readOnlyStore: Don't do a read-only bind-mount of an already read-only store.

Signed-off-by: Shea Levy <shea@shealevy.com>

modules/system/boot/readonly-mountpoint.c

@@ -0,0 +1,21 @@
+#include <sys/statvfs.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char ** argv) {
+	struct statvfs stat;
+	int res;
+	if (argc != 2) {
+		fprintf(stderr, "Usage: %s PATH", argv[0]);
+		exit(2);
+	}
+	if(statvfs(argv[1], &stat) != 0) {
+		perror("statvfs");
+		exit(3);
+	}
+	if (stat.f_flag & ST_RDONLY)
+		exit(0);
+	else
+		exit(1);
+}
+

modules/system/boot/stage-2-init.sh

@@ -51,9 +51,11 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
 chown 0:30000 /nix/store
 chmod 1775 /nix/store
 if [ -n "@readOnlyStore@" ]; then
+    if ! readonly-mountpoint /nix/store; then
         mount --bind /nix/store /nix/store
         mount -o remount,ro,bind /nix/store
     fi
+fi
 
 
 # Provide a /etc/mtab.

modules/system/boot/stage-2.nix

@@ -62,6 +62,12 @@ let
   kernel = config.boot.kernelPackages.kernel;
   activateConfiguration = config.system.activationScripts.script;
 
+  readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
+    mkdir -p $out/bin
+    cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
+    strip -s $out/bin/readonly-mountpoint
+  '';
+
   bootStage2 = pkgs.substituteAll {
     src = ./stage-2-init.sh;
     shellDebug = "${pkgs.bashInteractive}/bin/bash";
@@ -73,7 +79,8 @@ let
       [ pkgs.coreutils
         pkgs.utillinux
         pkgs.sysvtools
-      ] ++ optional config.boot.cleanTmpDir pkgs.findutils;
+      ] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
+      ++ optional config.nix.readOnlyStore readonlyMountpoint;
     postBootCommands = pkgs.writeText "local-cmds"
       ''
         ${config.boot.postBootCommands}