'initrd-modules' check has false positives

Done

Details

3 participants

Danny Milosavljevic
Ludovic Courtès
Tomáš ?ech

Owner: unassigned

Submitted by: Tomáš ?ech

Severity: important

Tomáš ?ech wrote on 9 Mar 2018 18:35

guix system init broken on non GuixSD

Recipients:(address . bug-guix@gnu.org)

Message-ID:20180309173530.wfdw356rf53tesck@doom

`guix system init` seems to be broken for non GuixSD distirbutions:

When I tried it on openSUSE:

# guix system --no-bootloader init /Devel/git/guix-config/config.scm /mnt/mnt/

;;; note: source file /Devel/extra/gnu/packages/connman.scm

;;; newer than compiled /root/.config/guix/latest/gnu/packages/connman.go

;;; note: source file /Devel/extra/gnu/packages/connman.scm

;;; newer than compiled /usr/lib64/guile/2.2/site-ccache/gnu/packages/connman.go

;;; note: source file /Devel/extra/gnu/packages/connman.scm

;;; newer than compiled /usr/lib64/guile/2.2/site-ccache/gnu/packages/connman.go

guix system: error: open-file: No such file or directory: "/run/booted-system/kernel/lib/modules/4.15.6-1-default/modules.alias"

4.15.6-1-default is version of my running kernel, but not defined as package - it is not expected to be used for guix call.

/run/booted-system/ is specific for GuixSD.

Danny Milosavljevic wrote on 9 Mar 2018 23:15

Recipients:(address . ludo@gnu.org)

Message-ID:20180309231543.2ede5fa1@scratchpost.org

Hi Ludo,

there's a problem with check-device-initrd-modules: on "guix system init"

it doesn't get linux-module-directory and doesn't pass it on to matching-modules.

matching-modules then eventually defaults to (current-alias-file) - which is not

found on a non-GuixSD system.

Would it be possible to get rid of the defaults in gnu/build/linux-modules.scm ?

I don't think those are safe or useful for our requirements. I've had to work

around those before.

check-initrd-modules could use the initrd's new kernel modules to find

out which modules to include (after all).

Then we could also check the dependencies directly in the new Linux kernel

modules and all in all it would be safer.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlqjB48ACgkQ5xo1VCww

uqXJMQf/f3S6e2bIbSbl2+zgscmWjjQGJDpy89By8s0VKYBr6rtHVZ1n3ui2dDww

PpAGN1BdlCBw5aomUhrBal7uKnjXOmgLf3A1TU2IDxJMWRy7yyMRoWQ6NNVQv4Jd

t42BCpe32iUOma0LK5tmJAJO4Ua71FtG4W/KAoCEX9quevMiVaH7KtDIoDXxgDPe

vBSz8INN3pujZnhXE1Rstfs8qiyvRcHlPuLd/r3WqzKW8sCp92N+LXchN8S0BnDf

pRTjLJseRgvw9khnGs5KE5wsT79Uz8nq8rMn6nK/ZLC4NNgpCMO6AVewCvBv8Cqx

Ju20oayht9EnHsiHE6d/+T/maqgItQ==

=xXKC

-----END PGP SIGNATURE-----

Ludovic Courtès wrote on 9 Mar 2018 23:42

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)

Message-ID:87efksyioy.fsf@gnu.org

Hello,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (5 lines)

> there's a problem with check-device-initrd-modules: on "guix system init"

> it doesn't get linux-module-directory and doesn't pass it on to matching-modules.

> matching-modules then eventually defaults to (current-alias-file) - which is not

> found on a non-GuixSD system.

Yeah.

Toggle quote (10 lines)> Would it be possible to get rid of the defaults in gnu/build/linux-modules.scm ?
> I don't think those are safe or useful for our requirements.  I've had to work
> around those before.
>
> check-initrd-modules could use the initrd's new kernel modules to find
> out which modules to include (after all).
>
> Then we could also check the dependencies directly in the new Linux kernel
> modules and all in all it would be safer.

It would be safer indeed, but we’d have to build the kernel and

everything before we can make a diagnostic. That would lead to a weird

user experience, similar to what we currently see with grafts (things

are built/downloader, and later on you get a message about what’s going

to be built.)

The current tradeoff is to make that diagnostic based on the running

kernel, even if it’s an approximation.

If that’s fine with you I’d like to fix this bug with the conservative

patch below.

