Commit graph

979 commits

Author SHA1 Message Date
Travis A. Everett
abdf9f2a6e darwin-install: fix already-mounted store volumes
This adds an explicit unmount of the store volume to avoid cases
where the installer can hang in await_volume when:
- the user already has a store volume
- that volume is already mounted somewhere other than /nix
- they do not take a path through the installer that results in an
  explicit unmount (as both removing and encrypting the volume
  would do)
2021-11-04 14:09:40 -05:00
Jan Van Bruggen
7d56174c1e
Reword "we"s to "I"s for consistency
This script uses multiple forms of the first-person POV:
1. "We" to refer to the Nix team (1e7c796e66/scripts/install-multi-user.sh (L72))
2. "We" to refer to the combination of the installation script & the user/executor (1e7c796e66/scripts/install-multi-user.sh (L710))
3. "We" to refer to the installation script alone (1e7c796e66/scripts/install-multi-user.sh (L602))
4. "I" to refer to the installation script alone (1e7c796e66/scripts/install-multi-user.sh (L200))

Since I prefer POV 4 to POV 3, this changes all instances of POV 3 to POV 4.
2021-11-03 18:42:32 -06:00
Anders Kaseorg
447350fe0e installer: Do not use echo -e in #!/bin/sh script
ShellCheck correctly warns:

In scripts/install-nix-from-closure.sh line 218:
                echo -e "\nif [ -e $p ]; then . $p; fi # added by Nix installer" >> "$fn"
                     ^-- SC3037: In POSIX sh, echo flags are undefined.

In scripts/install-nix-from-closure.sh line 229:
                echo -e "\nif [ -e $p ]; then . $p; fi # added by Nix installer" >> "$fn"
                     ^-- SC3037: In POSIX sh, echo flags are undefined.

Indeed, this actually breaks on Ubuntu where /bin/sh is dash.

Fixes #5458.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2021-11-02 10:27:27 -07:00
Travis A. Everett
8a3b8d0b33 darwin-install: fix incorrect fn name 2021-10-12 18:17:27 -05:00
Travis A. Everett
033081aec2 fix install on macOS monterey 2021-09-21 13:38:29 -05:00
Travis A. Everett
bf2ee3c565 install: fix addVolume perm issue for some users
As reported in #5198, volume creation can fail with a permission error
for some macOS users (probably secondary user accounts?) Sudo appears
to be sufficient to avoid this.

While I'm here, I also updated the sudo invocation added in 079bde2ae
to use the _sudo explanation wrapper.
2021-09-01 19:02:25 -05:00
Eelco Dolstra
0b6bff5455
Merge pull request #5096 from AnatoleLucet/patch-1
Remove curl deps in install script
2021-08-30 13:19:00 +02:00
Eelco Dolstra
9f9b0d267f
Merge pull request #5179 from matthewbauer/use-zshrc
Revert "Use /etc/zshenv instead of /etc/zshrc for profile"
2021-08-30 13:14:18 +02:00
Matthew Bauer
959c2af557 Revert "Use /etc/zshenv instead of /etc/zshrc for profile"
This reverts commit 909d8cb293.

