Commit graph

64 commits

Author SHA1 Message Date
Eelco Dolstra
aa4ca8b7e4
Merge pull request #4918 from roberth/installer-pc
installer: Jeeze -> Oh no
2022-09-09 16:49:59 +02:00
Dave Nicponski
a2b7baa42f
Set HOME var to root's home when running nix-store as root
A [recent-ish change](https://github.com/NixOS/nix/pull/6676) logs a warning when a potentially counterintuitive situation happens.

This now causes the multi-user installer to [emit a warning](https://github.com/NixOS/nixpkgs/issues/189043) when it's doing
the "seed the Nix database" step via a low-level `nix-store --load-db` invocation.

`nix-store` functionality implementations don't actually use profiles or channels or homedir as far as i can tell.  So why are we 
hitting this code at all?  

Well, the current command approach for functionality here builds a [fat `nix` binary](https://github.com/NixOS/nix/blob/master/src/nix/local.mk#L23-L26) which has _all_ the functionality of
previous individual binaries (nix-env, nix-store, etc) bundled in, then [uses the invocation name](https://github.com/NixOS/nix/blob/master/src/nix/main.cc#L274-L277) to select the
set of commands to expose.  `nix` itself has this behavior, even when just trying to parse the (sub)command and arguments:

```
dave @ davembp2
$ nix
error: no subcommand specified
Try 'nix --help' for more information.

dave @ davembp2
$ sudo nix
warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file
error: no subcommand specified
Try 'nix --help' for more information.

dave @ davembp2
$ HOME=~root sudo nix
error: no subcommand specified
Try 'nix --help' for more information.
```

This behavior can also be seen pretty easily with an arbitrary `nix-store` invocation:
```
dave @ davembp2 
$ nix-store --realize

dave @ davembp2 
$ sudo nix-store --realize  # what installer is doing now
warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file

dave @ davembp2
$ sudo HOME=~root nix-store --realize  # what this PR effectively does

dave @ davembp2
$ 
```
2022-08-31 17:25:26 -04:00
Travis A. Everett
0bf52b73f4 install: only create TMPDIR if missing 2022-08-19 15:16:34 -05:00
Eelco Dolstra
823e1017d8 Ensure that $TMPDIR exists if defined 2022-08-17 21:47:01 +02:00
Eelco Dolstra
6547dcde2a Use plain mktemp
This fixes the case where $TMPDIR doesn't end in a slash.
2022-08-17 21:41:19 +02:00
Eelco Dolstra
af4e8b00fb
Merge pull request #6882 from DeterminateSystems/allow-multi-user-as-root
Allow installing multi-user as root on macOS and Linux
2022-08-12 10:19:03 +02:00
Graham Christensen
7bb1e913b3 Don't prompt about using sudo if we're already root 2022-08-10 09:37:08 -04:00
Graham Christensen
64c3adbe1a install-multi-user: abstract is_root, is_os_linux, is_os_darwin 2022-08-10 09:36:45 -04:00
Tom Franklin
96b4339d86 Only fail if selinux is in enforcing 2022-08-08 00:42:18 +01:00
Artturin
bd3a17d00c install-multi-user: check if selinux is enabled and if it is then abort 2022-06-10 05:12:03 +03:00
Martin Schwaighofer
4f29cf1a1d installer: ask for confirmation on multi-user install without systemd
On Linux a user can go through all the way through the multi-user install
and find out at the end that they now have to manually configure their
init system to launch the nix daemon.

I suspect that for a significant number of users this is not
what they wanted. They might prefer a single-user install.
Now they have to manually uninstall nix before they can
go through the single-user install.

This introduces a confirmation dialog before the install
in that specific situation to make sure that they want to proceed.

