nix-darwin
nix-darwin copied to clipboard
LnL7
Allow enforcing linking etc when file exists
warning: not linking environment.etc."nix/nix.conf" because /etc/nix/nix.conf exists, skipping...
In some situations it's desireable to override etc files if they exist. For example when you install Nix and then nix-darwin, it won't take over nix.conf.
Talking to @LnL7 on #nix-darwin we identified the following requirements:
- prevent loss of data
- nix-darwin should be able to manage etc files
- rewriting some system files can have drastic effect
so the proposal is for nix-darwin to emit the following line when replacing an existing file in etc:
warning: Backing up /etc/nix/nix.conf to /etc/nix/.nix-darwin.bkp.nix.conf and replacing the original file
and subsequent runs:
warning: Backup of /etc/nix/.nix-darwin.bkp.nix.conf still exists. Review if it's still needed, back it up and remove it.
I also ran into this when doing a clean install of nix and nix-darwin onto a clean computer.
error: not linking environment.etc."nix/nix.conf" because /etc/nix/nix.conf already exists, skipping...
existing file has unknown content ff08c12813680da98c4240328f828647b67a65ba7aa89c022bd8072cba862cf1, move and activate again to apply
I moved to a backup file and it no longer appears, but this is definitely a usability annoyance that can make someone think something is broken (I'm not sure if it is or not).
Same issue after a first install. Manually moved /etc/nix/nix.conf to a backup file. Afterwards no spurious errors. Here's my nix-info if necessary:
$ nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-darwin"`
- host os: `Darwin 19.6.0, macOS 10.15.6`
- multi-user?: `yes`
- sandbox: `no`
- version: `nix-env (Nix) 2.3.10`
- channels(root): `"nixpkgs-21.03pre258655.00941cd747e"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`
error: not linking environment.etc."ssl/certs/ca-certificates.crt" because /etc/ssl/certs/ca-certificates.crt already exists, skipping... existing file has unknown content 38b6230aa4bee062cd34ee0ff6da173250899642b1937fc130896290b6bd91e3, move and activate again to apply
error: not linking environment.etc."shells" because /etc/shells already exists, skipping... existing file has unknown content 9d5aa72f807091b481820d12e693093293ba33c73854909ad7b0fb192c2db193, move and activate again to apply
I had the same error when setting up a new machine M2, I moved the file but now my nix setup is totally broken. with this error
error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused
even running nix-shell -p nix-info --run "nix-info -m" fails with the same error.
I tried restoring the file, but I'm still getting the same errors
If I do --show-trace I get the following
error:
… while evaluating call site
at «none»:0: (source not available)
… while calling anonymous lambda
at «string»:1:1:
1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
| ^
error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused
Update: A restart fixed this.
Seems like this is still not resolved. I ran into the same problem with /etc/nix/nix.conf and /etc/shells.
I'm seeing this with /etc/shells every single time I run darwin-rebuild switch.
error: Unexpected files in /etc, aborting activation
The following files have unrecognized content and would be overwritten:
/etc/shells
Please check there is nothing critical in these files, rename them by adding .before-nix-darwin to the end, and then try again.
Can you post the contents of
/etc/shells?
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/dash
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
# List of shells managed by nix.
/run/current-system/sw/bin/fish
I get this every time I install nix (in the same error message as /etc/nix/nix.conf) - On a new VM I use Deterministic systems nix installer then my flake. The original /etc/shells backed up as requested to shells.before-nix-darwin looks OK
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/dash
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
How is the check done? I am not a good shell programmer (if it has more than one test or a page of code - I will use a proper language) but I can't see a knownSha256Hashes for /etc/shells
It runs shasum -a 256 /etc/shells before changing it, if you could make a PR where you include the file in docs/known-files and set environment.etc."shells".knownSha256Hashes that would be great 👍
As I said I can't follow the bash scripts. I could not find (using ripgrep) in the code where knownSha256Hashes for /etc/shells is set. I could find knownSha256Hashes for several files including nix.conf /etc/bashrc /etc/zshrc /etc/zprofile and /etc/resolver/ts.net but not /etc/shells
I looked at all the hashes in doc/known-files - note that is what I see not the path docs/known-files that you quote. and none of these hashes are for /etc/shells
From my ventura machine
shasum -a 256 shells.before-nix-darwin 9d5aa72f807091b481820d12e693093293ba33c73854909ad7b0fb192c2db193 shells.before-nix-darwin
I'm also experiencing the same problem. Error Trace
building the system configuration...
