Open stepbrobd opened 3 weeks ago
When running darwin-rebuild switch
, I was getting the following error:
creating user _nixbld1...
<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)
Disabling the following resolved the issue:
nix.configureBuildUsers = true;
I think you should also be able to override ids.uids.nixbld
to work around this for now, which is arguably slightly cleaner than foregoing managing the Nix users entirely.
We should wait to see what the official installer and Determinate Systems settle on before changing the IDs ourselves, I think. Might be a bit messy in terms of migration. I’ll pin this for now to make the workarounds more discoverable.
I think you should also be able to override
ids.uids.nixbld
to work around this for now, which is arguably slightly cleaner than foregoing managing the Nix users entirely.
For future reference, here's what I did:
nix-darwin
config:nix.configureBuildUsers = true;
ids.uids.nixbld = lib.mkForce 30000; # or some other uid
--option build-users-group ''
, for example:DO NOT SKIP TO STEP 4 or you might end up with a system without any build user
darwin-rebuild switch --flake .#macbook --show-trace --option build-users-group ''
warning: existing user '_nixbld5' has unexpected uid 305, skipping...
...
warning: existing user '_nixbld32' has unexpected uid 332, skipping...
# start end
# v v
for i in {5..32}; do sudo dscl . -delete /Users/_nixbld$i; done
You definitely want to use UIDs in the system range (200 to 400, I believe), as using high user IDs caused other problems in the past (though I don’t remember exactly what). Hopefully we can work out a clean migration solution once this shakes out upstream.
For reference I did bit of googling lead me to this Super User Question
Question includes two relevant things
I used to use ids from 401 onwards for services, but I noticed that OS X 10.6 has started using that range for groups created by the Sharing pane in System Preferences.
and
There is an Apple supplied tool /usr/sbin/sysadminctl
Running with no parameters gives its options and some comments at the end. The relevant bits are I think
...
-addUser <user name> [-fullName <full name>] [-UID <user ID>] [-GID <group ID>] [-shell <path to shell>] [-password <user password>] [-hint <user hint>] [-home <full path to home>] [-admin] [-roleAccount] [-picture <full path to user image>] (interactive] || -adminUser <administrator user name> -adminPassword <administrator password>)
...
*Role accounts require name starting with _ and UID in 200-400 range.
darwin-rebuild
errors out after upgrading from macOS Sonoma to macOS Sequoia with the following error:Probably caused by the same reason as https://github.com/DeterminateSystems/nix-installer/issues/1001: Apple created couple users with uid ranging from 301~304, replacing
_nixbld{1,2,3,4}
A temprory fix I found is executing all
darwin-*
commands with--option build-users-group ''
Users with uid starting from 300 (
dscacheutil -q group
could also be useful):