nh
nh copied to clipboard
viperML
`nh clean all` "$HOME is not owned by you"
This doesn't seem to actually cause any different behavior but I'm not sure where this is coming from
❯ nh clean all --verbose --ask
TRACE nh::logging:86: Logging OK
DEBUG nh:28: Main {
verbose: true,
command: Clean(
CleanProxy {
command: All(
CleanArgs {
keep: 1,
keep_since: Duration(
0ns,
),
dry: false,
ask: true,
nogc: false,
nogcroots: false,
},
),
},
),
}
DEBUG nh:29: NH_VERSION=4.1.0 NH_REV=Some("v4.1.0")
DEBUG nh::commands:160: cmd=Exec { nix --version }
DEBUG nh::commands:160: cmd=Exec { nix --version }
DEBUG nh::commands:160: cmd=Exec { nix --version }
DEBUG nh::commands:160: cmd=Exec { nix --version }
DEBUG nh::checks:85: Required Nix features: nix-command, flakes
DEBUG nh::commands:160: cmd=Exec { nix config show experimental-features }
DEBUG nh::checks:91: Enabled Nix features: nix-command, flakes
DEBUG nh::commands:160: cmd=Exec { nix config show experimental-features }
DEBUG nh::checks:111: All required Nix features are enabled
DEBUG nh:64: "sudo" "--preserve-env" "nh" "clean" "all" "--verbose" "--ask"
TRACE nh::logging:86: Logging OK
DEBUG nh:28: Main {
verbose: true,
command: Clean(
CleanProxy {
command: All(
CleanArgs {
keep: 1,
keep_since: Duration(
0ns,
),
dry: false,
ask: true,
nogc: false,
nogcroots: false,
},
),
},
),
}
DEBUG nh:29: NH_VERSION=4.1.0 NH_REV=Some("v4.1.0")
DEBUG nh::commands:160: cmd=Exec { nix --version }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::commands:160: cmd=Exec { nix --version }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::commands:160: cmd=Exec { nix --version }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::commands:160: cmd=Exec { nix --version }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::checks:85: Required Nix features: nix-command, flakes
DEBUG nh::commands:160: cmd=Exec { nix config show experimental-features }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::checks:91: Enabled Nix features: nix-command, flakes
DEBUG nh::commands:160: cmd=Exec { nix config show experimental-features }
warning: $HOME ('/home/nyu') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
DEBUG nh::checks:111: All required Nix features are enabled
DEBUG profiles_in_dir: nh::clean:249: return=["/nix/var/nix/profiles/system"] dir="/nix/var/nix/profiles"
DEBUG profiles_in_dir: nh::clean:249: return=["/nix/var/nix/profiles/per-user/root/channels"] dir="/nix/var/nix/profiles/per-user/root"
DEBUG nh::clean:64: Scanning XDG profiles for users 0, $1000-$1100
DEBUG nh::clean:67: Adding XDG profiles for user user=User(0, root)
! Failed to read profiles directory dir="/root/.local/state/nix/profiles" error=Os { code: 2, kind: NotFound, message: "No such file or directory" } (nh/src/clean.rs:281)
DEBUG profiles_in_dir: nh::clean:249: return=[] dir="/root/.local/state/nix/profiles"
DEBUG nh::clean:67: Adding XDG profiles for user user=User(1000, nyu)
DEBUG profiles_in_dir: nh::clean:249: return=[] dir="/home/nyu/.local/state/nix/profiles"
DEBUG cleanable_generations: nh::clean:350: {
Generation {
number: 592,
last_modified: SystemTime {
tv_sec: 1749015239,
tv_nsec: 69798026,
},
path: "/nix/var/nix/profiles/system-592-link",
}: false,
} profile="/nix/var/nix/profiles/system" keep=1 keep_since=Duration(0ns)
DEBUG cleanable_generations: nh::clean:350: {
Generation {
number: 1,
last_modified: SystemTime {
tv_sec: 1723939755,
tv_nsec: 108351834,
},
path: "/nix/var/nix/profiles/per-user/root/channels-1-link",
}: false,
} profile="/nix/var/nix/profiles/per-user/root/channels" keep=1 keep_since=Duration(0ns)
DEBUG gcroot detection: nh::clean:115: src="/nix/var/nix/gcroots/auto/2m8wm8j83xbdp2b6wmrgd0bgy8qd4r75" dst="/root/.cache/nix/flake-registry.json"
DEBUG gcroot detection: nh::clean:121: dst doesn't match any gcroot regex, skipping dst="/root/.cache/nix/flake-registry.json"
DEBUG gcroot detection: nh::clean:115: src="/nix/var/nix/gcroots/auto/fwi4h72b3a7swavbdimg12jalqcswxq3" dst="/nix/var/nix/profiles/system-592-link"
DEBUG gcroot detection: nh::clean:121: dst doesn't match any gcroot regex, skipping dst="/nix/var/nix/profiles/system-592-link"
Welcome to nh clean
Keeping 1 generation(s)
Keeping paths newer than 0s
legend:
OK: path to be kept
DEL: path to be removed
/nix/var/nix/profiles/system
- OK /nix/var/nix/profiles/system-592-link
/nix/var/nix/profiles/per-user/root/channels
- OK /nix/var/nix/profiles/per-user/root/channels-1-link
> Confirm the cleanup plan?
