macOS installation: Could not find service "org.nixos.darwin-store" in domain for system

mpcsh commented 9 months ago

Platform

[ ] Linux:
[x] macOS
[ ] WSL

Additional information

Installer failed on macOS 14.3.1 (23D60), running the recommended sh <(curl -L https://nixos.org/nix/install).

Output

```log downloading Nix 2.20.1 binary tarball for aarch64-darwin from 'https://releases.nixos.org/nix/nix-2.20.1/nix-2.20.1-aarch64-darwin.tar.xz' to '/var/folders/j5/hx1b66rd2cv11vygx4j39fqc0000gp/T/nix-binary-tarball-unpack.XXXXXXXXXX.hgAlqaBS8v'... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 11.3M 100 11.3M 0 0 31.6M 0 --:--:-- --:--:-- --:--:-- 31.5M Switching to the Multi-user Installer Welcome to the Multi-User Nix Installation This installation tool will set up your computer with the Nix package manager. This will happen in a few stages: 1. Make sure your computer doesn't already have Nix. If it does, I will show you instructions on how to clean up your old install. 2. Show you what I am going to install and where. Then I will ask if you are ready to continue. 3. Create the system users (uids [301..332]) and groups (gid 30000) that the Nix daemon uses to run builds. To create system users in a different range, exit and run this tool again with NIX_FIRST_BUILD_UID set. 4. Perform the basic installation of the Nix files daemon. 5. Configure your shell to import special Nix Profile files, so you can use Nix. 6. Start the Nix daemon. Would you like to see a more detailed list of what I will do? [y/n] y I will: - make sure your computer doesn't already have Nix files (if it does, I will tell you how to clean them up.) - create local users (see the list above for the users I'll make) - create a local group (nixbld) - install Nix in to /nix - create a configuration file in /etc/nix - set up the "default profile" by creating some Nix-related files in /var/root - back up /etc/bashrc to /etc/bashrc.backup-before-nix - update /etc/bashrc to include some Nix configuration - back up /etc/zshrc to /etc/zshrc.backup-before-nix - update /etc/zshrc to include some Nix configuration - create a Nix volume and a LaunchDaemon to mount it - create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon Ready to continue? [y/n] y ---- let's talk about sudo ----------------------------------------------------- This script is going to call sudo a lot. Every time I do, it'll output exactly what it'll do, and why. Just like this: ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo echo to demonstrate how our sudo prompts look This might look scary, but everything can be undone by running just a few commands. I used to ask you to confirm each time sudo ran, but it was too many times. Instead, I'll just ask you this one time: Can I use sudo? [y/n] y Yay! Thanks! Let's get going! ~~> Fixing any leftover Nix volume state Before I try to install, I'll check for any existing Nix volume config and ask for your permission to remove it (so that the installer can start fresh). I'll also ask for permission to fix any issues I spot. ~~> Checking for artifacts of previous installs Before I try to install, I'll check for signs Nix already is or has been installed on this system. ---- Nix config report --------------------------------------------------------- Temp Dir: /var/folders/j5/hx1b66rd2cv11vygx4j39fqc0000gp/T/tmp.7Q7RGziNp5 Nix Root: /nix Build Users: 32 Build Group ID: 30000 Build Group Name: nixbld build users: Username: UID _nixbld1: 301 _nixbld2: 302 _nixbld3: 303 _nixbld4: 304 _nixbld5: 305 _nixbld6: 306 _nixbld7: 307 _nixbld8: 308 _nixbld9: 309 _nixbld10: 310 _nixbld11: 311 _nixbld12: 312 _nixbld13: 313 _nixbld14: 314 _nixbld15: 315 _nixbld16: 316 _nixbld17: 317 _nixbld18: 318 _nixbld19: 319 _nixbld20: 320 _nixbld21: 321 _nixbld22: 322 _nixbld23: 323 _nixbld24: 324 _nixbld25: 325 _nixbld26: 326 _nixbld27: 327 _nixbld28: 328 _nixbld29: 329 _nixbld30: 330 _nixbld31: 331 _nixbld32: 332 Ready to continue? [y/n] y ---- Preparing a Nix volume ---------------------------------------------------- Nix traditionally stores its data in the root directory /nix, but macOS now (starting in 10.15 Catalina) has a read-only root directory. To support Nix, I will create a volume and configure macOS to mount it at /nix. ~~> Configuring /etc/synthetic.conf to make a mount-point at /nix ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/ex -u NONE -n /etc/synthetic.conf to add Nix to /etc/synthetic.conf Password: ~~> Creating a Nix volume ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil apfs addVolume disk3 APFS Nix Store -nomount to create a new APFS volume 'Nix Store' on disk3 ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil unmount force disk3s7 to ensure the Nix volume is not mounted disk3s7 was already unmounted ~~> Configuring /etc/fstab to specify volume mount options ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/vifs to add nix to fstab ~~> Encrypt the Nix volume ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil mount Nix Store to mount your Nix volume for encrypting Volume Nix Store on Nix Store mounted ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/security -i to add your Nix volume's password to Keychain ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil apfs encryptVolume Nix Store -user disk -stdinpassphrase to actually encrypt your Nix volume Encrypting with the new "Disk" crypto user on disk3s7 The new "Disk" user will be the only one who has initial access to disk3s7 The new APFS crypto user UUID will