Demi Marie Obenour <demiobenour@gmail.com> writes:
On 9/8/25 04:59, Alyssa Ross wrote:
Demi Marie Obenour <demiobenour@gmail.com> writes:
DIRS = \ - dev \ etc/s6-linux-init/env \ etc/s6-linux-init/run-image/configs \ etc/s6-linux-init/run-image/service/dbus/instance \ @@ -90,14 +89,11 @@ DIRS = \ etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/instances \ etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/data \ etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host/template/env \ - etc/s6-linux-init/run-image/user \ etc/s6-linux-init/run-image/vm/by-id \ etc/s6-linux-init/run-image/vm/by-name \ etc/s6-linux-init/run-image/wait \ ext \ - run \ - proc \ - sys \ + root \
I'm not sure what we'd want /root for? Root's home directory is /.
It is certainly /root on my systems.
On Spectrum it is not, because there's no need for an extraneous, empty, read-only directory: root:x:0:0:System administrator:/:/bin/sh
diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh index d566a4ac7b30f55338fe9b8b6a94702686f6ddd1..5196394d405310971659b0dbc0c91cfcaaaf9118 100755 --- a/scripts/make-erofs.sh +++ b/scripts/make-erofs.sh @@ -115,5 +115,39 @@ find "$root" \ find "$root/etc" "$root/var" ! -type l -execdir chmod u+w,go-w,ugo+rX -- '{}' + chmod 0755 "$root"
+# Fix permissions on / so that the subsequent commands work +chmod 0755 "$root" + +# Create the basic mount points for pseudo-filesystems and tmpfs filesystems. +# These should always be mounted over, so use 0400 permissions for them. +# 0000 would be better, but it breaks mkfs.erofs as it tries to open the +# directories for reading. +mkdir -m 0400 "$root/dev" "$root/proc" "$root/run" "$root/sys" "$root/tmp" + +# Cause s6-linux-init to create /run/lock and /run/user +# with the correct mode (0755) and create /home, +# /var/cache, /var/log, and /var/spool directly. +mkdir -m 0755 \ + "$root/etc/s6-linux-init/run-image/lock" \ + "$root/etc/s6-linux-init/run-image/user" \ + "$root/home" \ + "$root/var/cache" \ + "$root/var/log" \ + "$root/var/spool" + +# Create symbolic links that are always expected to exist. +chmod 0755 "$root/usr" +ln -s ../proc/self/mounts "$root/etc/mtab" +ln -s ../run "$root/var/run" +ln -s ../run/lock "$root/var/lock" +ln -s ../tmp "$root/var/tmp" +ln -s bin "$root/usr/sbin" +ln -s lib "$root/usr/lib64"
This doesn't seem right as a generic thing. Nix-built binaries won't ever need this. It's only in img/app for AppImage etc. compatibility. Not relevant to other images.
I decided it was better to add all of these now to avoid any sort of problems later on. The size impact is tiny and the cost of debugging a problem later on would not be. In particular, contributors not so used to NixOS might assume these exist.
I think they'll very quickly figure it out.