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
trace: warning: optionsDocBook is deprecated since 23.11 and will be removed in 24.05
error: Unexpected files in /etc, aborting activation
The following files have unrecognized content and would be overwritten:
/etc/shells
Please check there is nothing critical in these files, rename them by adding .before-nix-darwin to the end, and then try again.
Renaming it works, but just wanted to report. Thanks.
Having the same problem with /etc/nix/nix.conf (manually modified, so it's expectable), /etc/bashrc and /etc/zshrc after installing nix on aarch64-darwin host with official installer and then applying flake:
error: Unexpected files in /etc, aborting activation
The following files have unrecognized content and would be overwritten:
/etc/nix/nix.conf
/etc/bashrc
/etc/zshrc
93d040a3-edfd-4409-9065-28f5b0d035d1% sudo cat /etc/bashrc
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
93d040a3-edfd-4409-9065-28f5b0d035d1% sudo cat /etc/zshrc
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
93d040a3-edfd-4409-9065-28f5b0d035d1%
I get this error after every recent MacOS upgrade (currently Sonoma 14.2.1, M1 MBP). To fix, I run:
$ sudo mv /etc/shells{,.bak}
$ /run/current-system/sw/bin/darwin-rebuild switch --flake ~/git/nixos
Also a problem in CI (for agenix in this case) where one uses e.g. cachix/install-nix-action with some default nix.conf settings but later activate a nix-darwin configuration.
@Enzime unfortunately over the last 5 or so point releases I've gotten into the habit of just rming it (in contrast to the mv in my post above), so I'm not sure.
I presume it's the same as my wife's MBA which is on 14.1.1, though not sure. I'll probably update her to 14.2.1 tonight and if so will post that one as well (or confirm that it's the same).
$ cat /etc/shells
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
/opt/homebrew/bin/bash
$ sha256sum /etc/shells
ecafa9a53b266e51cf985f4c69834449a207a19cee5bcb351e4115214ace1dd5 /etc/shells
Is there a way to resolve this without having an exhaustive list of SHAs that can be replaced? I don't particularly care what the previous content was, I would just like it to be overwritten (given the number of folks who rm /etc/shells, I suspect that may be a common case).
Depending on the file, even just a flag to enable moving it to a timestamped backup would be nice.
@Enzime unfortunately over the last 5 or so point releases I've gotten into the habit of just rming it (in contrast to the mv in my post above), so I'm not sure.
I presume it's the same as my wife's MBA which is on 14.1.1, though not sure. I'll probably update her to 14.2.1 tonight and if so will post that one as well (or confirm that it's the same).
$ cat /etc/shells
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh
/opt/homebrew/bin/bash
$ sha256sum /etc/shells
ecafa9a53b266e51cf985f4c69834449a207a19cee5bcb351e4115214ace1dd5 /etc/shells
...
Apparently I never clicked submit, glad Firefox kept this comment cached.
After updating her computer it is indeed the same for her:
$ sw_vers
ProductName: macOS
ProductVersion: 14.2.1
BuildVersion: 23C71
$ sha256sum /etc/shells
ecafa9a53b266e51cf985f4c69834449a207a19cee5bcb351e4115214ace1dd5 /etc/shells
Next time I run across this I will post my hash.
Is there a temporary flag / envvar of sorts to override this behavior entirely and just force override any existing file? It's particularly painful for /etc/nix/nix.conf when I have a stale github token in it, for which I need nix to overwrite it but I can't use nix obviously (because of the stale token in nix.conf), so I edit it manually but now nix-darwin refuses to run (because it's an unknown file), but if I remove that file then Nix will act weird again, and, well, you get it. It's a catch 22.
What about checking for the existence of a file $file.before-nix-darwin, and if that exists, don't halt?