aboutsummaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2021-04-29darwin: encrypt nix volume if filevault is enabledTravis A. Everett
2021-03-25Merge pull request #4532 from abathur/macos_nixbld_idsDomen Kožar
fix nixbld user name/uid for macOS/darwin
2021-03-23Added Debian-based OS's profilesNicolas Stig124 FORMICHELLA
2021-03-11fix nixbld user name/uid for macOSTravis A. Everett
2021-02-21fix installer scriptDomen Kožar
2021-02-21Generate installer script for each PR/pushDomen Kožar
This works by using Cachix feature of serving a file from a store path.
2021-01-22scripts/install-nix-from-closure: only show progress if a terminal is usedMaximilian Bosch
While the progress dots during the copying of the store work fine on a normal terminal, those look pretty off if the script is run inside a provisioning script of e.g. `vagrant` or `packer` where `stderr` and `stdout` are captured: default: . default: .. default: . default: . default: . To work around this, the script checks with `-t 0` if it's running on an actual terminal and doesn't show the progress if that's not the case.
2020-12-04Use com.apple.oahd.plist for rosetta 2 detectionMatthew Bauer
2020-12-02Call it aarch64-darwin instead of arm64-darwinMatthew Bauer
gnu-config standardized on aarch64 for machine name so host_cpu part of $system will always be aarch64. That means system will be aarch64-darwin too. uname however could report either “aarch64” (if gnu coreutils) or “arm64” (if apple’s uname). We should support both for compatiblity here.
2020-12-02Check for rosetta 2 support before installingMatthew Bauer
2020-11-21installer: simplify the per-build installationzimbatm
The goal is to allow the installation and testing of arbitrary Nix versions. Extend the base installer to accept a `--tarball-url-prefix <url>` to change where the Nix tarball is getting downloaded from. Once this is merged it should allow to: 1. Pick an evaluation at https://hydra.nixos.org/jobset/nix/master that looks healthy 2. Select the installedScript build and find the store path. Now equipped with all of this, use an instance of nar-serve to fetch the install script and release tarballs: curl -sfL https://nar-serve.numtide.com/nix/store/rkv4yh7pym941bhj0849zqdkg2546bdv-installer-script/install \ | sh --tarball-url-prefix https://nar-serve.numtide.com/nix/store Or with cachix, strip the /nix/store and derivation name and then: curl -sfL https://mycache.cachix.org/serve/rkv4yh7pym941bhj0849zqdkg2546bdv/install \ | sh --tarball-url-prefix https://mycache.cachix.org/serve Fixes #4047
2020-11-17Merge pull request #4171 from YorikSar/zsh-nix-profilesEelco Dolstra
Fix iterating over $NIX_PROFILES in Zsh
2020-11-10enable Darwin.arm64 to install x86_64 binaryTravis A. Everett
Throwing @thefloweringash under the bus if this doesn't work, but it sounds like Apple Silicon devices can use the x86_64 binary for now. Fixes #4058
2020-10-21Fix iterating over $NIX_PROFILES in ZshYuriy Taraday
NIX_PROFILES is space separated list of directories, and passing it into for as is is considered to be 1-element list with the whole string. With shwordsplit option Zsh emulates other shells in this regard ans implicitely splits unquoted strings into words. Fixes #4167.
2020-10-20Merge pull request #3996 from abathur/macos_big_sur_fixesDomen Kožar
Macos big sur installer fixes
2020-10-19discourage casual Big Sur installsTravis A. Everett
2020-10-19create missing profile files to fix zsh envvarsTravis A. Everett
Env vars for ZSH were moved from /etc/zshrc to /etc/zshenv in #3608 to address an issue with zshrc getting clobbered by OS updates, but /etc/zshenv doesn't exist by default--so *nothing* would get set up for zsh users unless they already happened to have /etc/zshenv. Creating these files if they don't exist. Also cut separate creation of profile.d/nix.sh, which isn't needed now.
2020-10-19fix skipped multi-user install steps on macOSTravis A. Everett
Some of the changes in #3788 to support non-systemd Nix installs don't appear to be aware that the darwin installer exists, which resulted in some skipped steps and inappropriate instructions.
