search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.53k stars 1.5k forks source link

oh no! Jeeze, something went wrong #5928

Open franjea opened 2 years ago

franjea commented 2 years ago

Describe the bug

Trying to install nix on macOS Monterey version 12.1 on my iMacPro (2017) Processor 3,2 GHz 8 Core Intel Xeon W.

Steps To Reproduce

  1. Open new terminal session
  2. Type at prompt % sh <(curl -L https://nixos.org/nix/install) --daemon
  3. See complete output with error message

Expected behavior

installation successfull

nix-env --version output

Add any other context about the problem here.

output : jean-mariefranziskus@192 ~ % sh % Total % Received % Xferd <(curl -L https://nixos.org/nix/install) --daemon Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 000000 0 0 --:--:-- --:--:-- --:--:-- 0 100 4046 100 4046 0 0 downloading Nix 2.5.1 binary tarball for x86_64-darwin from 'https://releases.nixos.org/nix/nix-2.5.1/nix-2.5.1- x86_64-darwin.tar.xz' to '/var/folders/57/5h37l1x11zd2j34h322dqb7c0000gp/T/nix-binary-tarball- unpack.XXXXXXXXXX.VWyCzqTR'... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 33.5M 100 33.5M 0 0 41.5M 0 --:--:-- --:--:-- --:--:-- 41.8M Switching to the Multi-user Installer Welcome to the Multi-User Nix Installation This installation tool will set up your computer with the Nix package manager. This will happen in a few stages:

  1. Make sure your computer doesn't already have Nix. If it does, I will show you instructions on how to clean up your old install.
  2. Show you what I am going to install and where. Then I will ask if you are ready to continue.
  3. Create the system users and groups that the Nix daemon uses to run builds.
  4. Perform the basic installation of the Nix files daemon.
  5. Configure your shell to import special Nix Profile files, so you can use Nix.
  6. Start the Nix daemon. Would you like to see a more detailed list of what I will do? [y/n] y I will:
    • make sure your computer doesn't already have Nix files (if it does, I will tell you how to clean them up.)
    • create local users (see the list above for the users I'll make)
    • create a local group (nixbld)
    • install Nix in to /nix
    • create a configuration file in /etc/nix
    • set up the "default profile" by creating some Nix-related files in /var/root
    • back up /etc/bashrc to /etc/bashrc.backup-before-nix
    • update /etc/bashrc to include some Nix configuration
    • back up /etc/zshrc to /etc/zshrc.backup-before-nix
    • update /etc/zshrc to include some Nix configuration
    • create a Nix volume and a LaunchDaemon to mount it
    • create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon Ready to continue? [y/n] y ---- let's talk about sudo ----------------------------------------------------- This script is going to call sudo a lot. Every time I do, it'll output exactly what it'll do, and why. Just like this: ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo echo to demonstrate how our sudo prompts look This might look scary, but everything can be undone by running just a few commands. I used to ask you to confirm each time sudo ran, but it was too many times. Instead, I'll just ask you this one time: Can I use sudo? [y/n] y Yay! Thanks! Let's get going! ~~> Fixing any leftover Nix volume state Before I try to install, I'll check for any existing Nix volume config and ask for your permission to remove it (so that the installer can start fresh). I'll also ask for permission to fix any issues I spot. ~~> Checking for artifacts of previous installs Before I try to install, I'll check for signs Nix already is or has been installed on this system. 6323 0 --:--:-- --:--:-- --:--:-- 6323 ---- Nix config report --------------------------------------------------------- Temp Dir: Nix Root: Build Users: Build Group ID: Build Group Name: build users: Username: UID _nixbld1: 301 _nixbld2: 302 _nixbld3: 303 _nixbld4: 304 _nixbld5: 305 _nixbld6: 306 _nixbld7: 307 _nixbld8: 308 _nixbld9: 309 _nixbld10: 310 _nixbld11: 311 _nixbld12: 312 _nixbld13: 313 _nixbld14: 314 _nixbld15: 315 _nixbld16: 316 _nixbld17: 317 _nixbld18: 318 _nixbld19: 319 _nixbld20: 320 _nixbld21: 321 _nixbld22: 322 _nixbld23: 323 _nixbld24: 324 _nixbld25: 325 _nixbld26: 326 _nixbld27: 327 _nixbld28: 328 _nixbld29: 329 _nixbld30: 330 _nixbld31: 331 _nixbld32: 332 Ready to continue? [y/n] y /var/folders/57/5h37l1x11zd2j34h322dqb7c0000gp/T/tmp.6b0Fy7KsrX /nix 32 30000 nixbld ---- Preparing a Nix volume ---------------------------------------------------- Nix traditionally stores its data in the root directory /nix, but macOS now (starting in 10.15 Catalina) has a read-only root directory. To support Nix, I will create a volume and configure macOS to mount it at /nix. ~~> Configuring /etc/synthetic.conf to make a mount-point at /nix ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/ex --noplugin /etc/synthetic.conf to add Nix to /etc/synthetic.conf Password: ~~> Creating a Nix volume ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil apfs addVolume disk1 APFS Nix Store -nomount to create a new APFS volume 'Nix Store' on disk1 ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil unmount force disk1s7 to ensure the Nix volume is not mounted disk1s7 was already unmounted ~~> Configuring /etc/fstab to specify volume mount options ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/vifs to add nix to fstab