This messes up PATH priority since /etc/profile gets sourced AFTER
/etc/zshenv and it sets the system paths so
$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin is behind
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin. See discussion in
https://github.com/NixOS/nix/issues/4169.
2021-08-25 23:02:22 -05:00
Matthew Bauer
079bde2aef Try setting enableOwnership in macOS install
For external hard disks where ownership is not enabled by default.
2021-08-24 19:23:18 -05:00
Domen Kožar
475fc109e7 Remove rsync usage in the installer
It's not commonly installed on systems like debian,
so avoid the bootstrapping problem by using cp and
chmod.
2021-08-18 16:50:36 +02:00
Anatole Lucet
67035ee23d Remove curl deps in install script 2021-08-09 15:33:39 +02:00
Domen Kožar
97be92569c
Merge pull request #5040 from SuperSandro2000/patch-1
installer: fix --no-modify-profile help text
2021-07-23 20:40:45 +02:00
Sandro
5c4cc5e0d6
installer: update global nix.conf location 2021-07-23 19:56:30 +02:00
Sandro
142c966691
installer: fix --no-modify-profile help text 2021-07-23 19:51:37 +02:00
Jarrett Keifer
c8a80e4dbe
Fix wrong hash var for aarch64-darwin binary 2021-07-05 07:48:53 -07:00
Matthew Bauer
c906d6530d Support cross-compiling binaryTarball 2021-06-26 00:12:03 -05:00
Robert Hensing
e30d1daf26 installer: Jeeze -> Oh no
Even if it doesn't offend me or probably most people,
this word can be considered mildly blasphemous.
2021-06-16 19:14:16 +02:00
Finn Behrens
9f1a7f9d37 Include aarch64-darwin in installer
Co-authored-by: Matthew Bauer <mjbauer95@gmail.com>
2021-06-01 09:48:35 +02:00
Patrick Hilhorst
822e338e5c
throw freenode down the memory hole 2021-05-27 21:48:39 +02:00
Anders Kaseorg
d169eb2a1b
install: Fix hash variable for Darwin.arm64 (#4769)
When commit 233b61d3d6 (#4224) renamed
@binaryTarball_${system}@ to @tarballHash_${system}@, it updated this
reference for every platform except Darwin.arm64.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2021-05-11 15:43:44 +02:00
Travis A. Everett
eab14a642c darwin: encrypt nix volume if filevault is enabled 2021-04-29 13:26:51 -05:00
Domen Kožar
dc6a8f1548
Merge pull request #4532 from abathur/macos_nixbld_ids
fix nixbld user name/uid for macOS/darwin
2021-03-25 10:35:56 +01:00
Nicolas Stig124 FORMICHELLA
71f92741ec
Added Debian-based OS's profiles 2021-03-23 16:23:24 +01:00
Travis A. Everett
0431cf6d09 fix nixbld user name/uid for macOS 2021-03-11 10:16:34 -06:00
Domen Kožar
22aec8cef4
fix installer script 2021-02-21 15:51:49 +00:00
Domen Kožar
ae4260f0a7
Generate installer script for each PR/push
This works by using Cachix feature of serving a file from
a store path.
2021-02-21 15:51:49 +00:00
Maximilian Bosch
d9367a2dd1
scripts/install-nix-from-closure: only show progress if a terminal is used
While the progress dots during the copying of the store work fine on a
normal terminal, those look pretty off if the script is run inside a
provisioning script of e.g. `vagrant` or `packer` where `stderr` and
`stdout` are captured:

    default: .
    default: ..
    default: .
    default: .
    default: .

To work around this, the script checks with `-t 0` if it's
running on an actual terminal and doesn't show the progress if that's not
the case.
2021-01-22 10:35:02 +01:00
Matthew Bauer
692549c542 Use com.apple.oahd.plist for rosetta 2 detection 2020-12-04 13:28:09 -06:00
Matthew Bauer
addf9f4ede Call it aarch64-darwin instead of arm64-darwin
gnu-config standardized on aarch64 for machine name so host_cpu part
of $system will always be aarch64. That means system will be
aarch64-darwin too.

uname however could report either “aarch64” (if gnu coreutils) or
“arm64” (if apple’s uname). We should support both for compatiblity
here.
2020-12-02 19:05:02 -06:00
Matthew Bauer
b0de7b2016 Check for rosetta 2 support before installing 2020-12-02 18:35:48 -06:00
zimbatm
233b61d3d6
installer: simplify the per-build installation
The goal is to allow the installation and testing of arbitrary Nix
versions. Extend the base installer to accept a `--tarball-url-prefix
<url>` to change where the Nix tarball is getting downloaded from.

Once this is merged it should allow to:
1. Pick an evaluation at https://hydra.nixos.org/jobset/nix/master that
   looks healthy
2. Select the installedScript build and find the store path.

