search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.07k stars 1.47k forks source link

nix-shell -p nix-info --run "nix-info -m" fails after installation. #7937

Open mohnishkodnani opened 1 year ago

mohnishkodnani commented 1 year ago

Platform

Additional information

Set NIX_SSL_CERT_FILE to the internal certificate file.

Output

``` nix-shell -p nix-info --run "nix-info -m" error: … at «none»:0: (source not available) … while calling the 'import' builtin at «string»:1:18: 1| {...}@args: with import args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } "" | ^ (stack trace truncated; use '--show-trace' to show the full trace) error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I) at «none»:0: (source not available) ``` Added above. but some of the output from the installer is listed here. ```log ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo cp /etc/bash.bashrc /etc/bash.bashrc.backup-before-nix to back up your current /etc/bash.bashrc to /etc/bash.bashrc.backup-before-nix ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo tee -a /etc/bash.bashrc extend your /etc/bash.bashrc with nix-daemon settings # Nix if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' fi # End Nix ~~> Setting up shell profiles for Fish with with conf.d/nix.fish inside /etc/fish /usr/local/etc/fish /opt/homebrew/etc/fish /opt/local/etc/fish ~~> Setting up the default profile ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo HOME=/var/root /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-env -i /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0 to install a bootstrapping Nix in to the default profile installing 'nix-2.14.0' building '/nix/store/0p5xxbqbqdjqknjp7p60f6j05y4s0hx9-user-environment.drv'... ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs to update the default channel in the default profile unpacking channels... ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo install -m 0664 /var/folders/p2/dsnj50zn5kb1xs6sd9xw76zw0000gq/T/tmp.yvANIt7W/nix.conf /etc/nix/nix.conf to place the default nix daemon configuration (part 2) ~~> Setting up the nix-daemon LaunchDaemon ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /bin/cp -f /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist to set up the nix-daemon as a LaunchDaemon ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist to load the LaunchDaemon plist for nix-daemon ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl kickstart -k system/org.nixos.nix-daemon to start the nix-daemon Alright! We're done! Try it! Open a new terminal, and type: $ nix-shell -p nix-info --run "nix-info -m" Thank you for using this installer. If you have any feedback or need help, don't hesitate: You can open an issue at https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md Or get in touch with the community: https://nixos.org/community ---- Reminders ----------------------------------------------------------------- [ 1 ] Nix won't work in active shell sessions until you restart them. ``` I also do not find ~/.nix-profile . I am using zsh as the default shell for my user. I closed the `Terminal` Process on mac and then ran the nix-shell command and get this error. Shell environment variables ``` __CFBundleIdentifier=com.apple.Terminal TMPDIR=/var/folders/p2/dsnj50zn5kb1xs6sd9xw76zw0000gq/T/ TERM=xterm-256color TERM_PROGRAM=Apple_Terminal TERM_PROGRAM_VERSION=445 TERM_SESSION_ID=780966DA-56FF-4D56-B23E-4D3BB316A8AC SHELL=/bin/zsh HOME=/Users/mkodnani PATH=/Users/mkodnani/.local/state/nix/profile/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/podman/bin SHLVL=1 PWD=/Users/mkodnani OLDPWD=/Users/mkodnani NIX_PROFILES=/nix/var/nix/profiles/default /Users/mkodnani/.local/state/nix/profile SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem REQUESTS_CA_BUNDLE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem CURL_CA_BUNDLE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem LANG=en_US.UTF-8 _=/usr/bin/env ```

Priorities

Add :+1: to issues you find important.

abathur commented 1 year ago

I am not caught up on detail yet, but I think this is a symptom of a known issue with the 2.14.0 release.

It looks like there's effort under way to get a .1 together (https://github.com/NixOS/nix/compare/master...2.14-maintenance)

Unless maybe one of @balsoft @cole-h @Ericson2314 @edolstra weigh in by the time you see this on whether there's a quick fix for your install, I'd personally just recommend uninstalling and reinstalling with 2.13.3 for now.

cole-h commented 1 year ago

A brief look at the trace just makes me think channels haven't been properly set up. You might try running nix-channel --update as your user and/or root and see if that fixes it. Also verify there is a nixpkgs or nixos channel when you run nix-channel --list as your user and/or root. (EDIT: It's possible it is related to a few issues 2.14 has been having, but I would still check that first.)

I can check for certain in my morning, but that's what I would try first.

