feat: add --extra-files and --chown parameters (#752)

* feat: add --extra-files and --chown parameters

Signed-off-by: Nikolaos Karaolidis <[email protected]>

* add test

* fix nix run invocation

---------

Signed-off-by: Nikolaos Karaolidis <[email protected]>
Co-authored-by: nzbr <[email protected]>

Author: karaolidis

docs/src/building.md

@@ -2,8 +2,7 @@
 
 This requires access to a system that already has Nix installed. Please refer to the [Nix installation guide](https://nixos.org/guides/install-nix.html) if that\'s not the case.
 
-If you have a flakes-enabled Nix, you can use the following command to
-build your own tarball instead of relying on a prebuilt one:
+If you have a flakes-enabled Nix, you can use the following command to build your own tarball instead of relying on a prebuilt one:
 
 ```sh
 sudo nix run github:nix-community/NixOS-WSL#nixosConfigurations.default.config.system.build.tarballBuilder
@@ -19,7 +18,52 @@ Without a flakes-enabled Nix, you can build a tarball using:
 
 ```sh
 nix-build -A nixosConfigurations.default.config.system.build.tarballBuilder && sudo ./result/bin/nixos-wsl-tarball-builder
-
 ```
 
 The resulting tarball can then be found under `nixos.wsl`.
+
+## Copying files to the new installation
+
+The tarball builder supports copying in extra files and fixing up ownership before the tarball is packed.
+
+### `--extra-files <path>`
+
+The `--extra-files <path>` option allows copying files into the target root after installation.
+
+The contents of `<path>` are recursively copied and overwrite the target\'s root (`/`). The structure and permissions of `<path>` should already match how you want them on the target.
+
+For example, if you want to copy your SSH host key, you can prepare a directory structure like this:
+
+```sh
+root=$(mktemp -d)
+sudo mkdir -p $root/etc/ssh
+sudo cp /etc/ssh/ssh_host_ed25519_key $root/etc/ssh
+```
+
+Then run:
+
+```sh
+sudo nix run github:nix-community/NixOS-WSL#nixosConfigurations.default.config.system.build.tarballBuilder -- --extra-files $root
+```
+
+By default, everything ends up owned by root.
+
+### `--chown <path> <uid:gid>`
+
+The `--chown` option allows adjusting ownership of directories or files inside the tarball after they\'re copied.
+
+For example:
+
+```sh
+sudo nix run github:nix-community/NixOS-WSL#nixosConfigurations.default.config.system.build.tarballBuilder -- \
+  --extra-files ./extra \
+  --chown /home/myuser 1000:100
+```
+
+This is equivalent to running inside the tarball root:
+
+```sh
+chown -R 1000:100 /home/myuser
+```
+
+The `--chown` option can be used multiple times to set ownership for different paths. Only use this when you can guarantee what the UID/GID will be on the target system.

modules/build-tarball.nix

@@ -77,20 +77,77 @@ in
       ];
 
       text = ''
+        usage() {
+          echo "Usage: $0 [--extra-files PATH] [--chown PATH UID:GID] [output.tar.gz]"
+          exit 1
+        }
+
         if ! [ $EUID -eq 0 ]; then
           echo "This script must be run as root!"
           exit 1
         fi
 
         # Use .wsl extension to support double-click installs on recent versions of Windows
-        out=''${1:-nixos.wsl}
+        out="nixos.wsl"
+        extra_files=""
+
+        declare -A chowns=()
+        positionals=()
+
+        while [ $# -gt 0 ]; do
+          case "$1" in
+            --extra-files)
+              shift
+              extra_files="$1"
+              ;;
+            --chown)
+              shift
+              path="$1"
+              shift
+              perms="$1"
+              chowns["$path"]="$perms"
+              ;;
+            -*)
+              echo "Unknown option: $1"
+              usage
+              ;;
+            *)
+              positionals+=("$1")
+              ;;
+          esac
+          shift
+        done
