From 242949ecfbb913d0e1ac50153918f39c6107f21a Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 24 Sep 2023 23:01:16 +0300 Subject: fix(tvix/tests/tvix-init): run as pid1, support init= We were previously not running as PID1, but were executing things via uinitcmd (by u-root init). This had some problems - a real system pid1 really wants to be pid1. u-root init itself seems to be too complicated to configure as a chainloader, so instead, we just provide init/pid1 ourselves and do the little bit of mount setup / stage 1 that's necessary. `tvix.exec` is renamed to `tvix.run`, to further distinguish it from the `exec` bash function. Our init will now also power off the machine if the shell, or the custom tvix.run command finished. In the case of switch_root (`init=` being passed), we terminate before, so it's up to the real system anyways. Change-Id: If00c0c11ca9393968e76ae0d131594b5c135fa48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/9454 Autosubmit: flokli Reviewed-by: Connor Brewster Tested-by: BuildkiteCI --- tvix/tests/README.md | 87 +++++++++++++++++++++++++++++--------------- tvix/tests/default.nix | 2 +- tvix/tests/tvix-init.go | 97 ++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 133 insertions(+), 53 deletions(-) diff --git a/tvix/tests/README.md b/tvix/tests/README.md index b079a85dbddd..8cb4e9a6595c 100644 --- a/tvix/tests/README.md +++ b/tvix/tests/README.md @@ -61,22 +61,16 @@ Run the VM like this: CH_CMDLINE=tvix.shell mg run //tvix/tests:runVM -- ``` -You'll get dropped into a shell, from which you can list the store contents: - -``` -[ 0.282381] Run /init as init process -2023/09/24 13:03:38 Welcome to u-root! - _ - _ _ _ __ ___ ___ | |_ - | | | |____| '__/ _ \ / _ \| __| - | |_| |____| | | (_) | (_) | |_ - \__,_| |_| \___/ \___/ \__| - -2023/09/24 13:03:38 Running tvix-init… -2023/09/24 13:03:38 Creating /nix/store -2023/09/24 13:03:38 Mounting… -2023/09/24 13:03:38 Invoking shell -… +You'll get dropped into an interactive shell, from which you can do things with +the store: + +``` + ______ _ ____ _ __ + /_ __/ __(_) __ / _/___ (_) /_ + / / | | / / / |/_/ / // __ \/ / __/ + / / | |/ / /> < _/ // / / / / /_ +/_/ |___/_/_/|_| /___/_/ /_/_/\__/ + /# ls -la /nix/store/ dr-xr-xr-x root 0 0 Jan 1 00:00 . dr-xr-xr-x root 0 989 Jan 1 00:00 aw2fw9ag10wr9pf0qk4nk5sxi0q0bn56-glibc-2.37-8 @@ -86,30 +80,63 @@ dr-xr-xr-x root 0 141 Jan 1 00:00 mdi7lvrn2mx7rfzv3fdq3v5yw8swiks6-hello-2.12.1 dr-xr-xr-x root 0 5 Jan 1 00:00 s2gi8pfjszy6rq3ydx0z1vwbbskw994i-libunistring-1.1 ``` -Once you're done, run `poweroff` to turn off the VM. +Once you exit the shell, the VM will power off itself. #### Execute a specific binary Run the VM like this: ``` hello_cmd=$(mg build //third_party/nixpkgs:hello)/bin/hello -CH_CMDLINE=tvix.exec=$hello_cmd mg run //tvix/tests:runVM -- +CH_CMDLINE=tvix.run=$hello_cmd mg run //tvix/tests:runVM -- ``` Observe it executing the file (and closure) from the tvix-store: ``` -2023/09/24 13:06:13 Welcome to u-root! - _ - _ _ _ __ ___ ___ | |_ - | | | |____| '__/ _ \ / _ \| __| - | |_| |____| | | (_) | (_) | |_ - \__,_| |_| \___/ \___/ \__| +[ 0.277486] Run /init as init process + ______ _ ____ _ __ + /_ __/ __(_) __ / _/___ (_) /_ + / / | | / / / |/_/ / // __ \/ / __/ + / / | |/ / /> < _/ // / / / / /_ +/_/ |___/_/_/|_| /___/_/ /_/_/\__/ -2023/09/24 13:06:13 Running tvix-init… -2023/09/24 13:06:13 Creating /nix/store -2023/09/24 13:06:13 Mounting… -2023/09/24 13:06:13 Invoking /nix/store/mdi7lvrn2mx7rfzv3fdq3v5yw8swiks6-hello-2.12.1/bin/hello -… Hello, world! -``` \ No newline at end of file +2023/09/24 21:10:19 Nothing left to be done, powering off. +[ 0.299122] ACPI: PM: Preparing to enter system sleep state S5 +[ 0.299422] reboot: Power down +``` + +#### Execute a NixOS system closure +It's also possible to invoke a system closure. To do this, tvix-init honors the +init= cmdline option, and will switch_root to it. + + +``` +CH_CMDLINE=init=/nix/store/…-nixos-system-…/init mg run //tvix/tests:runVM -- +``` + +``` + ______ _ ____ _ __ + /_ __/ __(_) __ / _/___ (_) /_ + / / | | / / / |/_/ / // __ \/ / __/ + / / | |/ / /> < _/ // / / / / /_ +/_/ |___/_/_/|_| /___/_/ /_/_/\__/ + +2023/09/24 21:16:43 switch_root: moving mounts +2023/09/24 21:16:43 switch_root: Skipping "/run" as the dir does not exist +2023/09/24 21:16:43 switch_root: Changing directory +2023/09/24 21:16:43 switch_root: Moving / +2023/09/24 21:16:43 switch_root: Changing root! +2023/09/24 21:16:43 switch_root: Deleting old / +2023/09/24 21:16:43 switch_root: executing init + +<<< NixOS Stage 2 >>> + +[ 0.322096] booting system configuration /nix/store/g657sdxinpqfcdv0162zmb8vv9b5c4c5-nixos-system-client-23.11.git.82102fc37da +running activation script... +setting up /etc... +starting systemd... +[ 0.980740] systemd[1]: systemd 253.6 running in system mode (+PAM +AUDIT -SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK -XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified) +``` + +This effectively replaces the NixOS Stage 1 entirely. \ No newline at end of file diff --git a/tvix/tests/default.nix b/tvix/tests/default.nix index 9e9a22a66221..875fe0b9f1bf 100644 --- a/tvix/tests/default.nix +++ b/tvix/tests/default.nix @@ -58,7 +58,7 @@ rec { export HOME=$(mktemp -d) export GOROOT="$(go env GOROOT)" - GO111MODULE=off GOPATH=/tmp/go GOPROXY=off ${uroot}/bin/u-root -files ./tvix-init -uinitcmd "/tvix-init" -o $out + GO111MODULE=off GOPATH=/tmp/go GOPROXY=off ${uroot}/bin/u-root -files ./tvix-init -initcmd "/tvix-init" -o $out ''; }; diff --git a/tvix/tests/tvix-init.go b/tvix/tests/tvix-init.go index a81001159ae2..97a24bab3547 100644 --- a/tvix/tests/tvix-init.go +++ b/tvix/tests/tvix-init.go @@ -1,6 +1,7 @@ package main import ( + "fmt" "log" "os" "os/exec" @@ -37,11 +38,41 @@ func parseCmdline(cmdline string) map[string]string { return out } +// mounts the nix store from the virtiofs tag to the given destination, +// creating the destination if it doesn't exist already. +func mountTvixStore(dest string) error { + if err := os.MkdirAll(dest, os.ModePerm); err != nil { + return fmt.Errorf("unable to mkdir dest: %w", err) + } + if err := run("mount", "-t", "virtiofs", "tvix", dest, "-o", "ro"); err != nil { + return fmt.Errorf("unable to run mount: %w", err) + } + + return nil +} + func main() { - log.Println("Running tvix-init…") + fmt.Print(` + ______ _ ____ _ __ + /_ __/ __(_) __ / _/___ (_) /_ + / / | | / / / |/_/ / // __ \/ / __/ + / / | |/ / /> < _/ // / / / / /_ +/_/ |___/_/_/|_| /___/_/ /_/_/\__/ + +`) - log.Println("Creating /nix/store") - os.MkdirAll("/nix/store", os.ModePerm) + // Set PATH to "/bbin", so we can find the u-root tools + os.Setenv("PATH", "/bbin") + + if err := run("mount", "-t", "proc", "none", "/proc"); err != nil { + log.Printf("Failed to mount /proc: %v\n", err) + } + if err := run("mount", "-t", "sysfs", "none", "/sys"); err != nil { + log.Printf("Failed to mount /sys: %v\n", err) + } + if err := run("mount", "-t", "devtmpfs", "devtmpfs", "/dev"); err != nil { + log.Printf("Failed to mount /dev: %v\n", err) + } cmdline, err := os.ReadFile("/proc/cmdline") if err != nil { @@ -49,37 +80,59 @@ func main() { } cmdlineFields := parseCmdline(string(cmdline)) - log.Println("Mounting…") - if err := run("mount", "-t", "virtiofs", "tvix", "/nix/store", "-o", "ro"); err != nil { - log.Printf("Failed to run mount: %v\n", err) - } - - // If tvix.find is set, invoke find /nix/store if _, ok := cmdlineFields["tvix.find"]; ok { - log.Println("Listing…") + // If tvix.find is set, invoke find /nix/store + if err := mountTvixStore("/nix/store"); err != nil { + log.Printf("Failed to mount tvix store: %v\n", err) + } + if err := run("find", "/nix/store"); err != nil { log.Printf("Failed to run find command: %s\n", err) } - } + } else if _, ok := cmdlineFields["tvix.shell"]; ok { + // If tvix.shell is set, mount the nix store to /nix/store directly, + // then invoke the elvish shell + if err := mountTvixStore("/nix/store"); err != nil { + log.Printf("Failed to mount tvix store: %v\n", err) + } - // If tvix.shell is set, invoke the elvish shell - if v, ok := cmdlineFields["tvix.shell"]; ok { - log.Printf("Invoking shell%s\n…", v) if err := run("elvish"); err != nil { log.Printf("Failed to run shell: %s\n", err) } - } + } else if v, ok := cmdlineFields["tvix.run"]; ok { + // If tvix.run is set, mount the nix store to /nix/store directly, + // then invoke the command. + if err := mountTvixStore("/nix/store"); err != nil { + log.Printf("Failed to mount tvix store: %v\n", err) + } + + if err := run(v); err != nil { + log.Printf("Failed to run command: %s\n", err) + } + } else if v, ok := cmdlineFields["init"]; ok { + // If init is set, invoke the binary specified (with switch_root), + // and prepare /fs beforehand as well. + os.Mkdir("/fs", os.ModePerm) + if err := run("mount", "-t", "tmpfs", "none", "/fs"); err != nil { + log.Fatalf("Failed to mount /fs tmpfs: %s\n", err) + } + + // Mount /fs/nix/store + if err := mountTvixStore("/fs/nix/store"); err != nil { + log.Fatalf("Failed to mount tvix store: %v\n", err) + } - // If tvix.exec is set, invoke the binary specified - if v, ok := cmdlineFields["tvix.exec"]; ok { - log.Printf("Invoking %s\n…", v) - if err := syscall.Exec(v, []string{v}, []string{}); err != nil { - log.Printf("Failed to exec: %s\n", err) + // Invoke switch_root, which will take care of moving /proc, /sys and /dev. + if err := syscall.Exec("/bbin/switch_root", []string{"switch_root", "/fs", v}, []string{}); err != nil { + log.Printf("Failed to switch root: %s\n", err) } + } else { + log.Printf("No command detected, not knowing what to do!") } - log.Println("Powering off") + // This is only reached in the non switch_root case. + log.Printf("Nothing left to be done, powering off.") if err := run("poweroff"); err != nil { - log.Printf("Failed to run command: %v\n", err) + log.Printf("Failed to run poweroff command: %v\n", err) } } -- cgit 1.4.1