Nix: Installation fails on macOS High Sierra 10.13.2 beta
This seems to be failing at a different point than #1582 .
Michaels-MacBook-Pro:~ curry$ sh ./install-nix
downloading Nix 1.11.15 binary tarball for x86_64-darwin from 'https://nixos.org/releases/nix/nix-1.11.15/nix-1.11.15-x86_64-darwin.tar.bz2' to '/var/folders/25/h6pww5l537d8vfykld5dgp940000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.l6TJusD6'...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 25.8M 100 25.8M 0 0 456k 0 0:00:58 0:00:58 --:--:-- 573k
Switching to the Multi-User Darwin Installer
Welcome to the Multi-User Nix Installation
This installation tool will set up your computer with the Nix package
manager. This will happen in a few stages:
1. Make sure your computer doesn't already have Nix. If it does, I
will show you instructions on how to clean up your old one.
2. Show you what we are going to install and where. Then we will ask
if you are ready to continue.
3. Create the system users and groups that the Nix daemon uses to run
builds.
4. Perform the basic installation of the Nix files daemon.
5. Configure your shell to import special Nix Profile files, so you
can use Nix.
6. Start the Nix daemon.
Would you like to see a more detailed list of what we will do?
[y/n] n
---- let's talk about sudo -----------------------------------------------------
This script is going to call sudo a lot. Every time we do, it'll
output exactly what it'll do, and why.
Just like this:
---- sudo execution ------------------------------------------------------------
I am executing:
$ sudo echo
to demonstrate how our sudo prompts look
This might look scary, but everything can be undone by running just a
few commands. We used to ask you to confirm each time sudo ran, but it
was too many times. Instead, I'll just ask you this one time:
Can we use sudo?
[y/n] y
Yay! Thanks! Let's get going!
---- sudo execution ------------------------------------------------------------
I am executing:
$ sudo test -e /var/root/.nix-defexpr
making sure that /var/root/.nix-defexpr doesn't exist
---- sudo execution ------------------------------------------------------------
I am executing:
$ sudo test -e /var/root/.nix-channels
making sure that /var/root/.nix-channels doesn't exist
---- sudo execution ------------------------------------------------------------
I am executing:
$ sudo test -e /var/root/.nix-profile
making sure that /var/root/.nix-profile doesn't exist
---- hardware report -----------------------------------------------------------
Cores: 8
---- Nix config report ---------------------------------------------------------
Temp Dir: /var/folders/25/h6pww5l537d8vfykld5dgp940000gn/T/tmp.XXXXXXXXXX.OK7d4a9c
Nix Root: /nix
Build Users: 8
Build Group ID: 30000
Build Group Name: nixbld
build users:
Username: UID
nixbld1: 30001
nixbld2: 30002
nixbld3: 30003
nixbld4: 30004
nixbld5: 30005
nixbld6: 30006
nixbld7: 30007
nixbld8: 30008
Ready to continue?
[y/n] y
~~> Setting up the build group nixbld
Exists: Yes
~~> Setting up the build user nixbld1
---- sudo execution ------------------------------------------------------------
I am executing:
$ sudo /usr/sbin/sysadminctl -addUser -fullName Nix build user 1 -home /var/empty -UID 30001 -addUser nixbld1
Creating the Nix build user, nixbld1
2017-11-15 17:31:49.208 sysadminctl[6602:237284] Failed to authenticate with SystemAdministration framework.
---- oh no! --------------------------------------------------------------------
Jeeze, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.
:(
We'd love to help if you need it.
If you can, open an issue at https://github.com/nixos/nix/issues
Or feel free to contact the team,
- on IRC #nixos on irc.freenode.net
- on twitter @nixos_org
currymj
All 21 comments
Yikes! I had tested this, but the users already existed. I will update my test tool to remove users ahead of time, and will look in to it.
grahamc
on 16 Nov 2017
Ok, so you can get around this via:
for i in `seq 1 8`; do
sudo /usr/sbin/sysadminctl interactive -addUser "nixbld$i" -fullName "Nix build user $i" -home /var/empty -UID "3000$i" -addUser "nixbld$i"
done
but it'll ask for your password a bunch of times, unfortunately. I'm still looking in to a way to make this nicer for the user.
