aboutsummaryrefslogtreecommitdiff
path: root/scripts/install-nix-from-closure.sh
diff options
context:
space:
mode:
authorTravis A. Everett <travis.a.everett@gmail.com>2020-11-27 16:42:15 -0600
committerTravis A. Everett <travis.a.everett@gmail.com>2021-04-29 13:26:51 -0500
commiteab14a642cbcbc35f4473888d906f9de7deda07b (patch)
tree785a18f66e1d02c7480ab733e9b68241d729951d /scripts/install-nix-from-closure.sh
parentdc6a8f154856be4a969fc9a03ff2aa0529abbbf9 (diff)
darwin: encrypt nix volume if filevault is enabled
Diffstat (limited to 'scripts/install-nix-from-closure.sh')
-rw-r--r--scripts/install-nix-from-closure.sh93
1 files changed, 40 insertions, 53 deletions
diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh
index 0ee7ce5af..734f0c800 100644
--- a/scripts/install-nix-from-closure.sh
+++ b/scripts/install-nix-from-closure.sh
@@ -26,18 +26,9 @@ fi
# macOS support for 10.12.6 or higher
if [ "$(uname -s)" = "Darwin" ]; then
- IFS='.' read macos_major macos_minor macos_patch << EOF
+ IFS='.' read -r macos_major macos_minor macos_patch << EOF
$(sw_vers -productVersion)
EOF
- # TODO: this is a temporary speed-bump to keep people from naively installing Nix
- # on macOS Big Sur (11.0+, 10.16+) until nixpkgs updates are ready for them.
- # *Ideally* this is gone before next Nix release. If you're intentionally working on
- # Nix + Big Sur, just comment out this block and be on your way :)
- if [ "$macos_major" -gt 10 ] || { [ "$macos_major" -eq 10 ] && [ "$macos_minor" -gt 15 ]; }; then
- echo "$0: nixpkgs isn't quite ready to support macOS $(sw_vers -productVersion) yet"
- exit 1
- fi
-
if [ "$macos_major" -lt 10 ] || { [ "$macos_major" -eq 10 ] && [ "$macos_minor" -lt 12 ]; } || { [ "$macos_minor" -eq 12 ] && [ "$macos_patch" -lt 6 ]; }; then
# patch may not be present; command substitution for simplicity
echo "$0: macOS $(sw_vers -productVersion) is not supported, upgrade to 10.12.6 or higher"
@@ -46,21 +37,40 @@ EOF
fi
# Determine if we could use the multi-user installer or not
-if [ "$(uname -s)" = "Darwin" ]; then
- echo "Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation" >&2
-elif [ "$(uname -s)" = "Linux" ]; then
+if [ "$(uname -s)" = "Linux" ]; then
echo "Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation" >&2
fi
-INSTALL_MODE=no-daemon
-CREATE_DARWIN_VOLUME=0
+case "$(uname -s)" in
+ "Darwin")
+ INSTALL_MODE=daemon;;
+ *)
+ INSTALL_MODE=no-daemon;;
+esac
+
+# space-separated string
+ACTIONS=
+
# handle the command line flags
while [ $# -gt 0 ]; do
case $1 in
--daemon)
- INSTALL_MODE=daemon;;
+ INSTALL_MODE=daemon
+ ACTIONS="${ACTIONS}install "
+ ;;
--no-daemon)
- INSTALL_MODE=no-daemon;;
+ if [ "$(uname -s)" = "Darwin" ]; then
+ printf '\e[1;31mError: --no-daemon installs are no-longer supported on Darwin/macOS!\e[0m\n' >&2
+ exit 1
+ fi
+ INSTALL_MODE=no-daemon
+ # intentional tail space
+ ACTIONS="${ACTIONS}install "
+ ;;
+ # --uninstall)
+ # # intentional tail space
+ # ACTIONS="${ACTIONS}uninstall "
+ # ;;
--no-channel-add)
export NIX_INSTALLER_NO_CHANNEL_ADD=1;;
--daemon-user-count)
@@ -69,13 +79,18 @@ while [ $# -gt 0 ]; do
--no-modify-profile)
NIX_INSTALLER_NO_MODIFY_PROFILE=1;;
--darwin-use-unencrypted-nix-store-volume)
- CREATE_DARWIN_VOLUME=1;;
+ {
+ echo "Warning: the flag --darwin-use-unencrypted-nix-store-volume"
+ echo " is no longer needed and will be removed in the future."
+ echo ""
+ } >&2;;
--nix-extra-conf-file)
- export NIX_EXTRA_CONF="$(cat $2)"
+ # shellcheck disable=SC2155
+ export NIX_EXTRA_CONF="$(cat "$2")"
shift;;
*)
- (
- echo "Nix Installer [--daemon|--no-daemon] [--daemon-user-count INT] [--no-channel-add] [--no-modify-profile] [--darwin-use-unencrypted-nix-store-volume] [--nix-extra-conf-file FILE]"
+ {
+ echo "Nix Installer [--daemon|--no-daemon] [--daemon-user-count INT] [--no-channel-add] [--no-modify-profile] [--nix-extra-conf-file FILE]"
echo "Choose installation method."
echo ""
@@ -101,45 +116,16 @@ while [ $# -gt 0 ]; do
if [ -n "${INVOKED_FROM_INSTALL_IN:-}" ]; then
echo " --tarball-url-prefix URL: Base URL to download the Nix tarball from."
fi
- ) >&2
-
- # darwin and Catalina+
- if [ "$(uname -s)" = "Darwin" ] && { [ "$macos_major" -gt 10 ] || { [ "$macos_major" -eq 10 ] && [ "$macos_minor" -gt 14 ]; }; }; then
- (
- echo " --darwin-use-unencrypted-nix-store-volume: Create an APFS volume for the Nix"
- echo " store and mount it at /nix. This is the recommended way to create"
- echo " /nix with a read-only / on macOS >=10.15."
- echo " See: https://nixos.org/nix/manual/#sect-macos-installation"
- echo ""
- ) >&2
- fi
+ } >&2
+
exit;;
esac
shift
done
-if [ "$(uname -s)" = "Darwin" ]; then
- if [ "$CREATE_DARWIN_VOLUME" = 1 ]; then
- printf '\e[1;31mCreating volume and mountpoint /nix.\e[0m\n'
- "$self/create-darwin-volume.sh"
- fi
-
- writable="$(diskutil info -plist / | xmllint --xpath "name(/plist/dict/key[text()='Writable']/following-sibling::*[1])" -)"
- if ! [ -e $dest ] && [ "$writable" = "false" ]; then
- (
- echo ""
- echo "Installing on macOS >=10.15 requires relocating the store to an apfs volume."
- echo "Use sh <(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume or run the preparation steps manually."
- echo "See https://nixos.org/nix/manual/#sect-macos-installation"
- echo ""
- ) >&2
- exit 1
- fi
-fi
-
if [ "$INSTALL_MODE" = "daemon" ]; then
printf '\e[1;31mSwitching to the Multi-user Installer\e[0m\n'
- exec "$self/install-multi-user"
+ exec "$self/install-multi-user" $ACTIONS # let ACTIONS split
exit 0
fi
@@ -194,6 +180,7 @@ if ! "$nix/bin/nix-store" --load-db < "$self/.reginfo"; then
exit 1
fi
+# shellcheck source=./nix-profile.sh.in
. "$nix/etc/profile.d/nix.sh"
if ! "$nix/bin/nix-env" -i "$nix"; then