Graham/fh 496 nix installer incorrectly validates fstab entries (#1338)

* Enable nosuid and noatime. /nix should not contain suid/setgid binaries in general. We don't need atime either. At the time, I think we were wondering if nix-collect-garbage used atime. It doesn't. Having atime is a pretty big performance penalty, and macOS mounts most filesytems noatime already. * Allow filter_map's that can just be .filter, since those are easier to read * Move the "prelude" into a suffix, which makes writing and updating the fstab a much simpler operation. The fstab on macOS, where this is used, appears to handle a suffix comment just fine. * Stop trying to detect foreign / native fstab entries. * Generally, cut out a lot of opportunities for failure by implementing this as a straightforward filter and map. * Make sure the fstab ends with a newline
DeterminateSystems · Dec 5, 2024 · b75ab75 · b75ab75
1 parent 7ed07a6
commit b75ab75
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 208 deletions.
diff --git a/src/action/macos/create_determinate_nix_volume.rs b/src/action/macos/create_determinate_nix_volume.rs
@@ -86,7 +86,7 @@ impl CreateDeterminateNixVolume {
                 .map_err(Self::error)?
         };
 
-        let create_fstab_entry = CreateFstabEntry::plan(name.clone(), &create_volume)
+        let create_fstab_entry = CreateFstabEntry::plan(name.clone())
             .await
             .map_err(Self::error)?;