mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-25 15:26:17 +02:00
install-darwin: fix mount permission edge-case
Fixes #6122, which reports a problem with trying to run the installer under another user (probably: user is not the disk "owner" and thus can't mount the volume).
This commit is contained in:
parent
9bc03adbba
commit
1fd127a068
1 changed files with 8 additions and 3 deletions
|
@ -685,22 +685,27 @@ encrypt_volume() {
|
||||||
local volume_uuid="$1"
|
local volume_uuid="$1"
|
||||||
local volume_label="$2"
|
local volume_label="$2"
|
||||||
local password
|
local password
|
||||||
|
|
||||||
|
task "Encrypt the Nix volume" >&2
|
||||||
|
|
||||||
# Note: mount/unmount are late additions to support the right order
|
# Note: mount/unmount are late additions to support the right order
|
||||||
# of operations for creating the volume and then baking its uuid into
|
# of operations for creating the volume and then baking its uuid into
|
||||||
# other artifacts; not as well-trod wrt to potential errors, race
|
# other artifacts; not as well-trod wrt to potential errors, race
|
||||||
# conditions, etc.
|
# conditions, etc.
|
||||||
|
|
||||||
/usr/sbin/diskutil mount "$volume_label"
|
_sudo "to mount your Nix volume for encrypting" \
|
||||||
|
/usr/sbin/diskutil mount "$volume_label"
|
||||||
|
|
||||||
password="$(/usr/bin/xxd -l 32 -p -c 256 /dev/random)"
|
password="$(/usr/bin/xxd -l 32 -p -c 256 /dev/random)"
|
||||||
_sudo "to add your Nix volume's password to Keychain" \
|
_sudo "to add your Nix volume's password to Keychain" \
|
||||||
/usr/bin/security -i <<EOF
|
/usr/bin/security -i <<EOF
|
||||||
add-generic-password -a "$volume_label" -s "$volume_uuid" -l "$volume_label encryption password" -D "Encrypted volume password" -j "Added automatically by the Nix installer for use by $NIX_VOLUME_MOUNTD_DEST" -w "$password" -T /System/Library/CoreServices/APFSUserAgent -T /System/Library/CoreServices/CSUserAgent -T /usr/bin/security "/Library/Keychains/System.keychain"
|
add-generic-password -a "$volume_label" -s "$volume_uuid" -l "$volume_label encryption password" -D "Encrypted volume password" -j "Added automatically by the Nix installer for use by $NIX_VOLUME_MOUNTD_DEST" -w "$password" -T /System/Library/CoreServices/APFSUserAgent -T /System/Library/CoreServices/CSUserAgent -T /usr/bin/security "/Library/Keychains/System.keychain"
|
||||||
EOF
|
EOF
|
||||||
builtin printf "%s" "$password" | _sudo "to encrypt your Nix volume" \
|
builtin printf "%s" "$password" | _sudo "to actually encrypt your Nix volume" \
|
||||||
/usr/sbin/diskutil apfs encryptVolume "$volume_label" -user disk -stdinpassphrase
|
/usr/sbin/diskutil apfs encryptVolume "$volume_label" -user disk -stdinpassphrase
|
||||||
|
|
||||||
/usr/sbin/diskutil unmount force "$volume_label"
|
_sudo "to unmount the encrypted volume" \
|
||||||
|
/usr/sbin/diskutil unmount force "$volume_label"
|
||||||
}
|
}
|
||||||
|
|
||||||
create_volume() {
|
create_volume() {
|
||||||
|
|
Loading…
Reference in a new issue