aboutsummaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2020-05-23scripts/create-darwin-volume.sh: remove unused variableDomen Kožar
2020-05-22Use /etc/zshenv instead of /etc/zshrc for profileSuraj Barkale
As noted in https://github.com/NixOS/nix/issues/3456 the `/etc/zshenv` file provides a better place for sourcing the nix environment.
2020-05-21installer: don't clobber synthetic.confDaiderd Jordan
2020-05-21focus on golden-path covering most scenariosTravis A. Everett
This should handle installation scenarios we can handle with anything resembling confidence. Goal is approximating the existing setup--not enforcing a best-practice... Approaches (+ installer-handled, - manual) and configs each covers: + no change needed; /nix OK on boot volume: All pre-Catalina (regardless of T2 or FileVault use) + create new unencrypted volume: Catalina, pre-T2, no FileVault + create new encrypted-at-rest volume: Catalina, pre-T2, FileVault Catalina, T2, no FileVault - require user to pre-create encrypted volume Catalina, T2, FileVault
2020-05-21installer: refuse apfs volume creation when FileVault is enabledDaiderd Jordan
2020-05-21install: make synthetic.conf and fstab checks stricterDaiderd Jordan
2020-05-21install: improve output and error handlingDaiderd Jordan
2020-05-21install: hide the store volume on darwinDaiderd Jordan
2020-05-21install: show macOS 10.15 message with --daemonDaiderd Jordan
2020-05-21install: also configure ~/.zshenvDaiderd Jordan
The default login shell for users on macOS 10.15 changed from bash to zsh. So while generally nonstandard we need to configure it to make nix function out of the box on macOS.
2020-05-21install: configure and bootstrap synthetic.conf on darwinDaiderd Jordan
Starting macOS 10.15 /nix can't be creasted directly anymore due to the readonly filesystem, but synthetic.conf was introduced to enable creating mountpoints or symlinks for special usecases like package managers.
2020-05-12Expose installer configuration environment variables via command line flagsPavol Rusnak
2020-05-12Introduce NIX_INSTALLER_NO_CHANNEL_ADD which skips nix-channel --addPavol Rusnak
2020-03-24installer: Fix terminal colors.Greg Price
The install-multi-user script uses blue, green, and red colors, as well as bold and underline, to add helpful formatting that helps structure its rather voluminous output. Unfortunately, the terminal escape sequences it uses are not quite well-formed. The relevant information is all there, just obscured by some extra noise, a leading parameter `38`. Empirically, the result is: * On macOS, in both Terminal.app and iTerm2, the spurious `38` is ignored, the rest of the escape sequence is applied, and the colors show up as intended. * On Linux, in at least gnome-terminal and xterm, the spurious `38` and the next parameter after it are ignored, and what's left is applied. So in the sequence `38;4;32`, the 4 (underline) is ignored but the 32 (green) takes effect; in a more typical sequence like `38;34`, the 34 (blue) is ignored and nothing happens. These codes are all unchanged since this script's origins as a Darwin-only script -- so the fact that they work fine in common macOS terminals goes some way to explain how the bug arose. Happily, we can make the colors work as intended by just deleting the extra `38;`. Tested in all four terminals mentioned above; the new codes work correctly on all of them, and on the two macOS terminals they work exactly the same as before. --- In a bit more technical detail -- perhaps more than anyone, me included, ever wanted to know, but now that I've gone and learned it I'll write it down anyway :) -- here's what's happening in these codes: An ECMA-48 "control sequence" begins with `\033[` aka "CSI", contains any number of parameters as semicolon-separated decimal numbers (plus sometimes other wrinkles), and ends with a byte from 0x40..0x7e. In our case, with `m` aka "SGR", "Select Graphic Rendition". An SGR control sequence `\033[...m` sets colors, fonts, text styles, etc. In particular a parameter `31` means red, `32` green, `34` blue, `4` underline, and `0` means reset to normal. Those are all we use. There is also a `38`. This is used for setting colors too... but it needs arguments. `38;5;nn` is color nn from a 256-color palette, and `38;2;rr;gg;bb` has the given RGB values. There is no meaning defined for `38;1` or `38;34` etc. On seeing a parameter `38` followed by an unrecognized argument for it, apparently some implementations (as seen on macOS) discard only the `38` and others (as seen on Linux) discard the argument too before resuming.