Now equipped with all of this, use an instance of nar-serve to fetch the
install script and release tarballs:

    curl -sfL https://nar-serve.numtide.com/nix/store/rkv4yh7pym941bhj0849zqdkg2546bdv-installer-script/install \
      | sh --tarball-url-prefix https://nar-serve.numtide.com/nix/store

Or with cachix, strip the /nix/store and derivation name and then:

    curl -sfL https://mycache.cachix.org/serve/rkv4yh7pym941bhj0849zqdkg2546bdv/install \
      | sh --tarball-url-prefix https://mycache.cachix.org/serve

Fixes #4047
2020-11-21 19:56:46 +01:00
Eelco Dolstra
ae3191666f
Merge pull request #4171 from YorikSar/zsh-nix-profiles
Fix iterating over $NIX_PROFILES in Zsh
2020-11-17 15:53:44 +01:00
Travis A. Everett
4864df6d6b enable Darwin.arm64 to install x86_64 binary
Throwing @thefloweringash under the bus if this doesn't work, but it
sounds like Apple Silicon devices can use the x86_64 binary for now.

Fixes #4058
2020-11-10 08:48:49 -06:00
Yuriy Taraday
39fbd3d828 Fix iterating over $NIX_PROFILES in Zsh
NIX_PROFILES is space separated list of directories, and passing it into
for as is is considered to be 1-element list with the whole string. With
shwordsplit option Zsh emulates other shells in this regard ans
implicitely splits unquoted strings into words.

Fixes #4167.
2020-10-21 00:03:38 +04:00
Domen Kožar
e0ca98c207
Merge pull request #3996 from abathur/macos_big_sur_fixes
Macos big sur installer fixes
2020-10-20 12:18:23 +02:00
Travis A. Everett
f289bdb9d4 discourage casual Big Sur installs 2020-10-19 12:28:08 -05:00
Travis A. Everett
c40bad4151 create missing profile files to fix zsh envvars
Env vars for ZSH were moved from /etc/zshrc to /etc/zshenv in #3608
to address an issue with zshrc getting clobbered by OS updates, but
/etc/zshenv doesn't exist by default--so *nothing* would get set up
for zsh users unless they already happened to have /etc/zshenv.

Creating these files if they don't exist. Also cut separate creation
of profile.d/nix.sh, which isn't needed now.
2020-10-19 12:25:52 -05:00
Travis A. Everett
b719f686a8 fix skipped multi-user install steps on macOS
Some of the changes in #3788 to support non-systemd Nix installs
don't appear to be aware that the darwin installer exists, which
resulted in some skipped steps and inappropriate instructions.
2020-10-19 12:25:52 -05:00
Travis A. Everett
fe807904e5 adapt to apfs.util flag diff in catalina/big sur
Fixes #3957. Just runs both forms to minimize moving parts.
2020-10-19 12:24:31 -05:00
Travis A. Everett
e736f8f6e4 replace xpath with xmllint --xpath; simplify
As mentioned in previous commit, Big Sur changes the syntax for the
xpath command slightly.

In the process of testing out replacements for these, I noticed a few
small simplification wins.
2020-10-19 12:24:04 -05:00
Travis A. Everett
1f02b65c59 fix xpath and conditional bugs; xpath -> xmllint
- xpath -> xmllint: xpath's cli interface changed in Big Sur
  rather than add conditional logic for picking the correct
  syntax for xpath, I'm changing to xmllint --xpath, which
  appears to be consistent across versions I've tested...

- /plist/dict/key[text()='Writable']/following-sibling::true[1]
  doesn't do quite what's expected. It was written to try to
  select a <true /> node paired with the Writable key, but it
  will also select the *next* <true /> node that appears even
  if it was paired with another key.

- I think there's also a logic bug in the conditionals here.
  I'm not sure anyone ever actuall saw it, thanks to the xpath
  bug, though. With the xpath fix, this conditional passes if /nix
  does not exist, / IS writable, and the version is Catalina+.

  I think it meant to test for /nix does not exist, / is NOT
  writable, and the version is Catalina+. I reworked this lightly
  to make it a little clearer at the code level.
2020-10-19 12:23:29 -05:00
Travis A. Everett
9c3dc9d7ca update macOS version handling for Big Sur
Keeping this commit narrow for reviewability, but some of these
conditionals will change in subsequent commits in this PR.

