mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-15 02:36:16 +02:00
add script to migrate macOS 15 Sequoia nixbld UIDs
While we don't have any easy way to forcibly notify everyone about the impending breakage (or forcibly migrate the users on their system), this script enables those who do hear about the problem to migrate their systems before they take the macOS update. It should also enable people who only discover it after the update when a build fails to ~fix their installs without a full reinstall.
This commit is contained in:
parent
caabdb06d1
commit
0fabb348ba
2 changed files with 146 additions and 19 deletions
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
((NEW_NIX_FIRST_BUILD_UID=301))
|
((NEW_NIX_FIRST_BUILD_UID=301))
|
||||||
|
|
||||||
id_available(){
|
id_unavailable(){
|
||||||
dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
|
dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ change_nixbld_names_and_ids(){
|
||||||
while read -r name uid; do
|
while read -r name uid; do
|
||||||
echo " Checking $name (uid: $uid)"
|
echo " Checking $name (uid: $uid)"
|
||||||
# iterate for a clean ID
|
# iterate for a clean ID
|
||||||
while id_available "$next_id"; do
|
while id_unavailable "$next_id"; do
|
||||||
((next_id++))
|
((next_id++))
|
||||||
if ((next_id >= 400)); then
|
if ((next_id >= 400)); then
|
||||||
echo "We've hit UID 400 without placing all of your users :("
|
echo "We've hit UID 400 without placing all of your users :("
|
||||||
|
|
161
scripts/sequoia-nixbld-user-migration.sh
Normal file → Executable file
161
scripts/sequoia-nixbld-user-migration.sh
Normal file → Executable file
|
@ -1,36 +1,163 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
((NEW_NIX_FIRST_BUILD_UID=331))
|
set -x
|
||||||
|
|
||||||
id_available(){
|
((NEW_NIX_FIRST_BUILD_UID=350))
|
||||||
|
((TEMP_NIX_FIRST_BUILD_UID=31000))
|
||||||
|
|
||||||
|
nix_user_n() {
|
||||||
|
printf "_nixbld%d" "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
id_unavailable(){
|
||||||
dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
|
dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
change_nixbld_names_and_ids(){
|
any_nixbld(){
|
||||||
local name uid next_id
|
dscl . list /Users UniqueID | grep -E '\b_nixbld' >/dev/null
|
||||||
((next_id=NEW_NIX_FIRST_BUILD_UID))
|
}
|
||||||
echo "Attempting to migrate _nixbld users."
|
|
||||||
echo "Each _nixbld# user should have its UID moved to $next_id+"
|
re_create_nixbld_user(){
|
||||||
|
local name uid
|
||||||
|
|
||||||
|
name="$1"
|
||||||
|
uid="$2"
|
||||||
|
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "UniqueID" "$uid"
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "IsHidden" "1"
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "NFSHomeDirectory" "/var/empty"
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "RealName" "Nix build user $name"
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "UserShell" "/sbin/nologin"
|
||||||
|
sudo /usr/bin/dscl . -create "/Users/$name" "PrimaryGroupID" "30001"
|
||||||
|
}
|
||||||
|
|
||||||
|
hit_id_cap(){
|
||||||
|
echo "We've hit UID 400 without placing all of your users :("
|
||||||
|
echo "You should use the commands in this script as a starting"
|
||||||
|
echo "point to review your UID-space and manually move the"
|
||||||
|
echo "remaining users (or delete them, if you don't need them)."
|
||||||
|
}
|
||||||
|
|
||||||
|
# evacuate the role-uid space to simplify final placement logic
|
||||||
|
temporarily_move_existing_nixbld_uids(){
|
||||||
|
local name uid next_id user_n
|
||||||
|
|
||||||
|
((next_id=TEMP_NIX_FIRST_BUILD_UID))
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Step 1: move existing _nixbld users out of the destination UID range."
|
||||||
|
|
||||||
while read -r name uid; do
|
while read -r name uid; do
|
||||||
echo " Checking $name (uid: $uid)"
|
|
||||||
# iterate for a clean ID
|
# iterate for a clean ID
|
||||||
while id_available "$next_id"; do
|
while id_unavailable "$next_id"; do
|
||||||
((next_id++))
|
((next_id++))
|
||||||
if ((next_id >= 400)); then
|
# We really want to get these all placed, but I guess there's
|
||||||
echo "We've hit UID 400 without placing all of your users :("
|
# some risk we iterate forever--so we'll give up after 9k uids.
|
||||||
|
if ((next_id >= 40000)); then
|
||||||
|
echo "We've hit UID 40000 without temporarily placing all of your users :("
|
||||||
echo "You should use the commands in this script as a starting"
|
echo "You should use the commands in this script as a starting"
|
||||||
echo "point to review your UID-space and manually move the"
|
echo "point to review your UID-space and manually move the"
|
||||||
echo "remaining users (or delete them, if you don't need them)."
