nix
nix copied to clipboard
Published
20 hours ago •
NixOS
NixOS
Re-installation issue on OS X
I was attempting to reinstall nix on OS X for reasons described elsewhere, however, this fails, as shown below. The error appears like it may be related to active directory, and indeed this machine is an AD-connected system.
macbookwh:~ bbarker$ sudo diskutil umount /Volumes/Nix\ Store/
Volume Nix Store on disk1s6 unmounted
macbookwh:~ bbarker$ curl -L https://nixos.org/nix/install | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 4024 100 4024 0 0 2519 0 0:00:01 0:00:01 --:--:-- 3929k
downloading Nix 2.4 binary tarball for x86_64-darwin from 'https://releases.nixos.org/nix/nix-2.4/nix-2.4-x86_64-darwin.tar.xz' to '/var/folders/_f/1dn5fzlx35n3_zc7nw290w119r5pmn/T/nix-binary-tarball-unpack.XXXXXXXXXX.nLcQoy0z'...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 33.5M 100 33.5M 0 0 2374k 0 0:00:14 0:00:14 --:--:-- 2903k
Switching to the Multi-user Installer
Welcome to the Multi-User Nix Installation
This installation tool will set up your computer with the Nix package
manager. This will happen in a few stages:
1. Make sure your computer doesn't already have Nix. If it does, I
will show you instructions on how to clean up your old install.
2. Show you what we are going to install and where. Then we will ask
if you are ready to continue.
3. Create the system users and groups that the Nix daemon uses to run
builds.
4. Perform the basic installation of the Nix files daemon.
5. Configure your shell to import special Nix Profile files, so you
can use Nix.
6. Start the Nix daemon.
Would you like to see a more detailed list of what we will do?
No TTY, assuming you would say yes :)
We will:
- make sure your computer doesn't already have Nix files
(if it does, I will tell you how to clean them up.)
- create local users (see the list above for the users we'll make)
- create a local group (nixbld)
- install Nix in to /nix
- create a configuration file in /etc/nix
- set up the "default profile" by creating some Nix-related files in
/var/root
- back up /etc/bashrc to /etc/bashrc.backup-before-nix
- update /etc/bashrc to include some Nix configuration
- back up /etc/zshrc to /etc/zshrc.backup-before-nix
- update /etc/zshrc to include some Nix configuration
- create a Nix volume and a LaunchDaemon to mount it
- create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon
Ready to continue?
No TTY, assuming you would say yes :)
---- let's talk about sudo -----------------------------------------------------
This script is going to call sudo a lot. Normally, it would show you
exactly what commands it is running and why. However, the script is
run in a headless fashion, like this:
$ curl -L https://nixos.org/nix/install | sh
or maybe in a CI pipeline. Because of that, we're going to skip the
verbose output in the interest of brevity.
If you would like to
see the output, try like this:
$ curl -L -o install-nix https://nixos.org/nix/install
$ sh ./install-nix
~~> Fixing any leftover Nix volume state
Before I try to install, I'll check for any existing Nix volume config
and ask for your permission to remove it (so that the installer can
start fresh). I'll also ask for permission to fix any issues I spot.
---- Found existing Nix volume -------------------------------------------------
special: disk1s6
uuid: 9A05F827-784D-4EE7-9920-8126437F1E96
encrypted: no
During install, I add 'nix' to /etc/synthetic.conf, which instructs
macOS to create an empty root directory for mounting the Nix volume.
Can I remove /etc/synthetic.conf?
No TTY, assuming you would say yes :)
During install, I add '/nix' to /etc/fstab so that macOS knows what
mount options to use for the Nix volume.
Can I remove /etc/fstab?
No TTY, assuming you would say yes :)
The installer adds a LaunchDaemon to mount your Nix volume: org.nixos.darwin-store
Can I remove it?