+
+        if [ ''${#positionals[@]} -gt 1 ]; then
+          echo "Too many positional arguments: ''${positionals[*]}"
+          usage
+        fi
+
+        if [ ''${#positionals[@]} -gt 0 ]; then
+          out="''${positionals[0]}"
+        fi
 
         root=$(mktemp -p "''${TMPDIR:-/tmp}" -d nixos-wsl-tarball.XXXXXXXXXX)
         # FIXME: fails in CI for some reason, but we don't really care because it's CI
         trap 'chattr -Rf -i "$root" || true && rm -rf "$root" || true' INT TERM EXIT
 
+        if [ -n "$extra_files" ]; then
+          if ! [ -d "$extra_files" ]; then
+            echo "The path passed to --extra-files must be a directory"
+            exit 1
+          fi
+
+          echo "[NixOS-WSL] Copying extra files to $root..."
+          cp --verbose --archive --no-preserve=ownership --no-target-directory "$extra_files" "$root"
+        fi
+
         chmod o+rx "$root"
 
+        for path in "''${!chowns[@]}"; do
+          echo "[NixOS-WSL] Setting ownership for $path to ''${chowns[$path]}"
+          chown -R "''${chowns[$path]}" "$root/$path"
+        done
+
         echo "[NixOS-WSL] Installing..."
         nixos-install \
           --root "$root" \
@@ -119,8 +176,6 @@ in
           -c \
           --sort=name \
           --mtime='@1' \
-          --owner=0 \
-          --group=0 \
           --numeric-owner \
           --hard-dereference \
           . \

tests/extra-files.Tests.ps1

@@ -0,0 +1,51 @@
+BeforeAll {
+  . $PSScriptRoot/lib/lib.ps1
+}
+
+Describe "Extra Files" {
+  BeforeAll {
+    $distro = [Distro]::new()
+    $tmpdir = New-TemporaryFile
+    Remove-Item $tmpdir
+    $tmpdir = New-Item -ItemType Directory -Path $tmpdir.FullName
+    $tarball = "$tmpdir/nixos.wsl"
+    $Global:distroWithExtras = $null
+  }
+
+  It "should be possible to build a tarball with extra files" {
+    $distro.Launch("nix-build -A config.system.build.tarballBuilder '<nixpkgs/nixos>'")
+
+    $distro.Launch("mkdir -p extra-files/root")
+    $distro.Launch("mkdir -p extra-files/home/nixos")
+    $distro.Launch("echo 'extra' > extra-files/root/extra-file")
+    $distro.Launch("echo 'extra' > extra-files/home/nixos/extra-file")
+
+    $distro.Launch("sudo ./result/bin/nixos-wsl-tarball-builder --extra-files extra-files --chown /home/nixos/extra-file 1000:100 $($distro.GetPath($tarball))")
+
+    $tarball | Should -Exist
+  }
+
+  It "should be possible to import the tarball" {
+    $tarball | Should -Exist
+    Write-Host $tarball
+    $Global:distroWithExtras = [Distro]::new($tarball)
+  }
+
+  It "should be possible to read the extra files in the new installation" {
+    $Global:distroWithExtras.Launch("cat /home/nixos/extra-file") | Select-Object -Last 1 | Should -BeExactly "extra"
+
+    $Global:distroWithExtras.Launch("cat /root/extra-file")
+    $LASTEXITCODE | Should -Not -Be 0
+    $Global:distroWithExtras.Launch("sudo cat /root/extra-file") | Select-Object -Last 1 | Should -BeExactly "extra"
+  }
+
+  AfterAll {
+    $distro.Uninstall()
+    if (Test-Path $tmpdir) {
+      Remove-Item -Recurse $tmpdir
+    }
+    if ($Global:distroWithExtras -ne $null) {
+      $Global:distroWithExtras.Uninstall()
+    }
+  }
+}

tests/lib/lib.ps1

@@ -21,11 +21,19 @@ class Distro {
 
   Distro() {
     $tarball = $this.FindTarball()
+    $this.Setup($tarball)
+  }
+
+  Distro([string]$tarball) {
+    $this.Setup($tarball)
+  }
 
+  hidden [void]Setup([string]$tarball) {
     $this.id = $(New-Guid).ToString()
     $this.tempdir = Join-Path $([System.IO.Path]::GetTempPath()) $this.id
     New-Item -ItemType Directory $this.tempdir
 
+    Write-Host ">" wsl.exe --import $this.id $this.tempdir $tarball --version 2
     & wsl.exe --import $this.id $this.tempdir $tarball --version 2 | Write-Host
     if ($LASTEXITCODE -ne 0) {
       throw "Failed to import distro"