mohnishkodnani commented 1 year ago

@cole-h thanks for your quick reply. I tried 

nix-channel --update
unpacking channels...
% nix-channel --list

I dont see anything , it's empty. Also, the unpacking the channel step in the installer does not show any errors when it runs. Let me know try to downgrade as @abathur says. Will report back.

mohnishkodnani commented 1 year ago

I tried 2.13.3 as suggested, and I do not get the <borked> error as before. However, I get the following 

error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

which I believe is because the SSL cert due to the Netskope proxy. However, my reason for doing this was to setup the NIX_SSL_CERT_FILE to our cert file and then make sure it works later on in project specific flakes, but looks like i have missed something.

I had a working home-manager flake using which i setup my laptop. However, I wanted to try this setup after my company started using Netskope to intercept SSL traffic and provide cert override. My flake also fails with 

rror: unable to download 'https://cache.nixos.org/z69b14xisp43vy0bdx74hpqmhgzv2hhx.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

I have done the installation after NIX_SSL_CERT_FILE variable and can be seen in the installer output above. 

sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs

So, it is picked up by the installer. Not sure why the home manger flake and the nix-shell command which the installer recommends run from a new Terminal are failing with the above error.

insdami commented 1 year ago

I'm experiencing exactly the same error.

I've tried to install the latest version which gave me exactly the same message and then I tried again with sudo which threw the SSL cert error reported by @mohnishkodnani

I confirm downgrade to 2.13.3 works

balsoft commented 1 year ago

Seems related to https://github.com/NixOS/nix/pull/7925 and https://github.com/NixOS/nix/pull/7929

abathur commented 1 year ago

2.14.1 was released a few hours ago.

If you ran into this issue yesterday it might be worth uninstalling and just re-trying the normal installer to see if the new version works fine. Others may benefit from your report on whether this does/doesn't work :)

cole-h commented 1 year ago

2.14.1 was released a few hours ago.

If you ran into this issue yesterday it might be worth uninstalling and just re-trying the normal installer to see if the new version works fine. Others may benefit from your report on whether this does/doesn't work :)

Well, I can say definitively: it doesn't fix this specific issue. I'm doing a bit of looking around to see where this issue comes from, but one initial weirdness that I noticed when straceing nix-shell -p nix-info --run 'nix-info -m':

2.13.3:

getcwd("/home/ubuntu", 4096)            = 13
newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", {st_mode=S_IFLNK|0777, st_size=46, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels/nixpkgs", 0x7fff692486b0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0

2.14.1:

getcwd("/home/ubuntu", 4096)            = 13
munmap(0x7fe0c8fb1000, 266240)          = 0
openat(AT_FDCWD, "/tmp", O_RDONLY)      = 3
newfstatat(3, "nix-shell-3071-0", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
openat(3, "/tmp/nix-shell-3071-0", O_RDONLY) = 4

So I'm thinking there's also a bug in the C++ code somewhere regarding the path lookups. I don't have evidence this is caused by the XDG PR (though likely since it does look like potential fallout) just yet.

EDIT: Something else interesting:

2.13.3:

newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", {st_mode=S_IFLNK|0777, st_size=46, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels", {st_mode=S_IFLNK|0777, st_size=15, ...}, AT_SYMLINK_NOFOLLOW) = 0

2.14.1:

newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)

Users' channels don't exist. Maybe not a C++ issue.

mohnishkodnani commented 1 year ago

One thing to note for me even with 2.13.3. I get errors like the following https://cache.nixos.org/03dklqjq9amyhr4cbf73k3mmkvhqj8qm.narinfo Same for this https://cache.nixos.org/ipac5znmsxa3s67sqq1xrnrllx2rsnhz.narinfo If i put these links in the browser I get 404, so not sure what's going on there. These links are giving 404 on the browser itself. Later today i will try 2.14.1 as well.

mohnishkodnani commented 1 year ago

I'm experiencing exactly the same error.

I've tried to install the latest version which gave me exactly the same message and then I tried again with sudo which threw the SSL cert error reported by @mohnishkodnani

I confirm downgrade to 2.13.3 works

Even with the downgrade I get the SSL cert errors and the URLs that are printed give me 404, do you see this ?

