diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml
index cec399b62199..fc3d75f32cf0 100644
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@@ -535,6 +535,20 @@
use nixos-rebuild boot; reboot.
+
+
+ Symlinks in /etc (except /etc/static)
+ are now relative instead of absolute. This makes possible to examine
+ NixOS container's /etc directory from host system
+ (previously it pointed to host /etc when viewed from host,
+ and to container /etc when viewed from container chroot).
+
+
+ This also makes /etc/os-release adhere to
+ the standard
+ for NixOS containers.
+
+
Flat volumes are now disabled by default in hardware.pulseaudio.
diff --git a/nixos/modules/system/etc/make-etc.sh b/nixos/modules/system/etc/make-etc.sh
index 1ca4c3046f0e..9c0520e92fc2 100644
--- a/nixos/modules/system/etc/make-etc.sh
+++ b/nixos/modules/system/etc/make-etc.sh
@@ -10,6 +10,11 @@ users_=($users)
groups_=($groups)
set +f
+# Create relative symlinks, so that the links can be followed if
+# the NixOS installation is not mounted as filesystem root.
+# Absolute symlinks violate the os-release format
+# at https://www.freedesktop.org/software/systemd/man/os-release.html
+# and break e.g. systemd-nspawn and os-prober.
for ((i = 0; i < ${#targets_[@]}; i++)); do
source="${sources_[$i]}"
target="${targets_[$i]}"
@@ -19,14 +24,14 @@ for ((i = 0; i < ${#targets_[@]}; i++)); do
# If the source name contains '*', perform globbing.
mkdir -p $out/etc/$target
for fn in $source; do
- ln -s "$fn" $out/etc/$target/
+ ln -s --relative "$fn" $out/etc/$target/
done
else
-
+
mkdir -p $out/etc/$(dirname $target)
if ! [ -e $out/etc/$target ]; then
- ln -s $source $out/etc/$target
+ ln -s --relative $source $out/etc/$target
else
echo "duplicate entry $target -> $source"
if test "$(readlink $out/etc/$target)" != "$source"; then
@@ -34,13 +39,13 @@ for ((i = 0; i < ${#targets_[@]}; i++)); do
exit 1
fi
fi
-
+
if test "${modes_[$i]}" != symlink; then
echo "${modes_[$i]}" > $out/etc/$target.mode
echo "${users_[$i]}" > $out/etc/$target.uid
echo "${groups_[$i]}" > $out/etc/$target.gid
fi
-
+
fi
done
diff --git a/nixos/modules/system/etc/setup-etc.pl b/nixos/modules/system/etc/setup-etc.pl
index eed20065087f..82ef49a2a27e 100644
--- a/nixos/modules/system/etc/setup-etc.pl
+++ b/nixos/modules/system/etc/setup-etc.pl
@@ -4,6 +4,7 @@ use File::Copy;
use File::Path;
use File::Basename;
use File::Slurp;
+use File::Spec;
my $etc = $ARGV[0] or die;
my $static = "/etc/static";
@@ -17,6 +18,20 @@ sub atomicSymlink {
return 1;
}
+# Create relative symlinks, so that the links can be followed if
+# the NixOS installation is not mounted as filesystem root.
+# Absolute symlinks violate the os-release format
+# at https://www.freedesktop.org/software/systemd/man/os-release.html
+# and break e.g. systemd-nspawn and os-prober.
+sub atomicRelativeSymlink {
+ my ($source, $target) = @_;
+ my $tmp = "$target.tmp";
+ unlink $tmp;
+ my $rel = File::Spec->abs2rel($source, dirname $target);
+ symlink $rel, $tmp or return 0;
+ rename $tmp, $target or return 0;
+ return 1;
+}
# Atomically update /etc/static to point at the etc files of the
# current configuration.
@@ -103,7 +118,7 @@ sub link {
if (-e "$_.mode") {
my $mode = read_file("$_.mode"); chomp $mode;
if ($mode eq "direct-symlink") {
- atomicSymlink readlink("$static/$fn"), $target or warn;
+ atomicRelativeSymlink readlink("$static/$fn"), $target or warn;
} else {
my $uid = read_file("$_.uid"); chomp $uid;
my $gid = read_file("$_.gid"); chomp $gid;
@@ -117,7 +132,7 @@ sub link {
push @copied, $fn;
print CLEAN "$fn\n";
} elsif (-l "$_") {
- atomicSymlink "$static/$fn", $target or warn;
+ atomicRelativeSymlink "$static/$fn", $target or warn;
}
}