~amjoseph/ownerboot

07664e909cc663da18e6d405c56ebec6e2aa94c8 — Adam Joseph 2 months ago ef4f184
src/main: add add-image-deriver-as-dependency?true

This commit adds a new option `add-image-deriver-as-dependency`.
When enabled (it is by default), a symlink `$out/etc/image.drv` will
be created, pointing to the *deriver* of `$out/coreboot.rom`.

The symlink guarantees that:

1. The derivations used to build `$out/coreboot.rom` will not be
   garbage collected as long as `$out` is referenced.

2. Whenever `$out` is copied to a store, the derivations used to
   build `$out/coreboot.rom` will also be copied.

The Nix option `keep-derivers` (which defaults to `true`) provides
the first guarantee, but does not provide the second guarantee.

If a bootflash image is copied into /nix/store from a substituter
rather than as a result of being built, its deriver will not be in
/nix/store.  This is a very unfortunate situation, since bootflash
image updates very infrequent events.  It is extremely useful to be
able to find out exactly how the bootflash image on a machine was
built.

For motivation, see the following commit, which logs each attempted
bootflash write to a profile.  Without
add-image-deriver-as-dependency, this logging would not preserve the
deriver of the bootflash image in situations where the bootflash is
built and written on different machines.  If the bootflash is never
written on the machine that built it (which might not even be
possible!) its deriver would exist in the store of only the build
machine, and would be eligible for garbage collection immediately.
1 files changed, 17 insertions(+), 0 deletions(-)

M src/main/default.nix
M src/main/default.nix => src/main/default.nix +17 -0
@@ 4,6 4,20 @@
, lib
, image
, scripts

# If true (the default), a symbolic link to ${image.drvPath} will be
# made in $out/etc.  This has two consequences:
#
# 1. Whenever the outpath of this derivation is copied into a
#    machine's store, the deriver of `image` will also be copied
#    (Nix does not do this by default!)
#
# 2. The deriver of `image` cannot be removed from the store before
#    the outpath of this derivation is removed (a similar effect can
#    be achieved with `--option keep-deriver true`, which is the
#    default).
#
, add-image-deriver-as-dependency ? true
}:

let


@@ 25,6 39,9 @@ in nixpkgsOnBuildForHost.stdenv.mkDerivation (finalAttrs: {
    ln -s ${image}/config        $out/etc/coreboot.config
    ln -s ${image.passthru.fmap} $out/etc/coreboot.fmap

  '' + lib.optionalString add-image-deriver-as-dependency ''
    ln -s ${builtins.storePath (builtins.unsafeDiscardStringContext image.drvPath)} $out/etc/image.drv

  '' + (lib.concatStringsSep "\n" (lib.mapAttrsToList (scriptName: scriptText: ''
    ln -s ${writeShellScript scriptName scriptText} $out/bin/${scriptName}.sh