aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJade Lovelace <lix@jade.fyi>2024-03-19 19:37:29 -0700
committerjade <lix@jade.fyi>2024-03-25 04:17:14 +0000
commitdee6b757025f0ad5e9f7225269e64e5e7cde8803 (patch)
tree234f7ac0f7ae23885749d097b22f4fcc86ca85b2
parentb3599166ad98c3cad304183bd7cc7bc280522e71 (diff)
Restore system-install profile files from the previous installer
These files are required to get Nix in PATH in existing multi-user installs using the legacy installer. We really could use some tests. Cc: https://git.lix.systems/lix-project/lix/issues/33 This partially reverts commit 93cc063344323a8b0d630d0a67acd121cdc3f86a. Fixes: https://git.lix.systems/lix-project/lix/issues/173 Change-Id: Iafb55280596732670a432f604b897f48562868e4
-rw-r--r--scripts/local.mk2
-rw-r--r--scripts/nix-profile-daemon.fish.in57
-rw-r--r--scripts/nix-profile-daemon.sh.in72
3 files changed, 131 insertions, 0 deletions
diff --git a/scripts/local.mk b/scripts/local.mk
index cf2288bb6..46255e432 100644
--- a/scripts/local.mk
+++ b/scripts/local.mk
@@ -7,5 +7,7 @@ profiledir = $(sysconfdir)/profile.d
$(eval $(call install-file-as, $(d)/nix-profile.sh, $(profiledir)/nix.sh, 0644))
$(eval $(call install-file-as, $(d)/nix-profile.fish, $(profiledir)/nix.fish, 0644))
+$(eval $(call install-file-as, $(d)/nix-profile-daemon.sh, $(profiledir)/nix-daemon.sh, 0644))
+$(eval $(call install-file-as, $(d)/nix-profile-daemon.fish, $(profiledir)/nix-daemon.fish, 0644))
clean-files += $(nix_noinst_scripts)
diff --git a/scripts/nix-profile-daemon.fish.in b/scripts/nix-profile-daemon.fish.in
new file mode 100644
index 000000000..c23aa64f0
--- /dev/null
+++ b/scripts/nix-profile-daemon.fish.in
@@ -0,0 +1,57 @@
+function add_path --argument-names new_path
+ if type -q fish_add_path
+ # fish 3.2.0 or newer
+ fish_add_path --prepend --global $new_path
+ else
+ # older versions of fish
+ if not contains $new_path $fish_user_paths
+ set --global fish_user_paths $new_path $fish_user_paths
+ end
+ end
+end
+
+# Only execute this file once per shell.
+if test -n "$__ETC_PROFILE_NIX_SOURCED"
+ exit
+end
+
+set __ETC_PROFILE_NIX_SOURCED 1
+
+set --export NIX_PROFILES "@localstatedir@/nix/profiles/default $HOME/.nix-profile"
+
+# Populate bash completions, .desktop files, etc
+if test -z "$XDG_DATA_DIRS"
+ # According to XDG spec the default is /usr/local/share:/usr/share, don't set something that prevents that default
+ set --export XDG_DATA_DIRS "/usr/local/share:/usr/share:/nix/var/nix/profiles/default/share"
+else
+ set --export XDG_DATA_DIRS "$XDG_DATA_DIRS:/nix/var/nix/profiles/default/share"
+end
+
+# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
+if test -n "$NIX_SSH_CERT_FILE"
+ : # Allow users to override the NIX_SSL_CERT_FILE
+else if test -e /etc/ssl/certs/ca-certificates.crt # NixOS, Ubuntu, Debian, Gentoo, Arch
+ set --export NIX_SSL_CERT_FILE /etc/ssl/certs/ca-certificates.crt
+else if test -e /etc/ssl/ca-bundle.pem # openSUSE Tumbleweed
+ set --export NIX_SSL_CERT_FILE /etc/ssl/ca-bundle.pem
+else if test -e /etc/ssl/certs/ca-bundle.crt # Old NixOS
+ set --export NIX_SSL_CERT_FILE /etc/ssl/certs/ca-bundle.crt
+else if test -e /etc/pki/tls/certs/ca-bundle.crt # Fedora, CentOS
+ set --export NIX_SSL_CERT_FILE /etc/pki/tls/certs/ca-bundle.crt
+else if test -e "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" # fall back to cacert in Nix profile
+ set --export NIX_SSL_CERT_FILE "$NIX_LINK/etc/ssl/certs/ca-bundle.crt"
+else if test -e "$NIX_LINK/etc/ca-bundle.crt" # old cacert in Nix profile
+ set --export NIX_SSL_CERT_FILE "$NIX_LINK/etc/ca-bundle.crt"
+else
+ # Fall back to what is in the nix profiles, favouring whatever is defined last.
