Skip to content

Add keepCurrentBootedConfiguration option#443

Open
jbgi wants to merge 1 commit intonix-community:masterfrom
jbgi:keep-safe-generation
Open

Add keepCurrentBootedConfiguration option#443
jbgi wants to merge 1 commit intonix-community:masterfrom
jbgi:keep-safe-generation

Conversation

@jbgi
Copy link

@jbgi jbgi commented Mar 11, 2025
edited
Loading

to always keep booted system configuration in boot menu.

it is mostly a prof of concept (this is my first time writing some rust code) so probably need some work.

This is a fix/workaround for NixOS/nixpkgs#24158 / NixOS/nix#1095 (only when using lanzaboote of course).

@jbgi jbgi force-pushed the keep-safe-generation branch from d3ba3cc to 57a2831 Compare March 11, 2025 14:30
@blitz blitz requested a review from nikstur May 8, 2025 12:05
@blitz
Copy link
Member

blitz commented May 8, 2025

This is a super useful feature and should probably be the default.

@nikstur Do you have bandwidth to do a review here?

@jbgi jbgi force-pushed the keep-safe-generation branch from 57a2831 to 1770f2d Compare July 27, 2025 13:41
@jbgi jbgi force-pushed the keep-safe-generation branch 2 times, most recently from 90c4291 to 86b7cb4 Compare December 12, 2025 09:46
@Majiir
Copy link

Majiir commented Dec 26, 2025

Why should this be a feature of Lanzaboote or any other boot loader? Couldn't this be a feature of nix-env --delete-generations/nix profile wipe-history instead? That way, garbage collection is handled robustly (relying on gcroots to profile generations, not just /run/booted-system which changes on next boot) and boot loaders don't have to be concerned with how generations are managed.

@jbgi jbgi force-pushed the keep-safe-generation branch from 86b7cb4 to f4e76e4 Compare January 4, 2026 12:05
@jbgi
Copy link
Author

jbgi commented Jan 4, 2026

Probably a solution built in NixOS would be ideal, following comment from a lix developer on this matter: https://git.lix.systems/lix-project/lix/issues/723#issuecomment-9321

@nlewo
Copy link
Member

nlewo commented Jan 11, 2026

I also think this should not be done by lanzaboote, especially since this could lead to non bootable entry. For instance:

  1. I boot on /nix/var/nix/profiles/generation-1
  2. I switch to /nix/var/nix/profiles/generation-2
  3. I reboot: /run/booted-system is no longer a link to /nix/var/nix/profiles/generation-1
  4. I garbage collect /nix/var/nix/profiles/generation-1
  5. I reboot: it fails becasue /nix/var/nix/profiles/generation-1 doesn't exist anymore

With this option, lanzaboote would propose to boot on /nix/var/nix/profiles/generation-1 while this generation has been garbage collected...

So, i also think preserving the current booted closure should be handle by deployment tools (nixos-rebuild/nix-env, comin (author here), ...).

@jbgi
Copy link
Author

jbgi commented Jan 11, 2026
edited
Loading

@nlewo The issue of non-bootable entries is not introduced by this patch though. In your scenario, given a configurationLimit >= 2, Generation-1 ends-up being a non-bootable entry, with or without this patch. This patch would just add another entry (in last position, so never the default), namely Generation-SAFE equivalent to Generation-1.
Also your last point (5.) only happen if you chose a non default entry (Generation-1 or Generation-SAFE), just rebooting would boot Generation-2, right?

dasJ
dasJ reviewed Feb 23, 2026
View reviewed changes
@jbgi
Add keepCurrentBootedConfiguration option
329e900 
 to always keep booted system configuration in boot menu.
@jbgi jbgi force-pushed the keep-safe-generation branch from f4e76e4 to 329e900 Compare February 23, 2026 15:27
@jbgi jbgi requested a review from dasJ February 23, 2026 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikstur nikstur Awaiting requested review from nikstur

@dasJ dasJ Awaiting requested review from dasJ

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jbgi @blitz @Majiir @nlewo @dasJ