2020-03-22installer: Set files read-only when copying into storeGreg Price
After installing Nix, I found that all the files and directories initially copied into the store were writable, with mode 644 or 755: drwxr-xr-x 9 root root 4096 Dec 31 1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3 The reason is that that's how they were in the unpacked tarball, and the install-multi-user script used `rsync -p` without doing anything else to affect the permissions. The plain `install` script for a single-user install takes care to do a `chmod -R a-w` on each store path copied. We could do the same here with one more command; or we can pass `--chmod` to rsync, to have it write the files with the desired modes in the first place. Tested the new `rsync` command on both a Linux machine with a reasonably-modern rsync (3.1.3) and a Mac with its default, ancient, rsync 2.6.9, and it works as expected on both. Thankfully the latter is just new enough to have `--chmod`, which dates to rsync 2.6.7.
2020-03-21installer: also test for xz to unpackPhilipp Middendorf
2020-03-11README, error msg: http -> httpsRobert Hensing
2020-03-11nixos.org/releases -> releases.nixos.orgEelco Dolstra
2020-01-23installer: Handle edge case where the nix-daemon is already running on the ↵Rovanion Luckey
system On a systemd-based Linux distribution: If the user has previously had multi-user Nix installed on the system, removed it and then reinstalled multi-user Nix again the old nix-daemon.service will still be running when `scripts/install-systemd-multi-user.sh` tries to start it which results in nothing being done and the old daemon continuing its run. When a normal user then tries to use Nix through the daemon the nix binary will fail to connect to the nix-daemon as it does not belong to the currently installed Nix system. See below for steps to reproduce the issue that motivated this change. $ sh <(curl https://nixos.org/nix/install) --daemon $ sudo rm -rf /etc/nix /nix /root/.nix-profile /root/.nix-defexpr /root/.nix-channels /home/nix-installer/.nix-profile /home/nix-installer/.nix-defexpr /home/nix-installer/.nix-channels ~/.nix-channels ~/.nix-defexpr/ ~/.nix-profile /etc/profile.d/nix.sh.backup-before-nix /etc/profile.d/nix.sh; sed -i '/added by Nix installer$/d' ~/.bash_profile $ unset NIX_REMOTE $ sh <(curl https://nixos.org/nix/install) --daemon └$ export NIX_REMOTE=daemon └$ nix-env -iA nixpkgs.hello installing 'hello-2.10' error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': No such file or directory (use '--show-trace' to show detailed location information) └$ sudo systemctl restart nix-daemon.service └$ nix-env -iA nixpkgs.hello installing 'hello-2.10' these paths will be fetched (6.09 MiB download, 27.04 MiB unpacked): /nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10 /nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27 copying path '/nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27' from 'https://cache.nixos.org'... copying path '/nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10' from 'https://cache.nixos.org'... building '/nix/store/w9adagg6vlikr799nkkqc9la5hbbpgmi-user-environment.drv'... created 2 symlinks in user environment
2019-12-22Pass -J to tar for xz decompressionMichael Forney
Some tar implementations can't auto-detect compression formats, so they must be specified explicitly.
2019-12-21Pass -P to cp to preserve symlinksMichael Forney
This is commonly the default behavior with -R, but POSIX leaves the default unspecified.
2019-11-22Provide a default value for NIX_PATHEelco Dolstra
2019-11-22Remove $NIX_USER_PROFILE_DIREelco Dolstra
This is not used anywhere.
2019-10-23install-multi-user.sh: Remove unused variablesEelco Dolstra
https://hydra.nixos.org/build/104119659
2019-10-19Fix unset variable in installerSteven Shaw
2019-10-09TypoEelco Dolstra
2019-10-09nix-env: Create ~/.nix-defexpr automaticallyEelco Dolstra
2019-10-09nix-profile.sh: Remove coreutils dependencyEelco Dolstra
2019-10-09nix-env: Create ~/.nix-profile automaticallyEelco Dolstra
2019-10-09nix-profile.sh: Don't create .nix-channelsEelco Dolstra
This is already done by the installer, so no need to do it again.