Thoughts?

Ludo’.

Toggle diff (66 lines)diff --git a/gnu/build/linux-modules.scm b/gnu/build/linux-modules.scm
index 4fe673cca..8cae4fb63 100644
--- a/gnu/build/linux-modules.scm
+++ b/gnu/build/linux-modules.scm
@@ -40,6 +40,7 @@
             current-module-debugging-port
 
             device-module-aliases
+            current-alias-file
             known-module-aliases
             matching-modules))
 
diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index 1eb5f5130..16a8c4375 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -353,17 +353,27 @@ loaded at boot time in the order in which they appear."
 (define (check-device-initrd-modules device linux-modules location)
   "Raise an error if DEVICE needs modules beyond LINUX-MODULES to operate.
 DEVICE must be a \"/dev\" file name."
-  (let ((modules (delete-duplicates
-                  (append-map matching-modules
-                              (device-module-aliases device)))))
-    (unless (every (cute member <> linux-modules) modules)
-      (raise (condition
-              (&message
-               (message (format #f (G_ "you may need these modules \
+  (define aliases
+    ;; Attempt to load 'modules.alias' from the current kernel, assuming we're
+    ;; on GuixSD, and assuming that corresponds to the kernel we'll be
+    ;; installing.  Skip the whole thing if that file cannot be read.
+    (catch 'system-error
+      (lambda ()
+        (known-module-aliases))
+      (const #f)))
+
+  (when aliases
+    (let ((modules (delete-duplicates
+                    (append-map (cut matching-modules <> aliases)
+                                (device-module-aliases device)))))
+      (unless (every (cute member <> linux-modules) modules)
+        (raise (condition
+                (&message
+                 (message (format #f (G_ "you may need these modules \
 in the initrd for ~a:~{ ~a~}")
-                                device modules)))
-              (&fix-hint
-               (hint (format #f (G_ "Try adding them to the
+                                  device modules)))
+                (&fix-hint
+                 (hint (format #f (G_ "Try adding them to the
 @code{initrd-modules} field of your @code{operating-system} declaration, along
 these lines:
 
@@ -373,8 +383,8 @@ these lines:
    (initrd-modules (append (list~{ ~s~})
                            %base-initrd-modules)))
 @end example\n")
-                             modules)))
-              (&error-location
-               (location (source-properties->location location))))))))
+                               modules)))
+                (&error-location
+                 (location (source-properties->location location)))))))))
 
 ;;; linux-initrd.scm ends here

Danny Milosavljevic wrote on 9 Mar 2018 23:52

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180309235221.49e695d9@scratchpost.org

[huge build]

Toggle quote (3 lines)

> The current tradeoff is to make that diagnostic based on the running

> kernel, even if it’s an approximation.

Ah, good point.

Toggle quote (3 lines)

> If that’s fine with you I’d like to fix this bug with the conservative

> patch below.

Sure, looks good.

While we are approximating we could also in a later version fall back to

(the host system's) "`cat /proc/sys/kernel/modprobe` --showconfig" - it

could be used to find aliases.

But maybe that would make it brittle. Hmm...

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlqjECUACgkQ5xo1VCww

uqXggwgAhQBUarGdn2nD/7jANKf4qNbaOls/fTnXGr/d9pa+slo9rMTwrM/AKNVZ

nitHOd51tY4YkAia8XBVXe66TGBLFMQrq5lufiMHdYzfFI8RVcjS66Yugd/XSocd

9YtVV1qKQjwFEox8AhiQpIJoVFGJJE6eL8zGICC8Je3nEBV4sW57OROLGT+WfU5p

9IhQjN1C6S9gtQanyQW7y8tajcge4PJS0h51P5pATmspx+hTtUa2iMb/ZBnuVy1t

3VgJNROEjgL5Aq4DFO7WB7A+K4LUK90V7FYshW3ZHmxUeSCQh8pvRyH9IBMcFvz6

milIkM5vf797Nrdk4UJOVGYxWm4VxQ==

=qlP2

-----END PGP SIGNATURE-----

Ludovic Courtès wrote on 10 Mar 2018 00:19

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)

Message-ID:87woykx2ef.fsf@gnu.org

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (11 lines)> [huge build]
>> The current tradeoff is to make that diagnostic based on the running
>> kernel, even if it’s an approximation.
>
> Ah, good point.
>
>> If that’s fine with you I’d like to fix this bug with the conservative
>> patch below.
>
> Sure, looks good.