mohnishkodnani commented 1 year ago

@abathur I tried 2.14.1 installation and still see this error when running the following command 

nix-shell -p nix-info --run "nix-info -m"
error:
       … <borked>

         at «none»:0: (source not available)

       … while calling the 'import' builtin

         at «string»:1:18:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             |                  ^

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)

       at «none»:0: (source not available)
nix --version
nix (Nix) 2.14.1

If I run the same command with sudo I get the following error instead. 

warning: $HOME ('/Users/mkodnani') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 318 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 290 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 299 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 333 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 601 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 664 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 674 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 544 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 1204 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 1023 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 1068 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 1060 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 2579 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 2637 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 2178 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 2242 ms
error (ignored): error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35)
error (ignored): error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35)
error (ignored): error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35)
error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35)
hogsmead commented 1 year ago

I have the same problem on Linux with 2.13.3

Edit: Nevermind. I thought the command given on https://nixos.org/download.html installs the version mentioned on the same page. 2.13.3 works fine.

mohnishkodnani commented 1 year ago

I manually added the channel. Now I am get channel in the list command as opposed to empty

 nix-channel --add https://nixos.org/channels/nixpkgs-unstable
mkodnani@C2CKVCFH3G ~ % nix-channel --update                                         
unpacking channels...
mkodnani@C2CKVCFH3G ~ % nix-channel --list                                           
nixpkgs https://nixos.org/channels/nixpkgs-unstable

However, running the nix-shel still gives the same SSL Cert path error

nix-shell -p nix-info --run "nix-info -m"
error (ignored): error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)
error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77)
echo-devnull commented 1 year ago

I just installed on Pop os 22.04, (like, a few hours ago)) and I got the same problem. Searched for the error and found this open ticket. So clean install on a Linux box also produces this error.

I've been playing with trying to get things to work for a while now, adding it to packages, adding the channel, etc. But I'm no further.

Just though I'd add that it's a problem on Linux too. ;-)

abiosoft commented 1 year ago

Yeah, this fully affect Linux as well and it is not fixed with 2.14.1.

Downgrading and pinning to 2.13.3 till further notice.

abathur commented 1 year ago

@edolstra @Ericson2314 @thufschmitt

mohnishkodnani commented 1 year ago

Any idea about my original problem that even with 2.13 i get SSL cert path issues.

On Sat, Mar 4, 2023, 08:06 Travis A. Everett @.***> wrote:

@edolstra https://github.com/edolstra @Ericson2314 https://github.com/Ericson2314 @thufschmitt https://github.com/thufschmitt

— Reply to this email directly, view it on GitHub https://github.com/NixOS/nix/issues/7937#issuecomment-1454788095, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABW4SVDLWP7VEQJ5HJYOG6TW2NR73ANCNFSM6AAAAAAVMXQD7A . You are receiving this because you were mentioned.Message ID: @.***>

abathur commented 1 year ago

I tried 2.13.3 as suggested, and I do not get the <borked> error as before. However, I get the following

error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

which I believe is because the SSL cert due to the Netskope proxy. However, my reason for doing this was to setup the NIX_SSL_CERT_FILE to our cert file and then make sure it works later on in project specific flakes, but looks like i have missed something.

...

sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs

So, it is picked up by the installer. Not sure why the home manger flake and the nix-shell command which the installer recommends run from a new Terminal are failing with the above error.

@mohnishkodnani Sorry--I thought I'd responded with at least a couple thoughts here but I guess I got interrupted and left it half-written in a tab somewhere...

With the big caveat that I haven't dealt with a proxy like this and am just kinda guessing:

  1. I assume you did since the command quoted shouldn't run at all if you didn't, but if you synthesized the sudo quoted above from more than one separate statement, I'd verify that you quoted /Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem to avoid word splitting in the shell?

  2. There's another copy of this env just for the Nix daemon in /Library/LaunchDaemons/org.nixos.nix-daemon.plist, so you might just need to point this one at your cert (perhaps a cert set on the CLI isn't explicitly passed to the daemon). I do see some users in other threads reporting fixing this with something like:

    sudo launchctl setenv NIX_SSL_CERT_FILE "<cert-path>"
sudo launchctl kickstart -k system/org.nixos.nix-daemon
tylerc commented 1 year ago

macOS 13.2.1 here - no special SSL config on my side. First time running Nix and hit this error :)

Fix for me was:

nix-channel --add https://nixos.org/channels/nixpkgs-22.11-darwin nixpkgs
nix-channel --update

And now the command succeeds:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"aarch64-darwin"`
 - host os: `Darwin 22.3.0, macOS 13.2.1`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.14.1`
 - nixpkgs: `/Users/tylerchurch/.nix-defexpr/channels/nixpkgs`

Based on other bugs I found online, I also briefly had this in my ~/.zshenv:

export NIX_PATH=${NIX_PATH:+$NIX_PATH:}$HOME/.nix-defexpr/channels

But I've since commented that out and things are still working.