Fixes #3852.
2020-10-19 12:22:30 -05:00
Eelco Dolstra
924712eef1 Installer: Set a known umask
Fixes #1560, #2377.
2020-09-30 17:48:49 +02:00
Eelco Dolstra
3e30710d95
Merge pull request #3788 from crinklywrappr/master
Add a script to install nix on non-systemd systems.
2020-07-31 16:44:26 +02:00
Alex Kovar
3294b0a4b0 Add newline to profile sourcing line #3393 2020-07-18 10:24:22 -05:00
Daniel Fitzpatrick
39859b853c merged systemd installer with non-systemd installer. 2020-07-07 15:08:23 -05:00
Daniel Fitzpatrick
fd42176a21 Add a script to install nix on non-systemd systems. 2020-07-06 21:59:18 -05:00
Jörg Thalheim
3685f4eec6
docs/installer: add correct curl flags
also see https://nixos.org/download.html
2020-06-23 23:04:10 +01:00
Daiderd Jordan
4e6d7cb55a
installer: don't require xz on darwin
On macOS the system tar has builtin support for lzma while xz isn't
available as a separate binary.  There's no builtin package manager
there available either so having to install lzma (without nix) would be
rather painful.
2020-05-27 20:58:42 +02:00
Eelco Dolstra
228857efc6 Merge pull request #3608 from surajbarkale/patch-1
Use /etc/zshenv instead of /etc/zshrc for profile
2020-05-27 11:10:08 +02:00
Domen Kožar
3d3c219d91
installer: fix unused variable 2020-05-26 16:23:03 +02:00
Domen Kožar
1a5ac894e9
Fix installer script bugs
- --no-channel-add didn't have effect on multi-user installation
- some new flags didn't work at all
- document all installer flags
2020-05-26 15:49:26 +02:00
Domen Kožar
909bdfb4b4
Merge pull request #3375 from domenkozar/multi-user-count
install-multi-user: allow overriding user count
2020-05-25 17:53:24 +02:00
Domen Kožar
573ff8dfca
Allow passing extra nix.conf to installer 2020-05-25 17:31:46 +02:00
Domen Kožar
90b0c630a0
install-multi-user: allow overriding user count 2020-05-25 17:16:38 +02:00
Domen Kožar
2a7ea2eb6c
scripts/create-darwin-volume.sh: remove unused variable 2020-05-23 11:12:05 +02:00
Suraj Barkale
909d8cb293
Use /etc/zshenv instead of /etc/zshrc for profile
As noted in https://github.com/NixOS/nix/issues/3456 the `/etc/zshenv` file provides a better place for sourcing the nix environment.
2020-05-22 11:05:25 +10:00
Daiderd Jordan
d3df1889a1
installer: don't clobber synthetic.conf 2020-05-21 20:03:09 +02:00
Travis A. Everett
2b0a81d92d
focus on golden-path covering most scenarios
This should handle installation scenarios we can handle with
anything resembling confidence. Goal is approximating the existing
setup--not enforcing a best-practice...

Approaches (+ installer-handled, - manual) and configs each covers:

+ no change needed; /nix OK on boot volume:
  All pre-Catalina (regardless of T2 or FileVault use)

+ create new unencrypted volume:
  Catalina, pre-T2, no FileVault

+ create new encrypted-at-rest volume:
  Catalina, pre-T2, FileVault
  Catalina, T2, no FileVault