2020-10-19adapt to apfs.util flag diff in catalina/big surTravis A. Everett
Fixes #3957. Just runs both forms to minimize moving parts.
2020-10-19replace xpath with xmllint --xpath; simplifyTravis A. Everett
As mentioned in previous commit, Big Sur changes the syntax for the xpath command slightly. In the process of testing out replacements for these, I noticed a few small simplification wins.
2020-10-19fix xpath and conditional bugs; xpath -> xmllintTravis A. Everett
- xpath -> xmllint: xpath's cli interface changed in Big Sur rather than add conditional logic for picking the correct syntax for xpath, I'm changing to xmllint --xpath, which appears to be consistent across versions I've tested... - /plist/dict/key[text()='Writable']/following-sibling::true[1] doesn't do quite what's expected. It was written to try to select a <true /> node paired with the Writable key, but it will also select the *next* <true /> node that appears even if it was paired with another key. - I think there's also a logic bug in the conditionals here. I'm not sure anyone ever actuall saw it, thanks to the xpath bug, though. With the xpath fix, this conditional passes if /nix does not exist, / IS writable, and the version is Catalina+. I think it meant to test for /nix does not exist, / is NOT writable, and the version is Catalina+. I reworked this lightly to make it a little clearer at the code level.
2020-10-19update macOS version handling for Big SurTravis A. Everett
Keeping this commit narrow for reviewability, but some of these conditionals will change in subsequent commits in this PR. Fixes #3852.
2020-09-30Installer: Set a known umaskEelco Dolstra
Fixes #1560, #2377.
2020-07-31Merge pull request #3788 from crinklywrappr/masterEelco Dolstra
Add a script to install nix on non-systemd systems.
2020-07-18Add newline to profile sourcing line #3393Alex Kovar
2020-07-07merged systemd installer with non-systemd installer.Daniel Fitzpatrick
2020-07-06Add a script to install nix on non-systemd systems.Daniel Fitzpatrick
2020-06-23docs/installer: add correct curl flagsJörg Thalheim
also see https://nixos.org/download.html
2020-05-27installer: don't require xz on darwinDaiderd Jordan
On macOS the system tar has builtin support for lzma while xz isn't available as a separate binary. There's no builtin package manager there available either so having to install lzma (without nix) would be rather painful.
2020-05-27Merge pull request #3608 from surajbarkale/patch-1Eelco Dolstra
Use /etc/zshenv instead of /etc/zshrc for profile
2020-05-26installer: fix unused variableDomen Kožar
2020-05-26Fix installer script bugsDomen Kožar
- --no-channel-add didn't have effect on multi-user installation - some new flags didn't work at all - document all installer flags
2020-05-25Merge pull request #3375 from domenkozar/multi-user-countDomen Kožar
install-multi-user: allow overriding user count
2020-05-25Allow passing extra nix.conf to installerDomen Kožar
2020-05-25install-multi-user: allow overriding user countDomen Kožar
2020-05-23scripts/create-darwin-volume.sh: remove unused variableDomen Kožar
2020-05-22Use /etc/zshenv instead of /etc/zshrc for profileSuraj Barkale
As noted in https://github.com/NixOS/nix/issues/3456 the `/etc/zshenv` file provides a better place for sourcing the nix environment.
2020-05-21installer: don't clobber synthetic.confDaiderd Jordan
2020-05-21focus on golden-path covering most scenariosTravis A. Everett
This should handle installation scenarios we can handle with anything resembling confidence. Goal is approximating the existing setup--not enforcing a best-practice... Approaches (+ installer-handled, - manual) and configs each covers: + no change needed; /nix OK on boot volume: All pre-Catalina (regardless of T2 or FileVault use) + create new unencrypted volume: Catalina, pre-T2, no FileVault + create new encrypted-at-rest volume: Catalina, pre-T2, FileVault Catalina, T2, no FileVault - require user to pre-create encrypted volume Catalina, T2, FileVault
2020-05-21installer: refuse apfs volume creation when FileVault is enabledDaiderd Jordan
2020-05-21install: make synthetic.conf and fstab checks stricterDaiderd Jordan
2020-05-21install: improve output and error handlingDaiderd Jordan
2020-05-21install: hide the store volume on darwinDaiderd Jordan
2020-05-21install: show macOS 10.15 message with --daemonDaiderd Jordan
2020-05-21install: also configure ~/.zshenvDaiderd Jordan
The default login shell for users on macOS 10.15 changed from bash to zsh. So while generally nonstandard we need to configure it to make nix function out of the box on macOS.
