search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.86k stars 1.52k forks source link

Can't Install on M1 MacBook Pro #11906

Open miktros opened 3 days ago

miktros commented 3 days ago

Platform

Additional information

After migration from jamf to kandji, a previously good Nix install started emitting error due to inaccessible (could not get password) Nix Store. Performed uninstall as instructed here https://nix.dev/manual/nix/2.18/installation/uninstall.

Attempts to re-install using sh <(curl -L https://nixos.org/nix/install) produced the errors in the Output section below.

Attempt to re-install using 

curl -L https://raw.githubusercontent.com/NixOS/experimental-nix-installer/main/nix-installer.sh | sh -s install

produced the following errors:

curl -L https://raw.githubusercontent.com/NixOS/experimental-nix-installer/main/nix-installer.sh | sh -s install
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 17216  100 17216    0     0   100k      0 --:--:-- --:--:-- --:--:--  100k
info: downloading installer https://raw.githubusercontent.com/NixOS/experimental-nix-installer/prerelease/nix-installer-aarch64-darwin
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Password:
Error: 
   0: Planner error
   1: Error executing action
   2: Action `encrypt_apfs_volume` errored
   3: The keychain lacks a password for the already existing "Nix Store" volume on disk `disk3`, consider removing the volume with `diskutil apfs deleteVolume "Nix Store"` (if you receive error -69888, you may need to run `sudo launchctl bootout system/org.nixos.darwin-store` and `sudo launchctl bootout system/org.nixos.nix-daemon` first)

Location:
   src/cli/subcommand/install.rs:197

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.

Consider reporting this error using this URL: https://github.com/DeterminateSystems/nix-installer/issues/new?title=%3Cautogenerated-issue%3E&body=%23%23+Error%0A%60%60%60%0AError%3A+%0A+++0%3A+Planner+error%0A+++1%3A+Error+executing+action%0A+++2%3A+Action+%60encrypt_apfs_volume%60+errored%0A+++3%3A+The+keychain+lacks+a+password+for+the+already+existing+%22Nix+Store%22+volume+on+disk+%60disk3%60%2C+consider+removing+the+volume+with+%60diskutil+apfs+deleteVolume+%22Nix+Store%22%60+%28if+you+receive+error+-69888%2C+you+may+need+to+run+%60sudo+launchctl+bootout+system%2Forg.nixos.darwin-store%60+and+%60sudo+launchctl+bootout+system%2Forg.nixos.nix-daemon%60+first%29%0A%60%60%60%0A%0A%23%23+Metadata%0A%7Ckey%7Cvalue%7C%0A%7C--%7C--%7C%0A%7C**version**%7C0.14.0%7C%0A%7C**os**%7Cmacos%7C%0A%7C**arch**%7Caarch64%7C%0A