abiosoft commented 1 year ago

Fix for me was:

nix-channel --add https://nixos.org/channels/nixpkgs-22.11-darwin nixpkgs
nix-channel --update

Thanks for the feedback @tylerc. The average Nix user actually knows about this and it is more of a workaround than a fix.

Prior to this issue, I have had to take zero extra steps after installing Nix to get it working.

benrbray commented 1 year ago

First time Nix user. I followed the homepage's recommendation for a multi-user install:

sh <(curl -L https://nixos.org/nix/install) --daemon

The script succeeded with no errors. I'm only using Nix because obelisk insists, so next I tried to install:

$ nix --version
nix (Nix) 2.14.1
$ nix-env -f https://github.com/obsidiansystems/obelisk/archive/master.tar.gz -iA command
installing 'obelisk-command-0.9.0.1'
error:
       … while calling the 'derivationStrict' builtin
         at //builtin/derivation.nix:9:12: (source not available)
       … while evaluating derivation 'obelisk-command-0.9.0.1'
         whose name attribute is located at /nix/store/yxa12wh8fc6j8w61y3jn27vw8dhydby7-source/pkgs/development/haskell-modules/generic-builder.nix:290:3
       … while evaluating attribute 'buildInputs' of derivation 'obelisk-command-0.9.0.1'
         at /nix/store/yxa12wh8fc6j8w61y3jn27vw8dhydby7-source/pkgs/stdenv/generic/make-derivation.nix:221:11:
          220|           depsHostHost                = lib.elemAt (lib.elemAt dependencies 1) 0;
          221|           buildInputs                 = lib.elemAt (lib.elemAt dependencies 1) 1;
             |           ^
          222|           depsTargetTarget            = lib.elemAt (lib.elemAt dependencies 2) 0;
       (stack trace truncated; use '--show-trace' to show the full trace)
       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
       at «none»:0: (source not available)

My attempts to diagnose led me to this issue. I ran:

$ echo $NIX_PATH
(empty)
$ nix-channel --list
(empty)

Thanks to those in this thread who posted their solutions, I was able to fix it with:

$ nix-channel --add https://nixos.org/channels/nixos-22.11 nixpkgs
nix-channel --update
(base) benjamin@apollo:~/Documents/notes/logs
$ nix-channel --update
unpacking channels...

Now I can run nix-info:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.0-80-generic, Ubuntu, 20.04.5 LTS (Focal Fossa), nobuild`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.14.1`
 - nixpkgs: `/home/benjamin/.nix-defexpr/channels/nixpkgs`

I have heard good things about Nix, but I have to say, this gives me a pretty bad first impression.

mohnishkodnani commented 1 year ago 
sudo launchctl kickstart -k system/org.nixos.nix-daemon

I tried 

mkodnani ~ % sudo launchctl setenv NIX_SSL_CERT_FILE "/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem"
mkodnani~ % sudo launchctl kickstart -k system/org.nixos.nix-daemon

mkodnani home-config % nix-shell -p nix-info --run "nix-info -m" error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

Not sure where things are not working... Will try a bunch of other steps around this.

Ericson2314 commented 1 year ago

I opened up https://github.com/NixOS/nix/issues/7984 which I think describes at least one part of this.

mohnishkodnani commented 1 year ago

Update: If I run the command as instructed by the installer in a new terminal after doing a multi-user install on mac osx I get the following error.

nix-shell -p nix-info --run "nix-info -m" error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77) However, if I try this it seems to work. Not sure why i have to do this yet. sudo NIX_SSL_CERT_FILE=/Users/mkodnani/nscacert_combined.pem nix-shell -p nix-info --run "nix-info -m"

It seems like i have to do sudo and then provide the env variable. Looks like the multi user install requires sudo to work, not sure, just reporting what seems to work

corneliusroemer commented 1 year ago

Not fixed on 2.14.1 - can you alter the install script so that it pulls a working version until this problem is reliably fixed? This is a major turn off for anyone trying out nix.