See also: https://github.com/NixOS/nix/issues/4999#issuecomment-1064188080
This closes #4999 but rejecting it and closing that issue anyways
would also be valid.
2022-04-08 11:23:54 +02:00
Eelco Dolstra
bb0c4b9f25 install-multi-user.sh: Preserve symlinks
We need to pass -P to ensure that symlinks are copied correctly. Fixes #6303.
2022-03-24 12:48:59 +01:00
Bjørn Forsman
f4d57aa490 installer: allow overriding nix user GID and UIDs
Needed to resolve conflict in case the default GID and UIDs are in use.
2022-03-01 19:17:41 +01:00
Guillaume Maudoux
1bec333788
Create to daemon-socket folder during install 2022-02-17 09:32:15 +01:00
Travis A. Everett
bdb5e03821 install-darwin: dodge bash 3.2 command bug
The script is trying to find chown in a cross-platform-like
way, but there's some sort of deficiency in `command -p` in
the default macOS bash 3.2. It looks like it will just use
whatever PATH is already set, instead of the "default" path.

This attempts to hard-set a PATH via `getconf PATH`. It will
just set an empty PATH if that fails for some reason. A
properly-functioning `command -p` should not care what we
set the PATH to here one way or the other.

Hopefully fixes #5768.
2022-01-21 10:47:06 -06:00
Domen Kožar
75654bacc5
Merge pull request #5521 from abathur/clearly_mark_validation_step
installer: clarify starting assumption task
2021-12-08 20:04:03 +00:00
Sandro Jäckel
eff48e84d9
Apply some shellcheck suggestions 2021-11-19 15:18:10 +01:00
Travis A. Everett
cc78901ccb installer: make rc replacement instructions explicit 2021-11-10 14:06:18 -06:00
Travis A. Everett
f7859eef49 installer: improve existing rc backup nag 2021-11-09 08:14:51 -06:00
Travis A. Everett
69431edbc1 installer: clarify starting assumption task
We had a macOS user present in Matrix with some confusion because the
lack of a clear task statement here made them think the error meant
that a problem had occurred during the preceding task in a macOS
install: "Fixing any leftover Nix volume state"
2021-11-08 17:03:09 -06:00
Jan Van Bruggen
7d56174c1e
Reword "we"s to "I"s for consistency
This script uses multiple forms of the first-person POV:
1. "We" to refer to the Nix team (1e7c796e66/scripts/install-multi-user.sh (L72))
2. "We" to refer to the combination of the installation script & the user/executor (1e7c796e66/scripts/install-multi-user.sh (L710))
3. "We" to refer to the installation script alone (1e7c796e66/scripts/install-multi-user.sh (L602))
4. "I" to refer to the installation script alone (1e7c796e66/scripts/install-multi-user.sh (L200))

Since I prefer POV 4 to POV 3, this changes all instances of POV 3 to POV 4.
2021-11-03 18:42:32 -06:00
Matthew Bauer
959c2af557 Revert "Use /etc/zshenv instead of /etc/zshrc for profile"
This reverts commit 909d8cb293.

This messes up PATH priority since /etc/profile gets sourced AFTER
/etc/zshenv and it sets the system paths so
$HOME/.nix-profile/bin:/nix/var/nix/profiles/default/bin is behind
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin. See discussion in
https://github.com/NixOS/nix/issues/4169.
2021-08-25 23:02:22 -05:00
Domen Kožar
475fc109e7 Remove rsync usage in the installer
It's not commonly installed on systems like debian,
so avoid the bootstrapping problem by using cp and
chmod.
2021-08-18 16:50:36 +02:00
Robert Hensing
e30d1daf26 installer: Jeeze -> Oh no
Even if it doesn't offend me or probably most people,
this word can be considered mildly blasphemous.
2021-06-16 19:14:16 +02:00
Patrick Hilhorst
822e338e5c
throw freenode down the memory hole 2021-05-27 21:48:39 +02:00
Travis A. Everett
eab14a642c darwin: encrypt nix volume if filevault is enabled 2021-04-29 13:26:51 -05:00
Domen Kožar
dc6a8f1548
Merge pull request #4532 from abathur/macos_nixbld_ids
fix nixbld user name/uid for macOS/darwin
2021-03-25 10:35:56 +01:00
Nicolas Stig124 FORMICHELLA
71f92741ec
Added Debian-based OS's profiles 2021-03-23 16:23:24 +01:00
Travis A. Everett
0431cf6d09 fix nixbld user name/uid for macOS 2021-03-11 10:16:34 -06:00
Travis A. Everett
c40bad4151 create missing profile files to fix zsh envvars
Env vars for ZSH were moved from /etc/zshrc to /etc/zshenv in #3608
to address an issue with zshrc getting clobbered by OS updates, but
/etc/zshenv doesn't exist by default--so *nothing* would get set up
for zsh users unless they already happened to have /etc/zshenv.