Pushed as 8d5c14edf5a6d01f859b1aa00c836ffdb5ddecf4.

Toggle quote (6 lines)

> While we are approximating we could also in a later version fall back to

> (the host system's) "`cat /proc/sys/kernel/modprobe` --showconfig" - it

> could be used to find aliases.

> But maybe that would make it brittle. Hmm...

Yeah, I don’t think it’d make a big difference.

BTW, we should add a ‘--skip-checks’ option to ‘guix system’ so that

users can skip those checks. That’d provide an escape hatch in case

‘check-device-initrd-modules’ makes the wrong diagnostic.

Thoughts?

Ludo’.

Closed

Tomáš ?ech wrote on 10 Mar 2018 22:42

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180310214228.uie2qxbiihaukpz5@doom

On Sat, Mar 10, 2018 at 12:19:52AM +0100, Ludovic Courtès wrote:

Toggle quote (15 lines)>Danny Milosavljevic <dannym@scratchpost.org> skribis:
>
>> [huge build]
>>> The current tradeoff is to make that diagnostic based on the running
>>> kernel, even if it’s an approximation.
>>
>> Ah, good point.
>>
>>> If that’s fine with you I’d like to fix this bug with the conservative
>>> patch below.
>>
>> Sure, looks good.
>
>Pushed as 8d5c14edf5a6d01f859b1aa00c836ffdb5ddecf4.

I'm afraid that now it leads to:

Backtrace:
         12 (primitive-load "/usr/bin/guix")
In guix/ui.scm:
 1501:12 11 (run-guix-command _ . _)
In ice-9/boot-9.scm:
   829:9 10 (catch _ _ #<procedure 7fa007c66420 at guix/ui.scm:552…> …)
   829:9  9 (catch _ _ #<procedure 7fa007c66438 at guix/ui.scm:660…> …)
In guix/scripts/system.scm:
  1180:8  8 (_)
  1052:6  7 (process-action _ _ _)
In guix/store.scm:
 1443:24  6 (run-with-store _ _ #:guile-for-build _ #:system _ # _)
In guix/scripts/system.scm:
 1065:13  5 (_ _)
   764:4  4 (perform-action init #<<operating-system> kernel: #<pa…> …)
In srfi/srfi-1.scm:
   640:9  3 (for-each #<procedure 55b8f874b9c0 at guix/scripts/sys…> …)
In gnu/system/linux-initrd.scm:
   360:4  2 (check-device-initrd-modules "/dev/nvme0n1p2" ("ahci" …) …)
In ice-9/boot-9.scm:
   829:9  1 (catch system-error #<procedure 7fa004522f60 at gnu/sy…> …)
In gnu/system/linux-initrd.scm:
   361:6  0 (_)

gnu/system/linux-initrd.scm:361:6: known-module-aliases: unbound variable


This is part of my config:

(initrd (lambda (file-system . rest)
          (raw-initrd file-systems
                      #:linux linux-x1-sw1
                      #:linux-modules '()
                      #:helper-packages '(linux-firmware-initrd-x1-sw1)
                      #:mapped-devices mapped-devices)))


I don't have any modules to be loaded in initrd, kernel is compiled
using my configuration which fits my needs and follows the HW it will run on.

S_W

Danny Milosavljevic wrote on 11 Mar 2018 17:31

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180311173118.69f09b07@scratchpost.org

Hi Ludo,

Toggle quote (4 lines)

> BTW, we should add a ‘--skip-checks’ option to ‘guix system’ so that

> users can skip those checks. That’d provide an escape hatch in case

> ‘check-device-initrd-modules’ makes the wrong diagnostic.

Yeah, good idea!