Here's my write up on Stackoverflow. Clean macOS install: https://stackoverflow.com/questions/75657834/fresh-install-of-nix-fails-on-m1-mac-error-attribute-nixpkgs-in-selection-pa

Yesterday, someone suggested on a different Stackoverflow question to nix-channel --add https://nixos.org/channels/nixpkgs-unstable. This appears to work for me. But something tells me this is a workaround. I shouldn't need to add a channel, and it shouldn't be unstable. Answer: https://stackoverflow.com/a/75641511/7483211

mohnishkodnani commented 1 year ago

Another thing to note

mkodnani@C2CKVCFH3G ~ % sudo launchctl getenv NIX_SSL_CERT_FILE
/Library/Application Support/Certs/STAgent/download/mycert.pem
mkodnani@C2CKVCFH3G ~ % sudo launchctl kickstart -pk system/org.nixos.nix-daemon
service spawned with pid: 5729
mkodnani@C2CKVCFH3G ~ % sudo ps -Eww 5729                                                 
  PID TTY           TIME CMD
 5729 ??         0:00.06 /nix/var/nix/profiles/default/bin/nix-daemon OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES PATH=/usr/bin:/bin:/usr/sbin:/sbin PWD=/ XPC_FLAGS=0x0 NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt XPC_SERVICE_NAME=org.nixos.nix-daemon SHLVL=0
mkodnani@C2CKVCFH3G ~ %

I am not sure if this is an issue. I have the NIX_SSL_CERT_FILE set to my internal cert file and the ps command still shows it pointing to the default one..

Townk commented 1 year ago

Hi folks, Just want to add my experience with this issue:

I had Nix working on macOS for a couple of years now, but yesterday I decided to do a full machine reset, and had to install Nix again. Using the instructions on the main website (sh <(curl -L https://nixos.org/nix/install)) successfully installs the 2.16.1 version, but no Nix command would work, complaining about certificate with the error "Problem with the SSL CA cert (path? access rights?) (77)".

I tried several suggestions, going from manually changing the LaunchDeamon file, to exporting environment variables, but nothing helped.

Then, I tried what @abathur suggested on his comment... and it worked!

I don't know if any newer version than 2.13.3 works, but since the Nix repository does not have any release tags between 2.13.3 and 2.16.1, I assume it does not.

Does anyone know if there is a workaround to use the latest Nix on macOS at this point?

abathur commented 1 year ago

Not certain, but you could try reinstalling latest and setting the new nix.conf option added in #8062. If that shows the same error, maybe there is a problem with cert permissions?

Townk commented 1 year ago

I can try that, but I don't think is anything wrong with the certs. I'm not using custom certs, and Nix 2.13.3 works, so I assume is something with the latest release

abathur commented 1 year ago

I don't know if any newer version than 2.13.3 works, but since the Nix repository does not have any release tags between 2.13.3 and 2.16.1, I assume it does not.

Where are you looking? https://github.com/NixOS/nix/tags and releases.nixos.org both list tags for 2.13.4, 2.14.0, 2.14.1, 2.15.0, 2.15.1, and 2.16.0.

I'm not using custom certs, and Nix 2.13.3 works, so I assume is something with the latest release

I'm not sure what's causing trouble here, but 2.16.1 has been out for 5 weeks already--I imagine we'd be drowning in reports if no new installs were working. I tried installing it on a spare macbook and get:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-darwin"`
 - host os: `Darwin 18.7.0, macOS 10.14.6`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.16.1`
 - channels(root): `"nixpkgs"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`
Townk commented 1 year ago

I'll try to get a fresh mac image that is not tied to my work to see if something changes, thanks for letting me know!

jmp-0x7C0 commented 1 year ago

I'm also having this issue with a fresh install albeit using the DeterminateSystems installer (v0.10.0). Cross posting report here for visibility. The nix version installed is nix-2.15.0-x86_64-darwin, and I'm running macOS 13.4.1.

λ nix-shell -p nix-info --run "nix-info -m"
error:
       … <borked>

         at «none»:0: (source not available)

       … while calling the 'import' builtin

         at «string»:1:18:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             |                  ^

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: unable to download 'https://channels.nixos.org/flake-registry.json': Problem with the SSL CA cert (path? access rights?) (77)