be 4655CCE0-873F-4A31-93ED-AC7F62A2F800 Encryption has likely completed due to AES hardware; see "diskutil apfs list" ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/sbin/diskutil unmount force Nix Store to unmount the encrypted volume Volume Nix Store on disk3s7 force-unmounted ~~> Configuring LaunchDaemon to mount 'Nix Store' ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo /usr/bin/ex -u NONE -n /Library/LaunchDaemons/org.nixos.darwin-store.plist to install the Nix volume mounter ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist to launch the Nix volume mounter Bootstrap failed: 5: Input/output error ---- sudo execution ------------------------------------------------------------ I am executing: $ sudo launchctl kickstart -k system/org.nixos.darwin-store to launch the Nix volume mounter Could not find service "org.nixos.darwin-store" in domain for system ---- oh no! -------------------------------------------------------------------- Oh no, something went wrong. If you can take all the output and open an issue, we'd love to fix the problem so nobody else has this issue. :( We'd love to help if you need it. You can open an issue at https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md Or get in touch with the community: https://nixos.org/community ```

Priorities

Add :+1: to issues you find important.

abathur commented 9 months ago

I think the previous error is the one we'll need to sort out, but I don't recall seeing it before:

I am executing:

    $ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist

to launch the Nix volume mounter

Bootstrap failed: 5: Input/output error

Do you see the service definition in the file at /Library/LaunchDaemons/org.nixos.darwin-store.plist? What happens if you try to run that manually? sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist manually?

Some other questions:

Have you previously installed Nix on this system?
Is it an org or personal device? (Might something like a corporate MDM profile be interfering?)

mpcsh commented 9 months ago

Ooh, good catch. The file is there but I get the same error:

$ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist
Bootstrap failed: 5: Input/output error

I have not previously installed Nix on this system, and it's my own device with no MDM profiles.

abathur commented 9 months ago

At least it's consistent.

Can you open Console.app, give that a try again, and see if it logs anything interesting when it happens?

Does it do the same after a reboot?

I do see other reports of this, though the wifi I'm on atm is sputtering and I'm having trouble assessing them well enough to see if any mention a fix: https://github.com/search?q=%22Bootstrap+failed%3A+5%3A+Input%2Foutput+error%22&type=issues

mpcsh commented 9 months ago

I did try rebooting; should've mentioned that — same result unfortunately.

I found the following in Console.app, under the "Mac Analytics Data" tab:

getgrouplist_2 called triggering group enumeration
com.apple.message.value: 2147483647
com.apple.message.domain: com.apple.system.libinfo
com.apple.message.result: noop
com.apple.message.signature: getgrouplist_2
SenderMachUUID: 5C3AFA2A-1565-32BA-AC18-A3B8FDD193C5

abathur commented 9 months ago

Hmm. I think we'd be hoping for something under the Device section (where it'll have whatever the name of your device was). It can be a little spammy.

There is at least one case where group enumeration might be related, but I don't recall it breaking like this: Is this a new device? If so, have you previously installed Nix on a previous macOS device, and did you use Migration Assistant to set the new one up?

mpcsh commented 9 months ago

Aha! I found four entries in that section, though they weren't visible with the "Errors and Faults" filter enabled, so I almost missed it:

default 15:17:56.102992-0800    sudo    Reading config
default 15:17:56.103131-0800    sudo    Using original path (null)
default 15:17:56.103231-0800    sudo    Too many groups requested (2147483647).  Can cause performance issues when network directories are involved
default 15:17:56.117625-0800    sudo       mpcsh : TTY=ttys011 ; PWD=/Users/mpcsh ; USER=root ; COMMAND=/opt/homebrew/bin/fish -c 'launchctl bootstrap system \\/Library\\/LaunchDaemons\\/org\\.nixos\\.darwin-store\\.plist'

Hmm, this device isn't new, but I may well have used Migration Assistant to set it up. I honestly don't remember. I've experimented with Nix on macOS at least once before (though quite a long time ago), so the scenario you're envisioning is definitely plausible.

abathur commented 9 months ago

I'm not sure that message isn't a red herring, but i guess we can pull on it. Is this a network volume, by any chance (or do you have one set up to mount)? I searched this error and most results are mentioning samba/smb.

If so, maybe try unmounting them and see if the command still errors?

For reference, here's the main report for the migration issue:

https://github.com/NixOS/nix/issues/6078

Your error doesn't really match, but it is at least a possibility to keep in mind. That problem did cause group issues, but none of this "too many" stuff afaik.

If you haven't already, it's probably also worth trying to follow the uninstall instructions and see if a reinstall from there works? https://nixos.org/manual/nix/stable/installation/uninstall.html#macos

mpcsh commented 9 months ago