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlqlWdYACgkQ5xo1VCww

uqX/6Af+KEnlxuSsYOYUxb/G+s+ox57y1dToUoGzHtjnc6qLLNWd1GQwvHHtK9Nn

J7ga2bIWz0cDi2iHZQVQpP4kthHqFdAu9SNdx9cJ5tqP2oQpZ+JdpPdHAz8ruaSV

ba+lBKm5NilMeggV+OlvrXS5v9OwWbdZB5t+hP2SPCYtJfPYojBL0I+X9lMz+/2J

+xurlV/6/rDMRRuQcqlts5jLFetUdeJA2Qzkma3+g2eOxoqZUmMorF9FuXWpbsuX

pA9cEIMEmIrMQqPAobSBpRFic0sdpdTcAfKBVqm73B6mRZBL/eNN0T1pWBwgin/q

KzcjAdiUmwp9XhNBWu5cOiMvFNJdTA==

=PW3n

-----END PGP SIGNATURE-----

Closed

Tomáš ?ech wrote on 12 Mar 2018 10:19

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180312091923.q47b3mrhzsl4vr75@doom

On Sun, Mar 11, 2018 at 10:38:18PM +0100, Ludovic Courtès wrote:

Toggle quote (12 lines)>Tomáš ?ech <sleep_walker@gnu.org> skribis:
>
>> In ice-9/boot-9.scm:
>>    829:9  1 (catch system-error #<procedure 7fa004522f60 at gnu/sy…> …)
>> In gnu/system/linux-initrd.scm:
>>    361:6  0 (_)
>>
>> gnu/system/linux-initrd.scm:361:6: known-module-aliases: unbound variable
>
>My bad!  Danny eventually fixed it in
>0803ddf2677ead5e9d8ef698316125e0c8b9c998.

I'm afraid this is still not correct.

# guix system init config.scm /mnt/mnt/

...

config.scm:64:9: error: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp

hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:

(operating-system

;; ...

(initrd-modules (append (list "shpchp")

%base-initrd-modules)))

I don't have `shpchp` as a module as I have it compiled into kernel

directly. Can I somehow disable the check?

Thanks.

S_W

Danny Milosavljevic wrote on 12 Mar 2018 13:24

Recipients:(address . 30760@debbugs.gnu.org)

Message-ID:20180312132437.2a4b2ca7@scratchpost.org

Toggle quote (15 lines)> I'm afraid this is still not correct.
> 
> # guix system init config.scm /mnt/mnt/
> ...
> config.scm:64:9: error: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp
> hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:
> 
>       (operating-system
>         ;; ...
>         (initrd-modules (append (list "shpchp")
>                                 %base-initrd-modules)))
> 
> I don't have `shpchp` as a module as I have it compiled into kernel
> directly. Can I somehow disable the check?

I think it's a good idea to add a command-line switch that disables the check.

But then people will just disable the check always and it won't improve until

it's correct. It's still a good idea to give people the choice.

@Ludo: It would also be great to have a command-line switch to check the slow,

correct, way. We'd also have to check modules.builtin of the new system's initrd

- but we'd do it only when the option is passed :)

I suggest to change it to:

Toggle quote (3 lines)

> # guix system init config.scm /mnt/mnt/

> ...

> config.scm:64:9: WARNING: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp

^^^ not error

Toggle quote (10 lines)> hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:
> 
>       (operating-system
>         ;; ...
>         (initrd-modules (append (list "shpchp")
>                                 %base-initrd-modules)))
>
> If you think this warning is mistaken, invoke guix again with the option
> --enable-paranoid-initrd-checks to be on the safe side, or with the option
> --skip-initrd-checks to continue regardless.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlqmcYUACgkQ5xo1VCww

uqXjQQf+K/p/Wm3nzvXXxLZLjxLf27zrQHDzaMci8J7EfAv4SX21OqCspg++QRNA

NmSqs1lwmgMZog84x1qMa/fHB8A0QODhFxNemC3U4vtaQdSD/GmLRarg/dDWqzMH

62XmM7k/rB3KG0dBbhBaNyBldgO2m0iYeOXrLjO+rh+q/dT4OnnM6/rzx6dY73Cz

g9TAqxreNc4t+eeIHRY7NfJthZi4uTn3dYFhRETJNc4fWvhfx+87RwR9SBiIiErK

IzS5Vks4nsLs1Y2OMC0T8TADFTOYEqz1CuvwpfaRbHUustsqIzmHdvCmhHVZVd5M

u9YYaxGtZkqjIRKNkMvJYu7B089ddA==

=zJmL

-----END PGP SIGNATURE-----

Danny Milosavljevic wrote on 12 Mar 2018 13:38

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:20180312133821.58304526@scratchpost.org

Or maybe to this:

Toggle quote (14 lines)> > # guix system init config.scm /mnt/mnt/
> > ...
> > config.scm:64:9: WARNING: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp  
>                    ^^^ not error
> > hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:
> > 
> >       (operating-system
> >         ;; ...
> >         (initrd-modules (append (list "shpchp")
> >                                 %base-initrd-modules)))
> >
> > (sleeps 5 s)
> > (builds entire system)
> > (checks the slow, correct way at the end - when everything was built already anyway)