2020-05-21install: configure and bootstrap synthetic.conf on darwinDaiderd Jordan
Starting macOS 10.15 /nix can't be creasted directly anymore due to the readonly filesystem, but synthetic.conf was introduced to enable creating mountpoints or symlinks for special usecases like package managers.
2020-05-12Expose installer configuration environment variables via command line flagsPavol Rusnak
2020-05-12Introduce NIX_INSTALLER_NO_CHANNEL_ADD which skips nix-channel --addPavol Rusnak
2020-03-24installer: Fix terminal colors.Greg Price
The install-multi-user script uses blue, green, and red colors, as well as bold and underline, to add helpful formatting that helps structure its rather voluminous output. Unfortunately, the terminal escape sequences it uses are not quite well-formed. The relevant information is all there, just obscured by some extra noise, a leading parameter `38`. Empirically, the result is: * On macOS, in both Terminal.app and iTerm2, the spurious `38` is ignored, the rest of the escape sequence is applied, and the colors show up as intended. * On Linux, in at least gnome-terminal and xterm, the spurious `38` and the next parameter after it are ignored, and what's left is applied. So in the sequence `38;4;32`, the 4 (underline) is ignored but the 32 (green) takes effect; in a more typical sequence like `38;34`, the 34 (blue) is ignored and nothing happens. These codes are all unchanged since this script's origins as a Darwin-only script -- so the fact that they work fine in common macOS terminals goes some way to explain how the bug arose. Happily, we can make the colors work as intended by just deleting the extra `38;`. Tested in all four terminals mentioned above; the new codes work correctly on all of them, and on the two macOS terminals they work exactly the same as before. --- In a bit more technical detail -- perhaps more than anyone, me included, ever wanted to know, but now that I've gone and learned it I'll write it down anyway :) -- here's what's happening in these codes: An ECMA-48 "control sequence" begins with `\033[` aka "CSI", contains any number of parameters as semicolon-separated decimal numbers (plus sometimes other wrinkles), and ends with a byte from 0x40..0x7e. In our case, with `m` aka "SGR", "Select Graphic Rendition". An SGR control sequence `\033[...m` sets colors, fonts, text styles, etc. In particular a parameter `31` means red, `32` green, `34` blue, `4` underline, and `0` means reset to normal. Those are all we use. There is also a `38`. This is used for setting colors too... but it needs arguments. `38;5;nn` is color nn from a 256-color palette, and `38;2;rr;gg;bb` has the given RGB values. There is no meaning defined for `38;1` or `38;34` etc. On seeing a parameter `38` followed by an unrecognized argument for it, apparently some implementations (as seen on macOS) discard only the `38` and others (as seen on Linux) discard the argument too before resuming.
2020-03-22installer: Set files read-only when copying into storeGreg Price
After installing Nix, I found that all the files and directories initially copied into the store were writable, with mode 644 or 755: drwxr-xr-x 9 root root 4096 Dec 31 1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3 The reason is that that's how they were in the unpacked tarball, and the install-multi-user script used `rsync -p` without doing anything else to affect the permissions. The plain `install` script for a single-user install takes care to do a `chmod -R a-w` on each store path copied. We could do the same here with one more command; or we can pass `--chmod` to rsync, to have it write the files with the desired modes in the first place. Tested the new `rsync` command on both a Linux machine with a reasonably-modern rsync (3.1.3) and a Mac with its default, ancient, rsync 2.6.9, and it works as expected on both. Thankfully the latter is just new enough to have `--chmod`, which dates to rsync 2.6.7.