no
Error:
0: User rejected the cleanup plan
Location:
src/clean.rs:217
The cleanup implementation in nh has actually not changed. As far as I'm concerned, this is caused by Lix 2.93.
It's caused by https://github.com/nix-community/nh/commit/98283f9aa1cbe9fdc4ec1813a0e0ec2f2dae393a that passes through HOME
It's caused by 98283f9 that passes through
HOME
So should something like sudo -E HOME=$(sudo sh -c 'echo $HOME') nh clean all be done instead?
No, we should probably stop passing $HOME to the sudo command. I'll submit a patch later today.
same
❯ nh clean all
[sudo] password for coco:
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
! Failed to read profiles directory dir="/root/.local/state/nix/profiles" error=Os { code: 2, kind: NotFound, message: "No such file or directory" } (nh/src/clean.rs:281)
Welcome to nh clean
Keeping 1 generation(s)
Keeping paths newer than 0s
legend:
OK: path to be kept
DEL: path to be removed
/nix/var/nix/profiles/system
- OK /nix/var/nix/profiles/system-951-link
/home/coco/.local/state/nix/profiles/home-manager
- OK /home/coco/.local/state/nix/profiles/home-manager-523-link
/home/coco/.local/state/nix/profiles/profile
- OK /home/coco/.local/state/nix/profiles/profile-50-link
/nix/var/nix/profiles/per-user/root/channels
- OK /nix/var/nix/profiles/per-user/root/channels-1-link
> Performing garbage collection on the nix store
warning: $HOME ('/home/coco') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')```
[root@laptop:/home/coco]# nh clean all
! Failed to read profiles directory dir="/root/.local/state/nix/profiles" error=Os { code: 2, kind: NotFound, message: "No such file or directory" } (nh/src/clean.rs:281)
also what about this ?
I'm getting same warning:
warning: $HOME ('/home/piotr') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
❯ nh --version
nh 4.1.0
[root@laptop:/home/coco]# nh clean all ! Failed to read profiles directory dir="/root/.local/state/nix/profiles" error=Os { code: 2, kind: NotFound, message: "No such file or directory" } (nh/src/clean.rs:281)also what about this ?
https://github.com/nix-community/nh/issues/108
I've created https://github.com/nix-community/nh/pull/328 as a permanent fix. Little unsure about the solution itself (still strikes me as a little convoluted) but seeing I cannot think of anything better, it's likely to be merged for 4.2.0. If someone could test to see if it solves the issue (or, alternatively, creates new issues) that would be great.
I'm using Lix 2.93.0 and that PR removes the warning about $HOME for me.
Please test the PR branch I have linked above. You may use it if you are not on Darwin.
I've just tested the branch and it works good, warnings are gone. Only there's no summary at the end on how much data was removed. Or maybe there never was and I'm just mixing it with another tool? Not sure.
The summary comes from nix store gc and it disappeared with c12d1142c082cf6c95d08c228e59b7781cd09f33, which made commands not show output by default, and was first in release v4.1.0.
Oh, that's too bad. Is there a possibility to make an option to show the cleaning stats? It was very useful.
I use a custom patch to bring this behaviour back but I agree, a proper option in nh would be very nice.
Do feel free to submit a patch to bring back show_output behaviour. I'm on vacation right now, but would be happy to review a PR in a day or two.
#343 is already merged and will now always print that final line about space freed.