Output

Output ```log sh <(curl -L https://nixos.org/nix/install) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 4267 100 4267 0 0 11608 0 --:--:-- --:--:-- --:--:-- 11608 downloading Nix 2.25.2 binary tarball for aarch64-darwin from 'https://releases.nixos.org/nix/nix-2.25.2/nix-2.25.2-aarch64-darwin.tar.xz' to '/var/folders/hn/yms97sj108x2cp_x3sgv5xjh0000gq/T/nix-binary-tarball-unpack.XXXXXXXXXX.q6VPrkFuWw'... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 14.6M 100 14.6M 0 0 6076k 0 0:00:02 0:00:02 --:--:-- 6078k Switching to the Multi-user Installer Welcome to the Multi-User Nix Installation This installation tool will set up your computer with the Nix package manager. This will happen in a few stages: 1. Make sure your computer doesn't already have Nix. If it does, I will show you instructions on how to clean up your old install. 2. Show you what I am going to install and where. Then I will ask if you are ready to continue. 3. Create the system users (uids [351..382]) and groups (gid 350) that the Nix daemon uses to run builds. To create system users in a different range, exit and run this tool again with NIX_FIRST_BUILD_UID set. 4. Perform the basic installation of the Nix files daemon. 5. Configure your shell to import special Nix Profile files, so you can use Nix. 6. Start the Nix daemon. Would you like to see a more detailed list of what I will do? [y/n] y I will: - make sure your computer doesn't already have Nix files (if it does, I will tell you how to clean them up.) - create local users (see the list above for the users I'll make) - create a local group (nixbld) - install Nix in /nix - create a configuration file in /etc/nix - set up the "default profile" by creating some Nix-related files in /var/root - back up /etc/bashrc to /etc/bashrc.backup-before-nix - update /etc/bashrc to include some Nix configuration - back up /etc/profile.d/nix.sh to /etc/profile.d/nix.sh.backup-before-nix - update /etc/profile.d/nix.sh to include some Nix configuration - back up /etc/zshrc to /etc/zshrc.backup-before-nix - update /etc/zshrc to include some Nix configuration - back up /etc/bash.bashrc to /etc/bash.bashrc.backup-before-nix - update /etc/bash.bashrc to include some Nix configuration - back up /etc/zsh/zshrc to /etc/zsh/zshrc.backup-before-nix - update /etc/zsh/zshrc to include some Nix configuration - create a Nix volume and a LaunchDaemon to mount it - create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon Ready to continue? [y/n] y ---- let's talk about sudo ----------------------------------------------------- This script is going to call sudo a lot. Every time I do, it'll output exactly what it'll do, and why. Just like this: ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo echo to demonstrate how our sudo prompts look This might look scary, but everything can be undone by running just a few commands. I used to ask you to confirm each time sudo ran, but it was too many times. Instead, I'll just ask you this one time: Can I use sudo? [y/n] y Yay! Thanks! Let's get going! ~~> Fixing any leftover Nix volume state Before I try to install, I'll check for any existing Nix volume config and ask for your permission to remove it (so that the installer can start fresh). I'll also ask for permission to fix any issues I spot. ~~> Checking for artifacts of previous installs Before I try to install, I'll check for signs Nix already is or has been installed on this system. ---- Nix config report --------------------------------------------------------- Temp Dir: /var/folders/hn/yms97sj108x2cp_x3sgv5xjh0000gq/T/tmp.iLwd7Mc3rv Nix Root: /nix Build Users: 32 Build Group ID: 350 Build Group Name: nixbld build users: Username: UID _nixbld1: 351 _nixbld2: 352 _nixbld3: 353 _nixbld4: 354 _nixbld5: 355 _nixbld6: 356 _nixbld7: 357 _nixbld8: 358 _nixbld9: 359 _nixbld10: 360 _nixbld11: 361 _nixbld12: 362 _nixbld13: 363 _nixbld14: 364 _nixbld15: 365 _nixbld16: 366 _nixbld17: 367 _nixbld18: 368 _nixbld19: 369 _nixbld20: 370 _nixbld21: 371 _nixbld22: 372 _nixbld23: 373 _nixbld24: 374 _nixbld25: 375 _nixbld26: 376 _nixbld27: 377 _nixbld28: 378 _nixbld29: 379 _nixbld30: 380 _nixbld31: 381 _nixbld32: 382 Ready to continue? [y/n] y ---- Preparing a Nix volume ---------------------------------------------------- Nix traditionally stores its data in the root directory /nix, but macOS now (starting in 10.15 Catalina) has a read-only root directory. To support Nix, I will create a volume and configure macOS to mount it at /nix. ~~> Configuring /etc/synthetic.conf to make a mount-point at /nix ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/ex -u NONE -n /etc/synthetic.conf to add Nix to /etc/synthetic.conf Password: ~~> Creating a Nix volume ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil apfs addVolume disk3 APFS Nix Store -nomount to create a new APFS volume 'Nix Store' on disk3 ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil unmount force disk3s7 to ensure the Nix volume is not mounted disk3s7 was already unmounted ~~> Configuring /etc/fstab to specify volume mount options ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/vifs to add nix to fstab ~~> Encrypt the Nix volume ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil mount Nix Store to mount your Nix volume for encrypting Volume on disk3s7 failed to mount: "SUIS premount dissented" ---- oh no! -------------------------------------------------------------------- Oh no, something went wrong. If you can take all the output and open an issue, we'd love to fix the problem so nobody else has this issue. :( We'd love to help if you need it. You can open an issue at https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md Or get in touch with the community: https://nixos.org/community ```

Priorities

Add :+1: to issues you find important.

abathur commented 3 days ago

Afaik Volume on disk3s7 failed to mount: "SUIS premount dissented" indicates an mdm profile preventing the mount:

grahamc commented 3 days ago

That's right. Specifically, a deprecated SystemUIServer policy: https://determinate.systems/solutions/macos-internal-disk-policy/. Jamf admins should grant an exception for this policy for machines running Nix. Is that possible, @miktros?