this pull request Oct 31, 2024
Merged
1 task
@yu-re-ka yu-re-ka deleted the fix-initrd-secrets branch November 1, 2024 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilazy emilazy emilazy approved these changes

@philiptaron philiptaron Awaiting requested review from philiptaron

Assignees
No one assigned
Labels
6.topic: kernel The Linux kernel 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yu-re-ka @vcunat @emilazy @yuyuyureka