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/announcing-nh-4-2-0/69109/1
i steel have this warning, should i open an new issue?
nh darwin switch -v
DEBUG Main {
verbosity: Verbosity {
verbose: 1,
quiet: 0,
phantom: PhantomData<clap_verbosity_flag::InfoLevel>,
},
elevation_program: None,
command: Darwin(
DarwinArgs {
subcommand: Switch(
DarwinRebuildArgs {
common: CommonRebuildArgs {
dry: false,
ask: false,
installable: Flake {
reference: "/Users/parsifa1/.config/nix",
attribute: [],
},
no_nom: false,
out_link: None,
diff: Auto,
passthrough: NixBuildPassthroughArgs {
max_jobs: None,
cores: None,
log_format: None,
keep_going: false,
keep_failed: false,
fallback: false,
repair: false,
builders: None,
include: [],
print_build_logs: false,
show_trace: false,
accept_flake_config: false,
refresh: false,
impure: false,
offline: false,
no_net: false,
recreate_lock_file: false,
no_update_lock_file: false,
no_write_lock_file: false,
no_registries: false,
commit_lock_file: false,
no_build_output: false,
use_substitutes: false,
json: false,
},
},
update_args: UpdateArgs {
update_all: false,
update_input: None,
},
hostname: None,
extra_args: [],
bypass_root_check: false,
},
),
},
),
} (nh/src/main.rs:29)
DEBUG NH_VERSION=4.2.0 NH_REV=Some("v4.2.0") (nh/src/main.rs:30)
DEBUG cmd=Exec { nix --version } (nh/src/commands.rs:577)
DEBUG cmd=Exec { nix --version } (nh/src/commands.rs:577)
DEBUG Version normalized: 'nix (Nix) 2.31.2' -> '2.31.2' (nh/src/util.rs:106)
DEBUG Required Nix features: nix-command, flakes (nh/src/checks.rs:163)
DEBUG cmd=Exec { nix config show experimental-features } (nh/src/commands.rs:577)
DEBUG All required Nix features are enabled (nh/src/checks.rs:173)
DEBUG Output path: "/var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result" (nh/src/darwin.rs:78)
> Building Darwin configuration
DEBUG cmd=Pipeline { nix build '/Users/parsifa1/.config/nix#darwinConfigurations.apfel.config.system.build.toplevel' --out-link /var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result --log-format internal-json --verbose | nom --json } (nh/src/commands.rs:680)
Finished at 20:59:48 after 4s
DEBUG Comparing with target profile: /var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result (nh/src/darwin.rs:131)
DEBUG Comparing with target profile: /var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result (nh/src/darwin.rs:140)
DEBUG calculating closure sizes in background
<<< /run/current-system
>>> /nix/store/2xrw4g7jwvi9k1sjivbi6g2myg9jwccg-darwin-system-25.11.c48e963
> No version or size changes.
DEBUG Configured envs: NIX_SSL_CERT_FILE=<preserved>, NH_FLAKE=/Users/parsifa1/.config/nix, USER=parsifa1, PATH=<preserved>, NH_CURRENT_COMMAND=darwin, NIX_PATH=<preserved> (nh/src/commands.rs:295)
DEBUG sudo path found path="/usr/bin/sudo" (nh/src/commands.rs:131)
DEBUG cmd=Exec { /usr/bin/sudo env 'NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt' 'NH_FLAKE=/Users/parsifa1/.config/nix' 'USER=parsifa1' 'PATH=/nix/store/3ysnb2ddsbj80rfa2xdir5l47fr1yx52-nix-output-monitor-2.1.6/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/Users/parsifa1/.local/share/cargo/bin:/Users/parsifa1/.local/bin:/etc/profiles/per-user/parsifa1/bin:/run/current-system/sw/bin:/opt/homebrew/opt/llvm@20/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/parsifa1/.local/share/pnpm:/Applications/Ghostty.app/Contents/MacOS' 'NH_CURRENT_COMMAND=darwin' 'NIX_PATH=nixpkgs=flake:nixpkgs' nix build --no-link --profile /nix/var/nix/profiles/system /var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result } (nh/src/commands.rs:527)
Password:
warning: $HOME ('/Users/parsifa1') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
DEBUG Configured envs: NH_FLAKE=/Users/parsifa1/.config/nix, NIX_PATH=<preserved>, NH_CURRENT_COMMAND=darwin, NIX_SSL_CERT_FILE=<preserved>, PATH=<preserved>, USER=parsifa1 (nh/src/commands.rs:295)
DEBUG sudo path found path="/usr/bin/sudo" (nh/src/commands.rs:131)
> Activating configuration
DEBUG cmd=Exec { /usr/bin/sudo env 'NH_FLAKE=/Users/parsifa1/.config/nix' 'NIX_PATH=nixpkgs=flake:nixpkgs' 'NH_CURRENT_COMMAND=darwin' 'NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt' 'PATH=/nix/store/3ysnb2ddsbj80rfa2xdir5l47fr1yx52-nix-output-monitor-2.1.6/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/Users/parsifa1/.local/share/cargo/bin:/Users/parsifa1/.local/bin:/etc/profiles/per-user/parsifa1/bin:/run/current-system/sw/bin:/opt/homebrew/opt/llvm@20/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/parsifa1/.local/share/pnpm:/Applications/Ghostty.app/Contents/MacOS' 'USER=parsifa1' /var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result/sw/bin/darwin-rebuild activate } (nh/src/commands.rs:527)
setting up groups...