- require user to pre-create encrypted volume
  Catalina, T2, FileVault
2020-05-21 19:58:11 +02:00
Daiderd Jordan
477d7c2d07
installer: refuse apfs volume creation when FileVault is enabled 2020-05-21 19:58:11 +02:00
Daiderd Jordan
bc24c09968
install: make synthetic.conf and fstab checks stricter 2020-05-21 19:58:11 +02:00
Daiderd Jordan
04f597c3f4
install: improve output and error handling 2020-05-21 19:58:11 +02:00
Daiderd Jordan
caface1980
install: hide the store volume on darwin 2020-05-21 19:58:11 +02:00
Daiderd Jordan
083bb3bbfc
install: show macOS 10.15 message with --daemon 2020-05-21 19:58:10 +02:00
Daiderd Jordan
10202628b9
install: also configure ~/.zshenv
The default login shell for users on macOS 10.15 changed from bash to
zsh.  So while generally nonstandard we need to configure it to make nix
function out of the box on macOS.
2020-05-21 19:58:10 +02:00
Daiderd Jordan
0726ad5825
install: configure and bootstrap synthetic.conf on darwin
Starting macOS 10.15 /nix can't be creasted directly anymore due to the
readonly filesystem, but synthetic.conf was introduced to enable
creating mountpoints or symlinks for special usecases like package
managers.
2020-05-21 19:58:10 +02:00
Pavol Rusnak
9e12b2f5b8
Expose installer configuration environment variables via command line flags 2020-05-12 19:00:45 +02:00
Pavol Rusnak
46be11b762
Introduce NIX_INSTALLER_NO_CHANNEL_ADD which skips nix-channel --add 2020-05-12 12:13:40 +02:00
Greg Price
7313aa267b installer: Fix terminal colors.
The install-multi-user script uses blue, green, and red colors, as
well as bold and underline, to add helpful formatting that helps
structure its rather voluminous output.

Unfortunately, the terminal escape sequences it uses are not quite
well-formed.  The relevant information is all there, just obscured
by some extra noise, a leading parameter `38`.  Empirically, the
result is:

 * On macOS, in both Terminal.app and iTerm2, the spurious `38` is
   ignored, the rest of the escape sequence is applied, and the colors
   show up as intended.

 * On Linux, in at least gnome-terminal and xterm, the spurious `38`
   and the next parameter after it are ignored, and what's left is
   applied.  So in the sequence `38;4;32`, the 4 (underline) is
   ignored but the 32 (green) takes effect; in a more typical sequence
   like `38;34`, the 34 (blue) is ignored and nothing happens.

These codes are all unchanged since this script's origins as a
Darwin-only script -- so the fact that they work fine in common macOS
terminals goes some way to explain how the bug arose.

Happily, we can make the colors work as intended by just deleting the
extra `38;`.  Tested in all four terminals mentioned above; the new
codes work correctly on all of them, and on the two macOS terminals
they work exactly the same as before.

---

In a bit more technical detail -- perhaps more than anyone, me
included, ever wanted to know, but now that I've gone and learned it
I'll write it down anyway :) -- here's what's happening in these codes:

An ECMA-48 "control sequence" begins with `\033[` aka "CSI", contains
any number of parameters as semicolon-separated decimal numbers (plus
sometimes other wrinkles), and ends with a byte from 0x40..0x7e.  In
our case, with `m` aka "SGR", "Select Graphic Rendition".

An SGR control sequence `\033[...m` sets colors, fonts, text styles,
etc.  In particular a parameter `31` means red, `32` green, `34` blue,
`4` underline, and `0` means reset to normal.  Those are all we use.

There is also a `38`.  This is used for setting colors too... but it
needs arguments.  `38;5;nn` is color nn from a 256-color palette, and
`38;2;rr;gg;bb` has the given RGB values.

There is no meaning defined for `38;1` or `38;34` etc.  On seeing a
parameter `38` followed by an unrecognized argument for it, apparently
some implementations (as seen on macOS) discard only the `38` and
others (as seen on Linux) discard the argument too before resuming.
2020-03-24 21:15:01 -07:00
Greg Price
26851dd2c2 installer: Set files read-only when copying into store
After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

  drwxr-xr-x 9 root root 4096 Dec 31  1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used `rsync -p` without doing anything
else to affect the permissions.

The plain `install` script for a single-user install takes care to
do a `chmod -R a-w` on each store path copied.  We could do the same
here with one more command; or we can pass `--chmod` to rsync, to
have it write the files with the desired modes in the first place.