Creating these files if they don't exist. Also cut separate creation
of profile.d/nix.sh, which isn't needed now.
2020-10-19 12:25:52 -05:00
Travis A. Everett
b719f686a8 fix skipped multi-user install steps on macOS
Some of the changes in #3788 to support non-systemd Nix installs
don't appear to be aware that the darwin installer exists, which
resulted in some skipped steps and inappropriate instructions.
2020-10-19 12:25:52 -05:00
Daniel Fitzpatrick
39859b853c merged systemd installer with non-systemd installer. 2020-07-07 15:08:23 -05:00
Jörg Thalheim
3685f4eec6
docs/installer: add correct curl flags
also see https://nixos.org/download.html
2020-06-23 23:04:10 +01:00
Eelco Dolstra
228857efc6 Merge pull request #3608 from surajbarkale/patch-1
Use /etc/zshenv instead of /etc/zshrc for profile
2020-05-27 11:10:08 +02:00
Domen Kožar
3d3c219d91
installer: fix unused variable 2020-05-26 16:23:03 +02:00
Domen Kožar
1a5ac894e9
Fix installer script bugs
- --no-channel-add didn't have effect on multi-user installation
- some new flags didn't work at all
- document all installer flags
2020-05-26 15:49:26 +02:00
Domen Kožar
909bdfb4b4
Merge pull request #3375 from domenkozar/multi-user-count
install-multi-user: allow overriding user count
2020-05-25 17:53:24 +02:00
Domen Kožar
573ff8dfca
Allow passing extra nix.conf to installer 2020-05-25 17:31:46 +02:00
Domen Kožar
90b0c630a0
install-multi-user: allow overriding user count 2020-05-25 17:16:38 +02:00
Suraj Barkale
909d8cb293
Use /etc/zshenv instead of /etc/zshrc for profile
As noted in https://github.com/NixOS/nix/issues/3456 the `/etc/zshenv` file provides a better place for sourcing the nix environment.
2020-05-22 11:05:25 +10:00
Greg Price
7313aa267b installer: Fix terminal colors.
The install-multi-user script uses blue, green, and red colors, as
well as bold and underline, to add helpful formatting that helps
structure its rather voluminous output.

Unfortunately, the terminal escape sequences it uses are not quite
well-formed.  The relevant information is all there, just obscured
by some extra noise, a leading parameter `38`.  Empirically, the
result is:

 * On macOS, in both Terminal.app and iTerm2, the spurious `38` is
   ignored, the rest of the escape sequence is applied, and the colors
   show up as intended.

 * On Linux, in at least gnome-terminal and xterm, the spurious `38`
   and the next parameter after it are ignored, and what's left is
   applied.  So in the sequence `38;4;32`, the 4 (underline) is
   ignored but the 32 (green) takes effect; in a more typical sequence
   like `38;34`, the 34 (blue) is ignored and nothing happens.

These codes are all unchanged since this script's origins as a
Darwin-only script -- so the fact that they work fine in common macOS
terminals goes some way to explain how the bug arose.

Happily, we can make the colors work as intended by just deleting the
extra `38;`.  Tested in all four terminals mentioned above; the new
codes work correctly on all of them, and on the two macOS terminals
they work exactly the same as before.

