nix-channel doesn't work as expected with sudo
On macOS it seems like nix-channel doesn't behave correctly when just using sudo.
I'm not sure if this also happens on other platforms, but it works fine on nixos.
$ sudo nix-channel --list
$ sudo -i nix-channel --list
nixpkgs http://nixos.org/channels/nixpkgs-unstable
and even more confusing
$ sudo nix-channel --add http://nixos.org/channels/foo
$ sudo nix-channel --update
unpacking channels...
created 3 symlinks in user environment
$ sudo nix-channel --list
foo http://nixos.org/channels/foo
$ sudo -i nix-channel --list
nixpkgs http://nixos.org/channels/nixpkgs-unstable
$ ls -l ~/.nix-defexpr
lrwxr-xr-x 1 root staff 44 Sep 1 21:41 channels -> /nix/var/nix/profiles/per-user/root/channels
lrwxr-xr-x 1 root staff 44 Jul 23 12:26 channels_root -> /nix/var/nix/profiles/per-user/root/channels
$ ls /nix/var/nix/profiles/per-user/root/channels
binary-caches manifest.nix nixpkgs
$ ls /nix/var/nix/profiles/per-user/lnl/channels
manifest.nix
LnL7
All 10 comments
cc @grahamc given that this changed with the multi-user setup
copumpkin
on 1 Sep 2017
cc @jmitchell
domenkozar
on 2 Sep 2017
Doing some debugging, so far things are looking okay here:
nixos$ nix-channel --add https://nixos.org/channels/nixos-17.03 fizzbuzz
nixos$ nix-channel --update
downloading Nix expressions from ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’...
downloading ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’... [6975/9252 KiB, 6959.8 KiB/s]
unpacking channels...
nixos$ ls /nix/var/nix/profiles/per-user/grahamc/channels/
binary-caches fizzbuzz manifest.nix
macos$ nix-channel --add https://nixos.org/channels/nixos-17.03 fizzbuzz
macos$ nix-channel --update
downloading Nix expressions from ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’...
downloading ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’... [7295/9252 KiB, 7277.6 KiB/s]
unpacking channels...
macos$ ls /nix/var/nix/profiles/per-user/graham/channels/
binary-caches fizzbuzz manifest.nix
I wonder if sudo nix-channel --add http://nixos.org/channels/foo (ie: without the second arg) is causing problems there.
I definitely have the problem:
nixos$ nix-channel --list
fizzbuzz https://nixos.org/channels/nixos-17.03
nixos$ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-17.03
nixos$ sudo -i nix-channel --list
nixos https://nixos.org/channels/nixos-17.03
macos$ nix-channel --list
fizzbuzz https://nixos.org/channels/nixos-17.03
macos$ sudo nix-channel --list
fizzbuzz https://nixos.org/channels/nixos-17.03
macos$ sudo -i nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
grahamc
on 2 Sep 2017
More info:
nixos$ sudo env | grep HOME=
HOME=/root
plus
macos$ sudo env | grep HOME=
HOME=/Users/graham
plus
https://github.com/NixOS/nix/blob/1.11-maintenance/scripts/nix-channel.in#L25-L26
= nix-channel is looking at user's channels w/ sudo on macos, and root's channels w/ sudo on nixos.
This is because of this macOS default:
macos$ sudo cat /etc/sudoers | grep -i home
Defaults env_keep += "HOME MAIL"
So where go from here?
It seems like a workaround would be to just edit the sudoers file when a multiuser installation is done. I'm not sure this would be a good idea though since this change has deeper implications than most of the other changes the multiuser install seems to make.
Would modifying the way Nix gets the home directory be better?
I'm interested in seeing this fixed. While this is a minor irritation it poses a pretty big barrier for people trying to use Nix on MacOS who are just starting out.
nixy
on 20 Sep 2017
Maybe something like: if HOME is set and exists but is owned by a different uid than the current user, then ignore it and use getpwuid instead.
edolstra
on 20 Sep 2017
I would prefer not to depend on getpwuid but changing sudoers sounds like a terrible idea so it's probably the best solution.
LnL7
on 20 Sep 2017
I removed HOME from my sudoer file as a workaround. Took me quite a bit of time hunting around as to why nix-channel --list shows nothing. At the very least with a fresh install on macos some warning would be useful to illustrate how to properly access the current nixos status given the multi user setup. Basically the confusion for me (as someone who just installed nix):
- macos installer defaulted to multi user, whereas the quick start guide is geared towards single user (and there is no documentation illustrating why multi user is chosen as default or how is it better; there isn't even an obvious option to use single user during the setup)
- inability to quickly see what the nix is actually using because of this bug
lingnand
on 26 Dec 2017
Related: https://stackoverflow.com/questions/47857211/what-nix-channel-is-subscribed-to-by-default/48128659
fghibellini
on 6 Jan 2018
I discovered this as well:
blast$ nix-channel --list
blast$ sudo nix-channel --list
Password:
though sudo has a -H flag that properly sets the HOME envvar, intended for this purpose:
blast$ sudo -H nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
blast$ sudo -H nix-channel --update
unpacking channels...
created 2 symlinks in user environment
this was definitely confusing initially, as it seemed as though I could install packages without being subscribed to any channels at all.
blast-hardcheese
on 28 Sep 2018
Related issues
lukego
·
34Comments
vcunat
·
159Comments
rrnewton
·
34Comments
edolstra
·
65Comments
matthewbauer
·
64Comments
Most helpful comment
I discovered this as well:
though
sudohas a-Hflag that properly sets theHOMEenvvar, intended for this purpose:this was definitely confusing initially, as it seemed as though I could install packages without being subscribed to any channels at all.