Tested the new `rsync` command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both.  Thankfully the latter
is just new enough to have `--chmod`, which dates to rsync 2.6.7.
2020-03-22 23:07:20 -07:00
Philipp Middendorf
9450dece24 installer: also test for xz to unpack 2020-03-21 09:31:39 +01:00
Robert Hensing
9080d5d924 README, error msg: http -> https 2020-03-11 19:41:22 +01:00
Eelco Dolstra
e063c71a79
nixos.org/releases -> releases.nixos.org 2020-03-11 10:33:23 +01:00
Rovanion Luckey
a413594baf installer: Handle edge case where the nix-daemon is already running on the system
On a systemd-based Linux distribution: If the user has previously had multi-user Nix installed on the system, removed it and then reinstalled multi-user Nix again the old nix-daemon.service will still be running when `scripts/install-systemd-multi-user.sh` tries to start it which results in nothing being done and the old daemon continuing its run.

When a normal user then tries to use Nix through the daemon the nix binary will fail to connect to the nix-daemon as it does not belong to the currently installed Nix system. See below for steps to reproduce the issue that motivated this change.

$ sh <(curl https://nixos.org/nix/install) --daemon

$ sudo rm -rf /etc/nix /nix /root/.nix-profile /root/.nix-defexpr /root/.nix-channels /home/nix-installer/.nix-profile /home/nix-installer/.nix-defexpr /home/nix-installer/.nix-channels ~/.nix-channels ~/.nix-defexpr/ ~/.nix-profile /etc/profile.d/nix.sh.backup-before-nix /etc/profile.d/nix.sh; sed -i '/added by Nix installer$/d' ~/.bash_profile

$ unset NIX_REMOTE

$ sh <(curl https://nixos.org/nix/install) --daemon

└$ export NIX_REMOTE=daemon

└$ nix-env -iA nixpkgs.hello
installing 'hello-2.10'
error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': No such file or directory
(use '--show-trace' to show detailed location information)

└$ sudo systemctl restart nix-daemon.service

└$ nix-env -iA nixpkgs.hello
installing 'hello-2.10'
these paths will be fetched (6.09 MiB download, 27.04 MiB unpacked):
  /nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10
  /nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27
copying path '/nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27' from 'https://cache.nixos.org'...
copying path '/nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10' from 'https://cache.nixos.org'...
building '/nix/store/w9adagg6vlikr799nkkqc9la5hbbpgmi-user-environment.drv'...
created 2 symlinks in user environment
2020-01-23 14:48:53 +01:00
Michael Forney
43eb7b6756 Pass -J to tar for xz decompression
Some tar implementations can't auto-detect compression formats, so
they must be specified explicitly.
2019-12-22 17:17:14 -08:00
Michael Forney
10414d467b Pass -P to cp to preserve symlinks
This is commonly the default behavior with -R, but POSIX leaves the
default unspecified.
2019-12-21 21:30:38 -08:00
Eelco Dolstra
ec9dd9a5ae
Provide a default value for NIX_PATH 2019-11-22 22:08:51 +01:00
Eelco Dolstra
1c3ccba0f5
Remove $NIX_USER_PROFILE_DIR
This is not used anywhere.
2019-11-22 16:27:48 +01:00
Eelco Dolstra
2f96a89646 install-multi-user.sh: Remove unused variables
https://hydra.nixos.org/build/104119659
2019-10-23 21:24:21 +02:00
Steven Shaw
f0ec4b4ce4
Fix unset variable in installer 2019-10-19 13:26:06 +10:00
Eelco Dolstra
9277e72cb0
Typo 2019-10-09 23:35:02 +02:00
Eelco Dolstra
c9159f86cc
nix-env: Create ~/.nix-defexpr automatically 2019-10-09 23:35:02 +02:00
Eelco Dolstra
61a6176aca
nix-profile.sh: Remove coreutils dependency 2019-10-09 23:35:02 +02:00
Eelco Dolstra
9348f9291e
nix-env: Create ~/.nix-profile automatically 2019-10-09 23:35:01 +02:00
Eelco Dolstra
26762ceb86
nix-profile.sh: Don't create .nix-channels
This is already done by the installer, so no need to do it again.
2019-10-09 23:35:01 +02:00
Eelco Dolstra
c43d9f6131
Remove some redundant initialization 2019-10-09 23:35:01 +02:00
Eelco Dolstra
5a303093dc
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.
2019-10-09 23:34:48 +02:00
Matthew Bauer
d4e51aac08 Make preexisting Nix install a warning, not a failure
In the multi-user install script, we originally made sure no previous
references to Nix existed. This prevented any previous installs from
contaminating the new install. However, some users need the ability to
repair their existing Nix installation without uninstalling all
references to Nix. This change allows users with existing Nix
installations to use the installer, while still outputing a warning
message on the dangers of this. As a result, the multi-user install
script work much more like the single-user install script has worked
in the past.