~~> Configuring LaunchDaemon to mount 'Nix Store' ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/ex --noplugin /Library/LaunchDaemons/org.nixos.darwin-store.plist to install the Nix volume mounter ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist to launch the Nix volume mounter ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl kickstart -k system/org.nixos.darwin-store to launch the Nix volume mounter ~~> Setting up the build group nixbld ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/dseditgroup -o create -r Nix build group for nix-daemon -i 30000 nixbld Create the Nix build group, nixbld Created: Yes ~~> Setting up the build user _nixbld1 ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301 Creating the Nix build user (#1), _nixbld1

attribute status: eDSRecordAlreadyExists DS Error: -14135 (eDSRecordAlreadyExists) ---- oh no! -------------------------------------------------------------------- Jeeze, something went wrong. If you can take all the output and open an issue, we'd love to fix the problem so nobody else has this issue. :( We'd love to help if you need it. You can open an issue at https://github.com/nixos/nix/issues Or feel free to contact the team: - Matrix: #nix:nixos.org - IRC: in #nixos on irc.libera.chat - twitter: @nixos_org - forum: https://discourse.nixos.org jean-mariefranziskus@192 ~ %
abathur commented 2 years ago

Going forward, please try to either copy the output into the post, or attach an actual plain-text log file. Since PDFs are capable of containing exploits (and the fact that your comment says you attached an rtf, but the actual attachment claims to be a pdf), I had to go find a converter to ensure this was clean before I could take a look.

For reference, the error happens here:

~~> Setting up the build group nixbld
---- sudo execution -----------------------------------------------------------
I am executing:
$ sudo /usr/sbin/dseditgroup -o create -r Nix build group for nix-daemon -i 30000 nixbld
Create the Nix build group, nixbld
Created: Yes
~~> Setting up the build user _nixbld1
---- sudo execution -----------------------------------------------------------
I am executing:
$ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301
Creating the Nix build user (#1), _nixbld1
<main> attribute status: eDSRecordAlreadyExists
<dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)

I imagine you already have a user with the UID the installer is trying to use. There may be a better way to do this (I'm not terribly familiar with the macOS user-management commands), but I think you can run /usr/bin/dscl . search /Users UniqueID 301 to directly check.

Let me know what you find, but I imagine the most-likely cases and next steps are:

  1. If you have already had Nix on the system before and the command matches a user that is named _nixbld1, we'll need to do a little more digging. (AFAIK the installer should handle existing nixbld users just fine, so we'll need to figure out why it isn't.)
  2. If it is some other user, I think you'll have to find an open ID range. You can run something like /usr/bin/dscl . list /Users UniqueID | sort -n -k 2 and check it to see if you can find a sequence of available UIDs in the 200-400 range.
    • To actually use a different starting ID you'll need to either download+modify the install scripts to use it (I can outline the basics if you are you comfortable doing this?), or pre-create _nixbld* users (which the installer should hopefully pick up).
franjea commented 2 years ago

Hello NixOS/nix,

1) Following your instructions, I run :

% /usr/bin/dscl . search /Users UniqueID 301

which gives as result:

SonosDMS UniqueID = ( 301 )

2) Finding an open ID range , I did:

/usr/bin/dscl . list /Users UniqueID 301 | sort -n -k 2

qui donne :