+ for i in $NIX_PROFILES
+ if test -e "$i/etc/ssl/certs/ca-bundle.crt"
+ set --export NIX_SSL_CERT_FILE "$i/etc/ssl/certs/ca-bundle.crt"
+ end
+ end
+end
+
+add_path "@localstatedir@/nix/profiles/default/bin"
+add_path "$HOME/.nix-profile/bin"
+
+functions -e add_path
diff --git a/scripts/nix-profile-daemon.sh.in b/scripts/nix-profile-daemon.sh.in
new file mode 100644
index 000000000..d256b24ed
--- /dev/null
+++ b/scripts/nix-profile-daemon.sh.in
@@ -0,0 +1,72 @@
+# Only execute this file once per shell.
+if [ -n "${__ETC_PROFILE_NIX_SOURCED:-}" ]; then return; fi
+__ETC_PROFILE_NIX_SOURCED=1
+
+NIX_LINK=$HOME/.nix-profile
+if [ -n "${XDG_STATE_HOME-}" ]; then
+ NIX_LINK_NEW="$XDG_STATE_HOME/nix/profile"
+else
+ NIX_LINK_NEW=$HOME/.local/state/nix/profile
+fi
+if [ -e "$NIX_LINK_NEW" ]; then
+ NIX_LINK="$NIX_LINK_NEW"
+else
+ if [ -t 2 ] && [ -e "$NIX_LINK_NEW" ]; then
+ warning="\033[1;35mwarning:\033[0m"
+ printf "$warning Both %s and legacy %s exist; using the latter.\n" "$NIX_LINK_NEW" "$NIX_LINK" 1>&2
+ if [ "$(realpath "$NIX_LINK")" = "$(realpath "$NIX_LINK_NEW")" ]; then
+ printf " Since the profiles match, you can safely delete either of them.\n" 1>&2
+ else
+ # This should be an exceptionally rare occasion: the only way to get it would be to
+ # 1. Update to newer Nix;
+ # 2. Remove .nix-profile;
+ # 3. Set the $NIX_LINK_NEW to something other than the default user profile;
+ # 4. Roll back to older Nix.
+ # If someone did all that, they can probably figure out how to migrate the profile.
+ printf "$warning Profiles do not match. You should manually migrate from %s to %s.\n" "$NIX_LINK" "$NIX_LINK_NEW" 1>&2
+ fi
+ fi
+fi
+
+export NIX_PROFILES="@localstatedir@/nix/profiles/default $NIX_LINK"
+
+# Populate bash completions, .desktop files, etc
+if [ -z "${XDG_DATA_DIRS-}" ]; then
+ # According to XDG spec the default is /usr/local/share:/usr/share, don't set something that prevents that default
+ export XDG_DATA_DIRS="/usr/local/share:/usr/share:$NIX_LINK/share:/nix/var/nix/profiles/default/share"
+else
+ export XDG_DATA_DIRS="$XDG_DATA_DIRS:$NIX_LINK/share:/nix/var/nix/profiles/default/share"
+fi
+
+# Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work.
+if [ -n "${NIX_SSL_CERT_FILE:-}" ]; then
+ : # Allow users to override the NIX_SSL_CERT_FILE
+elif [ -e /etc/ssl/certs/ca-certificates.crt ]; then # NixOS, Ubuntu, Debian, Gentoo, Arch
+ export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+elif [ -e /etc/ssl/ca-bundle.pem ]; then # openSUSE Tumbleweed
+ export NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem
+elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS
+ export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS
+ export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
+else
+ # Fall back to what is in the nix profiles, favouring whatever is defined last.
+ check_nix_profiles() {
+ if [ -n "$ZSH_VERSION" ]; then
+ # Zsh by default doesn't split words in unquoted parameter expansion.
+ # Set local_options for these options to be reverted at the end of the function
+ # and shwordsplit to force splitting words in $NIX_PROFILES below.
+ setopt local_options shwordsplit
+ fi
+ for i in $NIX_PROFILES; do
+ if [ -e "$i/etc/ssl/certs/ca-bundle.crt" ]; then
+ export NIX_SSL_CERT_FILE=$i/etc/ssl/certs/ca-bundle.crt
+ fi
+ done
+ }
+ check_nix_profiles
+ unset -f check_nix_profiles
+fi
+
+export PATH="$NIX_LINK/bin:@localstatedir@/nix/profiles/default/bin:$PATH"
+unset NIX_LINK