Move /etc/static symlink handling to finalize_crypto_mounts()

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 8072cc3081e421695ce0023c3ab0baaed4fd73cc..cfb21c1c3e009c7d1e5f44e9a153e524c4a609d5 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1043,10 +1043,6 @@ def install_sandbox_trees(config: Config, dst: Path) -> None:
     # Ensure /etc exists in the sandbox
     (dst / "etc").mkdir(exist_ok=True)
 
-    # Required to be able to access certificates in the sandbox when running from nix.
-    if Path("/etc/static").is_symlink():
-        (dst / "etc/static").symlink_to(Path("/etc/static").readlink())
-
     if Path("/etc/passwd").exists():
         shutil.copy("/etc/passwd", dst / "etc/passwd")
     if Path("/etc/group").exists():

diff --git a/mkosi/mounts.py b/mkosi/mounts.py
index 29567f2a40413a07c31db25bd90c90572f746b33..01ec0cb474bd134fc18179540414e26aa78559b1 100644 (file)
--- a/mkosi/mounts.py
+++ b/mkosi/mounts.py
@@ -96,13 +96,14 @@ def finalize_crypto_mounts(config: Config) -> list[PathString]:
             Path("etc/ssl"),
             Path("etc/ca-certificates"),
             Path("etc/pacman.d/gnupg"),
+            Path("etc/static"),
             Path("var/lib/ca-certificates"),
         )
         if (root / subdir).exists()
     ]
 
     return flatten(
-        ("--ro-bind", src, target)
+        ("--symlink", src.readlink(), target) if src.is_symlink() else ("--ro-bind", src, target)
         for src, target
         in sorted(set(mounts), key=lambda s: s[1])
     )