No TTY, assuming you would say yes :)
---- Nix config report ---------------------------------------------------------
Temp Dir: /var/folders/_f/1dn5fzlx35n3_zc7nw290w119r5pmn/T/tmp.lcHoteEyET
Nix Root: /nix
Build Users: 32
Build Group ID: 30000
Build Group Name: nixbld
build users:
Username: UID
_nixbld1: 301
_nixbld2: 302
_nixbld3: 303
_nixbld4: 304
_nixbld5: 305
_nixbld6: 306
_nixbld7: 307
_nixbld8: 308
_nixbld9: 309
_nixbld10: 310
_nixbld11: 311
_nixbld12: 312
_nixbld13: 313
_nixbld14: 314
_nixbld15: 315
_nixbld16: 316
_nixbld17: 317
_nixbld18: 318
_nixbld19: 319
_nixbld20: 320
_nixbld21: 321
_nixbld22: 322
_nixbld23: 323
_nixbld24: 324
_nixbld25: 325
_nixbld26: 326
_nixbld27: 327
_nixbld28: 328
_nixbld29: 329
_nixbld30: 330
_nixbld31: 331
_nixbld32: 332
Ready to continue?
No TTY, assuming you would say yes :)
---- Preparing a Nix volume ----------------------------------------------------
Nix traditionally stores its data in the root directory /nix, but
macOS now (starting in 10.15 Catalina) has a read-only root directory.
To support Nix, I will create a volume and configure macOS to mount it
at /nix.
~~> Configuring /etc/synthetic.conf to make a mount-point at /nix
~~> Creating a Nix volume
~~> Configuring /etc/fstab to specify volume mount options
~~> Configuring LaunchDaemon to mount 'Nix Store'
~~> Setting up the build group nixbld
Created: Yes
~~> Setting up the build user _nixbld1
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 1
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld2
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 2
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld3
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 3
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld4
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 4
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld5
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 5
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld6
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 6
Logins Disabled: Yes
Member of nixbld: Yes
PrimaryGroupID: 30000
~~> Setting up the build user _nixbld7
Created: Yes
Hidden: Yes
Home Directory: /var/empty
Note: Nix build user 7
sudo: 4294967295: invalid value
sudo: error initializing audit plugin sudoers_audit
---- oh no! --------------------------------------------------------------------
Jeeze, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.
:(
We'd love to help if you need it.
You can open an issue at https://github.com/nixos/nix/issues
Or feel free to contact the team:
- Matrix: #nix:nixos.org
- IRC: in #nixos on irc.libera.chat
- twitter: @nixos_org
- forum: https://discourse.nixos.org
What do id and dsconfig ad -show report? Does it look like rebinding the domain may fix the issue?
The UID and GID from id appear OK as far as i know, as they are of the form indicated in the forum post:
uid=1234567891(sanitized) gid=9876543219(DOMAINNAME\Domain Users)
dsconfigad -show:
$ dsconfigad --show
Active Directory Forest = whillus.local
Active Directory Domain = whillus.local
Computer Account = nj-dev-m-19028$
Advanced Options - User Experience
Create mobile account at login = Enabled
Require confirmation = Disabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash
Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled
Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = domain admins,enterprise admins
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain
How big of a disruption/blocker is this for you? Have you re-tried (and if so, how regularly is it failing?)
In a pinch, you can reduce the number of users created with --daemon-user-count N, which may increase the odds of a successful install.
Thanks for the suggestion, @abathur - i can begin to see why your suggestion worked, as I've had infrequent issues with sudo; my first try with N == 6 worked.
Currently, not a huge issue, I didn't have many Nix workflows on this machine at the moment.
I hit another bump in the road when trying to use Nix however:
$ nix-env -i ripgrep
warning: name collision in input Nix expressions, skipping '/Users/bbarker/.nix-defexpr/channels_root/nixpkgs'
warning: ignoring untrusted substituter 'https://all-hies.cachix.org'
error: store path '/nix/store/dpknw3p7wfhq41yc4np5v42fs16z3jj9-nixpkgs-21.11pre301056.7b4ff2184e4' is not allowed to have references
I'm not familiar with this, but I do see a few issues since the 2.4 release mentioning the same message. I'll ask on Matrix to see if I can find someone up to speed on the issue...
After several tries (including deleting Nix partition), i had to do this command before launching the installation command
export PATH="/usr/sbin:$PATH"
to make this line work
https://github.com/NixOS/nix/blob/1a9bfdc4ca0c2786b02801540432badbafa3a811/scripts/install-darwin-multi-user.sh#L221
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/cant-reinstall-nixos-on-os-x/20902/1