|
echo "remaining users to any open UID over 1000."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
sudo dscl . -create "/Users/$name" UniqueID "$next_id"
|
||||||
|
echo " Temporarily moved $name from uid $uid -> $next_id"
|
||||||
|
|
||||||
|
done < <(dscl . list /Users UniqueID | grep _nixbld | sort -n -k2)
|
||||||
|
}
|
||||||
|
|
||||||
|
change_nixbld_uids(){
|
||||||
|
local name next_id user_n
|
||||||
|
|
||||||
|
((next_id=NEW_NIX_FIRST_BUILD_UID))
|
||||||
|
((user_n=1))
|
||||||
|
name="$(nix_user_n "$user_n")"
|
||||||
|
|
||||||
|
# we know that we have *some* nixbld users, but macOS may have
|
||||||
|
# already clobbered the first few users if this system has been
|
||||||
|
# upgraded
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Step 2: re-create missing early _nixbld# users."
|
||||||
|
|
||||||
|
until dscl . read "/Users/$name" &>/dev/null; do
|
||||||
|
# iterate for a clean ID
|
||||||
|
while id_unavailable "$next_id"; do
|
||||||
|
((next_id++))
|
||||||
|
if ((next_id >= 400)); then
|
||||||
|
hit_id_cap
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# first 2 are cleanup, it's OK if they aren't here
|
re_create_nixbld_user "$name" "$next_id"
|
||||||
sudo dscl . delete "/Users/$name" dsAttrTypeNative:_writers_passwd &>/dev/null || true
|
echo " $name was missing; created with uid: $next_id"
|
||||||
sudo dscl . change "/Users/$name" NFSHomeDirectory "/private/var/empty 1" "/var/empty" &>/dev/null || true
|
|
||||||
sudo dscl . change "/Users/$name" UniqueID "$uid" "$next_id"
|
((user_n++))
|
||||||
|
name="$(nix_user_n "$user_n")"
|
||||||
|
done
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Step 3: relocate remaining _nixbld# UIDs to $next_id+"
|
||||||
|
|
||||||
|
# start at first _nixbld# not re-created above and increment
|
||||||
|
# until _nixbld<n> doesn't exist
|
||||||
|
while dscl . read "/Users/$name" &>/dev/null; do
|
||||||
|
# iterate for a clean ID
|
||||||
|
while id_unavailable "$next_id"; do
|
||||||
|
((next_id++))
|
||||||
|
if ((next_id >= 400)); then
|
||||||
|
hit_id_cap
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
sudo dscl . -create "/Users/$name" UniqueID "$next_id"
|
||||||
echo " $name migrated to uid: $next_id"
|
echo " $name migrated to uid: $next_id"
|
||||||
|
|
||||||
|
((user_n++))
|
||||||
|
name="$(nix_user_n "$user_n")"
|
||||||
|
done
|
||||||
|
|
||||||
|
if ((user_n == 1)); then
|
||||||
|
echo "Didn't find _nixbld1. Perhaps you have single-user Nix?"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "Migrated $((user_n - 1)) users. If you want to double-check, try:"
|
||||||
|
echo "dscl . list /Users UniqueID | grep _nixbld | sort -n -k2"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
needs_migration(){
|
||||||
|
local name uid next_id user_n
|
||||||
|
|
||||||
|
((next_id=NEW_NIX_FIRST_BUILD_UID))
|
||||||
|
((user_n=1))
|
||||||
|
|
||||||
|
while read -r name uid; do
|
||||||
|
expected_name="$(nix_user_n "$user_n")"
|
||||||
|
if [[ "$expected_name" != "$name" ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if [[ "$next_id" != "$uid" ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
((next_id++))
|
||||||
|
((user_n++))
|
||||||
done < <(dscl . list /Users UniqueID | grep _nixbld | sort -n -k2)
|
done < <(dscl . list /Users UniqueID | grep _nixbld | sort -n -k2)
|
||||||
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
change_nixbld_names_and_ids
|
|
||||||
|
if any_nixbld; then
|
||||||
|
if needs_migration; then
|
||||||
|
echo "Attempting to migrate _nixbld users."
|
||||||
|
temporarily_move_existing_nixbld_uids
|
||||||
|
change_nixbld_uids
|
||||||
|
else
|
||||||
|
echo "_nixbld users already appear to be migrated."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Didn't find any _nixbld users. Perhaps you have single-user Nix?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in a new issue