% /usr/bin/dscl . list /Users UniqueID | sort -n -k 2 nobody -2 root 0 daemon 1 _uucp 4 _taskgated 13 _networkd 24 _installassistant 25 _lp 26 _postfix 27 _scsd 31 _ces 32 _appstore 33 _mcxalr 54 _appleevents 55 _geod 56 _devdocs 59 _sandbox 60 _mdnsresponder 65 _ard 67 _www 70 _eppc 71 _cvs 72 _svn 73 _mysql 74 _sshd 75 _qtss 76 _cyrus 77 _mailman 78 _appserver 79 _clamav 82 _amavisd 83 _jabber 84 _appowner 87 _windowserver 88 _spotlight 89 _tokend 91 _securityagent 92 _calendar 93 _teamsserver 94 _update_sharing 95 _installer 96 _atsserver 97 _ftp 98 _unknown 99 _softwareupdate 200 _coreaudiod 202 _screensaver 203 _locationd 205 _trustevaluationagent 208 _timezone 210 _lda 211 _cvmsroot 212 _usbmuxd 213 _dovecot 214 _dpaudio 215 _postgres 216 _krbtgt 217 _kadmin_admin 218 _kadmin_changepw 219 _devicemgr 220 _webauthserver 221 _netbios 222 _warmd 224 _dovenull 227 _netstatistics 228 _avbdeviced 229 _krb_krbtgt 230 _krb_kadmin 231 _krb_changepw 232 _krb_kerberos 233 _krb_anonymous 234 _assetcache 235 _coremediaiod 236 _launchservicesd 239 _iconservices 240 _distnote 241 _nsurlsessiond 242 _nsurlstoraged 243 _displaypolicyd 244 _astris 245 _krbfast 246 _gamecontrollerd 247 _mbsetupuser 248 _ondemand 249 _xserverdocs 251 _wwwproxy 252 _mobileasset 253 _findmydevice 254 _datadetectors 257 _captiveagent 258 _ctkd 259 _applepay 260 _hidd 261 _cmiodalassistants 262 _analyticsd 263 _fpsd 265 _timed 266 _nearbyd 268 _reportmemoryexception 269 _driverkit 270 _diskimagesiod 271 _logd 272 _appinstalld 273 _installcoordinationd 274 _demod 275 _rmd 277 _accessoryupdater 278 _knowledgegraphd 279 _coreml 280 _sntpd 281 _trustd 282 _darwindaemon 284 _notification_proxy 285 SonosDMS 301 _oahd 441 macports 501 jean-mariefranziskus 502 com.malwarebytes.mbam.nobody 1000

Voilà.

On 17 Jan 2022, at 20:02, Travis A. Everett @.***> wrote:

Going forward, please try to either copy the output into the post, or attach an actual plain-text log file. Since PDFs are capable of containing exploits (and the fact that your comment says you attached an rtf, but the actual attachment claims to be a pdf), I had to go find a converter to ensure this was clean before I could take a look.

For reference, the error happens here:

~~> Setting up the build group nixbld ---- sudo execution ----------------------------------------------------------- I am executing: $ sudo /usr/sbin/dseditgroup -o create -r Nix build group for nix-daemon -i 30000 nixbld Create the Nix build group, nixbld Created: Yes ~~> Setting up the build user _nixbld1 ---- sudo execution ----------------------------------------------------------- I am executing: $ sudo /usr/bin/dscl . create /Users/_nixbld1 UniqueID 301 Creating the Nix build user (#1), _nixbld1

attribute status: eDSRecordAlreadyExists DS Error: -14135 (eDSRecordAlreadyExists) I imagine you already have a user with the UID the installer is trying to use. There may be a better way to do this (I'm not terribly familiar with the macOS user-management commands), but I think you can run /usr/bin/dscl . search /Users UniqueID 301 to directly check. Let me know what you find, but I imagine the most-likely cases and next steps are: If you have already had Nix on the system before and the command matches a user that is named _nixbld1, we'll need to do a little more digging. (AFAIK the installer should handle existing nixbld users just fine, so we'll need to figure out why it isn't.) If it is some other user, I think you'll have to find an open ID range. You can run something like /usr/bin/dscl . list /Users UniqueID | sort -n -k 2 and check it to see if you can find a sequence of available UIDs in the 200-400 range. To actually use a different starting ID you'll need to either download+modify the install scripts to use it (I can outline the basics if you are you comfortable doing this?), or pre-create _nixbld* users (which the installer should hopefully pick up). — Reply to this email directly, view it on GitHub , or unsubscribe . Triage notifications on the go with GitHub Mobile for iOS or Android . You are receiving this because you authored the thread.
abathur commented 2 years ago

Thanks. I think there are 2 main ways to proceed. I would pick whichever you feel most confident about...

  1. I'm not sure what your SonosDMS user is for, but if you think you can change its UID without much hassle, I would try relocating it (perhaps to UID 300?). If you think this will be okay, I think it is fairly simple, something like: sudo dscl . change /Users/SonosDMSUniqueID 301 300
  2. Download the installer script bundle, edit the script to change the minimum UID set in NIX_FIRST_BUILD_UID, and then run the installer locally. This will be a little do-it-yourself, but I do have a rough outline of the steps in https://github.com/NixOS/nix/issues/4915#issuecomment-862531976

You could also technically pre-create the build users if you aren't comfortable with the options above, but it will probably take more work all around.