setting up users...
setting up /Applications/Nix Apps...
setting up pam...
applying patches...
setting up /etc...
user defaults...
restarting Dock...
setting up launchd services...
setting up user launchd services...
reloading nix-daemon...
waiting for nix-daemon
configuring networking...
configuring application firewall...
configuring power...
setting up /Library/Fonts/Nix Fonts...
setting nvram variables...
Homebrew bundle...
Using llvm@20
Using stats
Using applite
Using alt-tab
Using keycastr
Using linearmouse
Using playcover-community
`brew bundle` complete! 7 Brewfile dependencies now installed.
Activating home-manager configuration for parsifa1
Starting Home Manager activation
Activating checkFilesChanged
Activating checkLinkTargets
Activating writeBoundary
Activating installPackages
Activating linkGeneration
Cleaning up orphan links from /Users/parsifa1
Creating home file links in /Users/parsifa1
Activating onFilesChange
Activating setupLaunchAgents
Activating sops-nix
Setting up secrets...
DEBUG Completed operation with output path: "/var/folders/cp/yv0zhr5d3xbbdj7_x8rn38380000gn/T/nh-osYMv0fU/result" (nh/src/darwin.rs:190)
I have a feeling that this is because darwin's rebuild command is invoked with sudo. Unfortunately cannot exactly debug since I don't own any darwin machines, but I might be able to provide a patch for you to test later.
Yes, I am still getting this too, when running nh darwin switch:
warning: $HOME ('/Users/timotheos') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
Yes, we now use sudo when running darwin-rebuild.
Happy to help test a patch if necessary.
darwin's rebuild command is invoked with sudo.
i tried using sudo -H manually, and the warning disappeared, can we replace sudo -H with sudo on darwin?
No need to modify the sudo command, we have a system to persist specific environment variables. I'll add $HOME to the list, which should make it work.
@NotAShelf
diff --git a/src/commands.rs b/src/commands.rs
index 6e7ff04..ef45454 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -284,7 +284,7 @@ impl Command {
}
// Only propagate HOME for non-elevated commands
+ if self.elevate.is_none() && cfg!(not(target_os = "macos")) {
- if self.elevate.is_none() {
if let Ok(home) = std::env::var("HOME") {
self
.env_vars
@@ -292,14 +292,6 @@ impl Command {
}
}
+ // INFO: Setting HOME to "" for macos
+ // ref: https://github.com/NixOS/nix/blob/d5d7ca01b3dcf48f43819012c580cfb57cb08e47/src/libutil/unix/users.cc#L52
+ if cfg!(target_os = "macos") {
+ self
+ .env_vars
+ .insert("HOME".to_string(), EnvAction::Set("".to_string()));
+ }
+
// Preserve all variables in PRESERVE_ENV if present
for &key in PRESERVE_ENV {
if std::env::var(key).is_ok() {
i've made a version, and it works. if it's ok, i can make an pr, but i think setting HOME to "" is not really reliable, but i set it refer to https://github.com/NixOS/nix/blob/d5d7ca01b3dcf48f43819012c580cfb57cb08e47/src/libutil/unix/users.cc#L52
i didn't tested on nixos though.