2019-10-09Remove some redundant initializationEelco Dolstra
2019-10-09Remove world-writability from per-user directoriesEelco Dolstra
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
2019-10-08Make preexisting Nix install a warning, not a failureMatthew Bauer
In the multi-user install script, we originally made sure no previous references to Nix existed. This prevented any previous installs from contaminating the new install. However, some users need the ability to repair their existing Nix installation without uninstalling all references to Nix. This change allows users with existing Nix installations to use the installer, while still outputing a warning message on the dangers of this. As a result, the multi-user install script work much more like the single-user install script has worked in the past. This is a requirement for macOS Catalina users now that /Library/LaunchDaemons/org.nixos.nix-daemon.plisg is not managed by the Nix store. If there is ever a change to the .plist, all users will need to rerun this install script to get the new changes. Otherwise, changes to the launch daemon will require manual interventions.
2019-10-08Copy instead of linking launch agentMatthew Bauer
On Catalina, the /nix filesystem might not be mounted at start time. To avoid this service not starting, we need to keep the launch agent outside of the Nix store. A wait4pid will hold for our /nix dir to be mounted. Fixes #3125.
2019-08-28Merge pull request #2745 from samueldr/install/detect-systemd-separatelyEelco Dolstra
install-multi-user: Detect and fail lack of systemd separately
2019-08-28Merge pull request #3054 from matthewbauer/nix-dir-macosEelco Dolstra
Allow empty /nix directory in multi-user installer
2019-08-27Compress binary tarballs using xzEelco Dolstra
Fixes https://github.com/NixOS/nix/issues/240. Apparently 'tar -xf' can decompress xz files on macOS nowadays.
2019-08-24installer: handle network proxy in systemd installVenkateswara Rao Mandela
If a network proxy configuration is detected, setup an override systemd unit file for nix-daemon service with the non-empty proxy variables. Proxy detection is performed by looking for http/https/ftp proxy and no proxy variables in user environment
2019-08-22Allow empty /nix directory in multi-user installerMatthew Bauer
With macOS catalina, we can no longer modify the root system volume (#2925). macOS provides a system configuration file in synthetic.conf(5) to create empty root directories. This can be used to mount /nix to a separate volume. As a result, this directory will need to already exist prior to installation. Instead, check for /nix/store and /nix/var for a live Nix installation.
2019-07-25Add default for USER when unsetMatthew Bauer
uses $(id -u -n) when USER is unset, this is needed on some weird setups in Docker. Fixes #971
2019-06-17Merge pull request #2746 from bjornfor/install-multi-user-defaultsEelco Dolstra
install-multi-user: reduce max-jobs from 32 to 1
2019-05-29Replace `type` with `command -v` in install scriptJohannes Climacus
In POSIX sh, `type` is undefined. cf. https://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html#tag_20_22_04
2019-05-15Don’t set NIX_REMOTE=daemon in daemon profileMatthew Bauer
This is now autodetected. There is no need to put it in the profile.
2019-05-15Sync NIX_PROFILES between single-user and multi-user modesMatthew Bauer
When we are in single user mode, we still want to have access to profiles. This way things in Nixpkgs that rely on them getting set accurately are done in both cases. The point where I hit this is with using aspell which looks in NIX_PROFILES: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/aspell/default.nix Before this patch, NIX_PROFILES was never set in single user mode! This corrects that.
2019-05-15nix-profile: Add all channels to $NIX_PATHEelco Dolstra
Fixes #2709.
2019-05-15Fix shellcheck errorEelco Dolstra
https://hydra.nixos.org/build/93359951
2019-05-08Merge pull request #2594 from LnL7/darwin-10.12.6Graham Christensen
installer: update macOS version check to 10.12.2
2019-05-01Merge pull request #2679 from bjornfor/offline-installEelco Dolstra
install script: don't abort when "nix-channel --update" fails
2019-03-27install-multi-user: remove unneeded settings from nix.confBjørn Forsman
Hardcoding the "max-jobs" and "cores" settings in nix.conf at install time, to the same value as Nix' built-in default, makes little sense to me.
2019-03-27install-multi-user: reduce max-jobs from 32 to 1Bjørn Forsman
Having max-jobs = 32 ($NIX_USER_COUNT is hardcoded to that value) may severely overload the machine. The nix.conf(5) manual page says max-jobs defaults to 1, so let's use that value. NOTE: Both max-jobs and cores are now being set to their default value, so they can be removed alltogether.