grahamc
on 16 Nov 2017
gchristensen | I'm afraid multi-user nix on mac being the default is not long for the world
gchristensen | creating users takes more than just being root
gchristensen | you either have to call: sysadminctl interactive -addUser <- and this prompts for the admin password every time it is called
gchristensen | or ... you call sysadminctl -adminUser <username> -adminPassword <password> -addUser <- but here you have to prompt the username/password ahead of time and pass it in over the CLI,
| which feels icky
gchristensen | for multi-user support perhaps a better approach is focusing on an upgrade path
gchristensen | that way, users who want more safer nix on darwin can choose to, and suffer through the password prompts for a few minutes and not be scared away when they're first using it
gchristensen | I feel bad that this is the case and I would love there to be an alternative, but I don't seee one
gchristensen | maybe someone else knows some wizardry
grahamc
on 17 Nov 2017
i'm now happily using nix, so thanks for the workaround. for anyone else who might have stumbled upon this issue after copy-and-pasting an error message into google, please note that the shell script in the comment above has a small typo. the first line should be:
for i in `seq 1 8`; do
Fixed mine, thank you for the correction! I'm glad it worked :)
grahamc
on 21 Nov 2017
It may be worth mentioning this issue at https://forums.developer.apple.com/community/beta/macos-1013-beta
orivej
on 22 Nov 2017
Same issue. High Sierra 10.13.2 Beta (17C60c).
I concur with @orivej about it being worth mentioning the issue on the macOS beta forums, and specifically worth asking for whatever kind of help/wizardry/guidance that Apple's experts may have.
joelparkerhenderson
on 25 Nov 2017
The Nix manual documents the usage of dscl to create build users, which appears to work with sudo on macOS 10.13.2 beta 4 (e.g. sudo dscl . create /Users/tmp12).
orivej
on 25 Nov 2017
Thanks! The sudo script did work for me.
Could there be a way to at minimum to print a better/clearer error message if the build users aren't existing? For example, a pointer to the documentation for dscl, or a link to this github issue, or the script above? (E.g. anything that makes it clear that the Nix group knows about this, and is working on it, and has a workaround?)
joelparkerhenderson
on 25 Nov 2017
dscl seems to work ... for now ...!
grahamc
on 26 Nov 2017
This ~seems to~ does not work, but testing further:
sudo dscl . create "/Users/nixbld99" RealName "Nix build user 99" PrimaryGroupID 30000 UserShell /sbin/nologin NFSHomeDirectory /var/empty UniqueID 30099 IsHidden 1
sudo dseditgroup -o edit -a nixbld99 -t user nixbld
Just to note that the issue still exists, on non-beta High Sierra 10.13.2. And that after the work-around with creating nixbld users things seem fine.
robx
on 12 Dec 2017
Hmm, so @grahamc is it not fixed? I assumed #1700 was it
copumpkin
on 12 Dec 2017
I'm seeing a side effect that the Nix users now show up on the login screen, and in the menu bar upper right fast user switcher. For comparison, other system-related usernames do not show up.
What removes the Nix users from the login screen and/or fast user switcher?
joelparkerhenderson
on 13 Dec 2017
@joelparkerhenderson: https://github.com/NixOS/nix/blob/1ca8e9517808198080579a1105d3cf5b4e7ec64c/scripts/install-darwin-multi-user.sh#L470 https://github.com/NixOS/nix/blob/1ca8e9517808198080579a1105d3cf5b4e7ec64c/scripts/install-darwin-multi-user.sh#L501
orivej
on 13 Dec 2017
@orivej Thank you!
If anyone else on this thread has a similar issue, here's what I did:
dscl . list /Users |
grep '^nixbld' |
xargs -I{} sudo dscl . create /Users/{} IsHidden 1
Then reboot, or at least log out and log back in.
joelparkerhenderson
on 14 Dec 2017
Does this mean we end up with a bunch of empty useless home directories under /Users?
copumpkin
on 14 Dec 2017
@copumpkin As far as I can tell yes. I'm a Nix novice. Can anyone expert here comment? [Edit: I was mistaken-- thanks @orivej -- the user entries are visible on my Mac by using the dscl command and /Local/Default/Users, and are not typical Finder directories.]
For whatever it's worth, as a novice user I personally prefer a simple setup as the default, such as the software creating one nix user, and also ideally naming the user "nix".
This is because a simple setup tends to be faster and easier to start using successfully, and to document, and to troubleshoot if needed. (E.g. there would be only one broken user, and the creating script would not need a for...seq loop, and the hiding script would not need xargs, etc.)
joelparkerhenderson
on 14 Dec 2017
@copumpkin The /Users in that command looks like a directory but does not refer to a directory on a filesystem and works even if there are no /Users/nixbld directories.
orivej
on 14 Dec 2017
Oh, interesting, thanks!
copumpkin
on 14 Dec 2017
It is an entry in the Directory Service.
On Thu, Dec 14, 2017 at 5:22 PM Daniel Peebles notifications@github.com
wrote:
Oh, interesting, thanks!
—
You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub
https://github.com/NixOS/nix/issues/1684#issuecomment-351854369, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAErrLtlTDwUsR2nvYcl1fIrf8aL6pnuks5tAZ-6gaJpZM4Qfrg-
.
grahamc
on 15 Dec 2017
Related issues
vizanto
·
3Comments
bennofs
·
3Comments
rbvermaa
·
3Comments
matthewbauer
·
3Comments
ihsanturk
·
3Comments