This is a requirement for macOS Catalina users now that
/Library/LaunchDaemons/org.nixos.nix-daemon.plisg is not managed by
the Nix store. If there is ever a change to the .plist, all users will
need to rerun this install script to get the new changes. Otherwise,
changes to the launch daemon will require manual interventions.
2019-10-08 21:53:06 -04:00
Matthew Bauer
0847f2f1b3 Copy instead of linking launch agent
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.

Fixes #3125.
2019-10-08 21:52:17 -04:00
Eelco Dolstra
ad03159e25
Merge pull request #2745 from samueldr/install/detect-systemd-separately
install-multi-user: Detect and fail lack of systemd separately
2019-08-28 11:34:23 +02:00
Eelco Dolstra
bd285849ed
Merge pull request #3054 from matthewbauer/nix-dir-macos
Allow empty /nix directory in multi-user installer
2019-08-28 11:29:43 +02:00
Eelco Dolstra
ceefddafe8 Compress binary tarballs using xz
Fixes https://github.com/NixOS/nix/issues/240.

Apparently 'tar -xf' can decompress xz files on macOS nowadays.
2019-08-27 22:18:34 +02:00
Venkateswara Rao Mandela
6dab42a551
installer: handle network proxy in systemd install
If a network proxy configuration is detected, setup an override
systemd unit file for nix-daemon service with the non-empty
proxy variables.

Proxy detection is performed by looking for http/https/ftp proxy and no
proxy variables in user environment
2019-08-24 09:08:41 -04:00
Matthew Bauer
0463d5e36f Allow empty /nix directory in multi-user installer
With macOS catalina, we can no longer modify the root system
volume (#2925). macOS provides a system configuration file in
synthetic.conf(5) to create empty root directories. This can be used
to mount /nix to a separate volume. As a result, this directory will
need to already exist prior to installation. Instead, check for
/nix/store and /nix/var for a live Nix installation.
2019-08-22 23:38:52 -04:00
Matthew Bauer
c82a856b36 Add default for USER when unset
uses $(id -u -n) when USER is unset, this is needed on some weird
setups in Docker. Fixes #971
2019-07-25 09:39:44 -04:00
Eelco Dolstra
38a4d38bc3
Merge pull request #2746 from bjornfor/install-multi-user-defaults
install-multi-user: reduce max-jobs from 32 to 1
2019-06-17 10:17:40 +02:00
Johannes Climacus
a8251ba2ed Replace type with command -v in install script
In POSIX sh, `type` is undefined.

cf. https://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html#tag_20_22_04
2019-05-29 10:08:21 -04:00
Matthew Bauer
92f461e4f4 Don’t set NIX_REMOTE=daemon in daemon profile
This is now autodetected. There is no need to put it in the profile.
2019-05-15 22:24:24 -04:00
Matthew Bauer
7c20ee448f Sync NIX_PROFILES between single-user and multi-user modes
When we are in single user mode, we still want to have access to
profiles. This way things in Nixpkgs that rely on them getting set
accurately are done in both cases. The point where I hit this is with
using aspell which looks in NIX_PROFILES:

https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/aspell/default.nix

Before this patch, NIX_PROFILES was never set in single user mode!
This corrects that.
2019-05-15 22:04:39 -04:00