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlqmdL4ACgkQ5xo1VCww

uqUHeAf/TiLja7X5nWfmXpx/QtbELQ52/3csqceL3iYpuiy5Ld5lvzi8UGWrGlTP

jV62wiQ4sr98euySuruIIRTXF0FZWt4reLa32w3fqwgfMqHjdjMcf3XPdp6qBtHT

dgreXiR9uO6tzRmhZ5lZLQ5pj8jhNGaoBwPIvMsoXfg5DcP2H5E990u5GHPs4RmT

PSDCAvFiq9IpVmj0aIDlA2s7E2+vklOCBGwFFb+Bb3AGm0YSragKCSXXUDMAUxMy

2Otx6MMUS8TjO8siWCzQEQslY+SVVh0TVUZL0KQcBS9Y++L/lcLMXH41xP9NYfb7

PRWKC+hqJw/3n1yKrMazHq8keI7Cag==

=QB5+

-----END PGP SIGNATURE-----

Ludovic Courtès wrote on 12 Mar 2018 13:57

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)

Message-ID:877eqhqwnv.fsf@gnu.org

Hello,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (15 lines)>> I'm afraid this is still not correct.
>> 
>> # guix system init config.scm /mnt/mnt/
>> ...
>> config.scm:64:9: error: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp
>> hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:
>> 
>>       (operating-system
>>         ;; ...
>>         (initrd-modules (append (list "shpchp")
>>                                 %base-initrd-modules)))
>> 
>> I don't have `shpchp` as a module as I have it compiled into kernel
>> directly. Can I somehow disable the check?

Exactly what I feared. ;-)

Toggle quote (16 lines)> I think it's a good idea to add a command-line switch that disables the check.
>
> But then people will just disable the check always and it won't improve until
> it's correct.  It's still a good idea to give people the choice.
>
> @Ludo: It would also be great to have a command-line switch to check the slow,
> correct, way.  We'd also have to check modules.builtin of the new system's initrd
> - but we'd do it only when the option is passed :)
>
> I suggest to change it to:
>
>> # guix system init config.scm /mnt/mnt/
>> ...
>> config.scm:64:9: WARNING: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp
>                    ^^^ not error

I thought about making it a warning rather than an error back then, but

thought that it wouldn’t work well: the warning would immediately go

off-screen as build logs start scrolling by.

Thus I took the optimistic view that false positives like the one Tomáš

experienced should be rare because usually init/reconfigure are used on

GuixSD, with a kernel config very close to the target config.

Nevertheless, the risk of false-positives obviously exists, hence the

need for an escape hatch.

What about the attached patch?

Thanks,

Ludo’.

Toggle diff (85 lines)diff --git a/doc/guix.texi b/doc/guix.texi
index d3a7908f9..bcea89e07 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20458,6 +20458,16 @@ of the image size as a function of the size of the system declared in
 Make @var{file} a symlink to the result, and register it as a garbage
 collector root.
 
+@item --skip-checks
+Skip pre-installation safety checks.
+
+By default, @command{guix system init} and @command{guix system
+reconfigure} perform safety checks: they make sure the file systems that
+appear in the @code{operating-system} declaration actually exist
+(@pxref{File Systems}), and that any Linux kernel modules that may be
+needed at boot time are listed in @code{initrd-modules} (@pxref{Initial
+RAM Disk}).  Passing this option skips these tests altogether.
+
 @item --on-error=@var{strategy}
 Apply @var{strategy} when an error occurs when reading @var{file}.
 @var{strategy} may be one of the following:
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index acfccce96..f0c4a2ba1 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -733,7 +733,8 @@ and TARGET arguments."
                       (#$installer #$bootloader #$device #$target))))))
 
 (define* (perform-action action os
-                         #:key install-bootloader?
+                         #:key skip-safety-checks?
+                         install-bootloader?
                          dry-run? derivations-only?
                          use-substitutes? bootloader-target target
                          image-size file-system-type full-boot?
@@ -750,7 +751,10 @@ When DERIVATIONS-ONLY? is true, print the derivation file name(s) without
 building anything.
 