No network volumes involved — just an ordinary MacBook Pro. I did try following the uninstall instructions and trying again; of course, several of the commands are either no-ops or complain about missing files (since the install didn't finish), but I did follow each step. No dice though.

abathur commented 9 months ago

No dice == same error?

mpcsh commented 9 months ago

Yes, same error.

abathur commented 9 months ago

Can you try to run: sudo launchctl bootout system/org.nixos.nix-daemon and then see if the bootstrap command from earlier works?

If so, I'd try to follow the uninstall instructions again, then bootout again for good measure, and then try reinstalling?

mpcsh commented 9 months ago

$ sudo launchctl bootout system/org.nixos.nix-daemon
Boot-out failed: 3: No such process

abathur commented 9 months ago

This may be a little annoying to reformat, but if the file /Library/LaunchDaemons/org.nixos.darwin-store.plist exists on your system, can you copy the shell command (under the array node following the ProgramArguments key), strip the plist formatting out of it, and see what you get when you invoke it? (I think you'll need to use sudo.)

mpcsh commented 9 months ago

Hmm, so that did actually work just fine:

$ sudo /bin/sh -c "/usr/bin/security find-generic-password -s 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' -w | /usr/sbin/diskutil apfs unlockVolume 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' -mountpoint '/nix' -stdinpassphrase"
Unlocking any cryptographic user on APFS Volume disk3s7
Unlocked and mounted APFS Volume

abathur commented 9 months ago

😅

May be obvious by now, but fair warning that I'm just kinda flailing around for clues at this point.

Does launchctl print system/org.nixos.darwin-store say anything?

One problem we've had in the past is people who had Nix installed and then disabled one of the services, and launchctl will preserve these even if you've uninstalled. AFAIR these normally produce a pretty clear error about the service being disabled, but I guess we don't know if these can ~survive a migration and how they'd look on the other side.

If it indicates that the service is disabled, see if launchctl enable system/org.nixos.darwin-store works, (and if so, if the bootstrap command works afterwards?)

mpcsh commented 9 months ago

I really appreciate it! I'd be doing the same in your shoes, I just don't know Nix well enough to know what to look for.

Playing with Nix on macOS in the past I can say pretty confidently that I wouldn't have manually disabled a service via launchctl.

$ launchctl print system/org.nixos.darwin-store
Bad request.
Could not find service "org.nixos.darwin-store" in domain for system

abathur commented 9 months ago

Drat :)

Can you try the enable command, for grins? I'm not certain if it would print if it had a disabled entry for the service. You might also be able to run a bare sudo launchctl print system and look for evidence that it's disabled there.
Are you using a local GUI login session, or any sort of SSH/remote desktop?
Is this the primary user you set up when you first got the device, or a secondary user account you made after?

mpcsh commented 9 months ago

$ launchctl enable system/org.nixos.darwin-store
Could not enable service: 1: Operation not permitted

$ sudo launchctl enable system/org.nixos.darwin-store

$ echo $status
0

This actually worked! No output but it succeeded.

$ sudo launchctl print system | rg nix
        "org.nixos.darwin-store" => enabled
        "org.nixos.nix-daemon" => disabled

I'm using a local GUI login session, just iTerm2 running bare metal.
This is indeed the primary (and only) user account.

abathur commented 9 months ago

Interesting. Can you try repeating the enable command for org.nixos.nix-daemon and confirm that both turn up enabled in the last print command you ran?

If that also works, I'd try to follow the full uninstall directions again, and see if a fresh install finally works 🤞

mpcsh commented 9 months ago

$ sudo launchctl enable system/org.nixos.nix-daemon

$ echo $status
0

$ sudo launchctl print system | rg nix
        "org.nixos.darwin-store" => enabled
        "org.nixos.nix-daemon" => enabled

mpcsh commented 9 months ago

So then first (relevant) step of the uninstall guide:

$ sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
Unload failed: 5: Input/output error
Try running `launchctl bootout` as root for richer errors.

$ sudo launchctl bootout system/org.nixos.nix-daemon
Boot-out failed: 3: No such process

abathur commented 9 months ago

Hopefully those will prove to be okay, since you don't have any daemons to actually bootout/unload. If the rest of the uninstall went okay, I'd give the install a try.

mpcsh commented 9 months ago

$ sudo dscl . -delete /Groups/nixbld
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)

$ for u in (sudo dscl . -list /Users | grep _nixbld); sudo dscl . -delete /Users/$u; end

$ echo $status
1

These steps in the uninstall guide were unhappy, everything else was fine (except for step 2, "stop and remove the Nix daemon services", as previously discussed).

(Also I had to translate the for loop into fish syntax but I don't think that contributed anything.)

abathur commented 9 months ago

Failures should be okay. Just trying to make sure dangling state's cleaned up before you try installing.

mpcsh commented 9 months ago

...so reinstalling worked this time?! That's mildly unsettling, I don't think I did anything different relative to the first time I tried uninstalling and reinstalling. Regardless, thanks so much for helping me out here!

NixOS / nix