---

In a bit more technical detail -- perhaps more than anyone, me
included, ever wanted to know, but now that I've gone and learned it
I'll write it down anyway :) -- here's what's happening in these codes:

An ECMA-48 "control sequence" begins with `\033[` aka "CSI", contains
any number of parameters as semicolon-separated decimal numbers (plus
sometimes other wrinkles), and ends with a byte from 0x40..0x7e.  In
our case, with `m` aka "SGR", "Select Graphic Rendition".

An SGR control sequence `\033[...m` sets colors, fonts, text styles,
etc.  In particular a parameter `31` means red, `32` green, `34` blue,
`4` underline, and `0` means reset to normal.  Those are all we use.

There is also a `38`.  This is used for setting colors too... but it
needs arguments.  `38;5;nn` is color nn from a 256-color palette, and
`38;2;rr;gg;bb` has the given RGB values.

There is no meaning defined for `38;1` or `38;34` etc.  On seeing a
parameter `38` followed by an unrecognized argument for it, apparently
some implementations (as seen on macOS) discard only the `38` and
others (as seen on Linux) discard the argument too before resuming.
2020-03-24 21:15:01 -07:00
Greg Price
26851dd2c2 installer: Set files read-only when copying into store
After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

  drwxr-xr-x 9 root root 4096 Dec 31  1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used `rsync -p` without doing anything
else to affect the permissions.

The plain `install` script for a single-user install takes care to
do a `chmod -R a-w` on each store path copied.  We could do the same
here with one more command; or we can pass `--chmod` to rsync, to
have it write the files with the desired modes in the first place.

Tested the new `rsync` command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both.  Thankfully the latter
is just new enough to have `--chmod`, which dates to rsync 2.6.7.
2020-03-22 23:07:20 -07:00
Eelco Dolstra
2f96a89646 install-multi-user.sh: Remove unused variables
https://hydra.nixos.org/build/104119659
2019-10-23 21:24:21 +02:00
Eelco Dolstra
9277e72cb0
Typo 2019-10-09 23:35:02 +02:00
Eelco Dolstra
c43d9f6131
Remove some redundant initialization 2019-10-09 23:35:01 +02:00
Eelco Dolstra
5a303093dc
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.
2019-10-09 23:34:48 +02:00
Matthew Bauer
d4e51aac08 Make preexisting Nix install a warning, not a failure
In the multi-user install script, we originally made sure no previous
references to Nix existed. This prevented any previous installs from
contaminating the new install. However, some users need the ability to
repair their existing Nix installation without uninstalling all
references to Nix. This change allows users with existing Nix
installations to use the installer, while still outputing a warning
message on the dangers of this. As a result, the multi-user install
script work much more like the single-user install script has worked
in the past.

This is a requirement for macOS Catalina users now that
/Library/LaunchDaemons/org.nixos.nix-daemon.plisg is not managed by
the Nix store. If there is ever a change to the .plist, all users will
need to rerun this install script to get the new changes. Otherwise,
changes to the launch daemon will require manual interventions.
2019-10-08 21:53:06 -04:00
Eelco Dolstra
ad03159e25
Merge pull request #2745 from samueldr/install/detect-systemd-separately
install-multi-user: Detect and fail lack of systemd separately
2019-08-28 11:34:23 +02:00
Matthew Bauer
0463d5e36f Allow empty /nix directory in multi-user installer
With macOS catalina, we can no longer modify the root system
volume (#2925). macOS provides a system configuration file in
synthetic.conf(5) to create empty root directories. This can be used
to mount /nix to a separate volume. As a result, this directory will
need to already exist prior to installation. Instead, check for
/nix/store and /nix/var for a live Nix installation.
2019-08-22 23:38:52 -04:00
Eelco Dolstra
38a4d38bc3
Merge pull request #2746 from bjornfor/install-multi-user-defaults
install-multi-user: reduce max-jobs from 32 to 1
2019-06-17 10:17:40 +02:00