 When GC-ROOT is a path, also make that path an indirect root of the build
-output when building a system derivation, such as a disk image."
+output when building a system derivation, such as a disk image.
+
+When SKIP-SAFETY-CHECKS? is true, skip the file system and initrd module
+static checks."
   (define println
     (cut format #t "~a~%" <>))
 
@@ -760,7 +764,8 @@ output when building a system derivation, such as a disk image."
   ;; Check whether the declared file systems exist.  This is better than
   ;; instantiating a broken configuration.  Assume that we can only check if
   ;; running as root.
-  (when (memq action '(init reconfigure))
+  (when (and (not skip-safety-checks?)
+             (memq action '(init reconfigure)))
     (check-mapped-devices os)
     (when (zero? (getuid))
       (check-file-system-availability (operating-system-file-systems os))
@@ -933,6 +938,8 @@ Some ACTIONS support additional ARGS.\n"))
       --expose=SPEC      for 'vm', expose host file system according to SPEC"))
   (display (G_ "
       --full-boot        for 'vm', make a full boot sequence"))
+  (display (G_ "
+      --skip-checks      skip file system and initrd module safety checks"))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -974,6 +981,9 @@ Some ACTIONS support additional ARGS.\n"))
          (option '("full-boot") #f #f
                  (lambda (opt name arg result)
                    (alist-cons 'full-boot? #t result)))
+         (option '("skip-checks") #f #f
+                 (lambda (opt name arg result)
+                   (alist-cons 'skip-safety-checks? #t result)))
 
          (option '("share") #t #f
                  (lambda (opt name arg result)
@@ -1067,6 +1077,8 @@ resulting from command-line parsing."
                              #:derivations-only? (assoc-ref opts
                                                             'derivations-only?)
                              #:use-substitutes? (assoc-ref opts 'substitutes?)
+                             #:skip-safety-checks?
+                             (assoc-ref opts 'skip-safety-checks?)
                              #:file-system-type (assoc-ref opts 'file-system-type)
                              #:image-size (assoc-ref opts 'image-size)
                              #:full-boot? (assoc-ref opts 'full-boot?)

Ludovic Courtès wrote on 12 Mar 2018 13:57

control message for bug #30760

Recipients:(address . control@debbugs.gnu.org)

Message-ID:876061qwmo.fsf@gnu.org

retitle 30760 'initrd-modules' check has false positives

Ludovic Courtès wrote on 12 Mar 2018 13:57

Recipients:(address . control@debbugs.gnu.org)

Message-ID:874lllqwmj.fsf@gnu.org

severity 30760 important

Tomáš ?ech wrote on 12 Mar 2018 16:27

Re: bug#30760: guix system init broken on non GuixSD

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)

Message-ID:20180312152732.a7km7vad4gack5ww@doom

On Mon, Mar 12, 2018 at 01:24:37PM +0100, Danny Milosavljevic wrote:

Toggle quote (20 lines)>> I'm afraid this is still not correct.
>>
>> # guix system init config.scm /mnt/mnt/
>> ...
>> config.scm:64:9: error: you may need these modules in the initrd for /dev/nvme0n1p2: shpchp
>> hint: Try adding them to the `initrd-modules' field of your `operating-system' declaration, along these lines:
>>
>>       (operating-system
>>         ;; ...
>>         (initrd-modules (append (list "shpchp")
>>                                 %base-initrd-modules)))
>>
>> I don't have `shpchp` as a module as I have it compiled into kernel
>> directly. Can I somehow disable the check?
>
>I think it's a good idea to add a command-line switch that disables the check.
>
>But then people will just disable the check always and it won't improve until
>it's correct.  It's still a good idea to give people the choice.

Just small note - In my case I always run `system build` before

`system init` so I don't mind having any deeper analysis based on code

and configuration as long as it is correct. Maybe more people is using

same approach.

Best regards,

S_W

Ludovic Courtès wrote on 15 Mar 2018 11:43

Recipients:(name . Danny Milosavljevic)(address . dannym@scratchpost.org)

Message-ID:87lgetvcui.fsf@gnu.org

Hi!

ludo@gnu.org (Ludovic Courtès) skribis:

Toggle quote (5 lines)

> Nevertheless, the risk of false-positives obviously exists, hence the

> need for an escape hatch.

> What about the attached patch?

Pushed as 61b1dbbdcd87f6b37d6b87715a9a4da4e63485ab.

Thanks,

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 30760@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date