./#build-switch fails to run after upgrading to macOS Sequoia - error: the user '_nixbld1' in the group 'nixbld' does not exist

[victorhooi]

I've just updated my Macbook to OSX 15.0 (Sequoia) - and now nix run ./#build-switch is failing with the following error:

❯ nix run ./#build-switch
warning: Git tree '/Users/bytedance/nixos-config' is dirty
error: the user '_nixbld1' in the group 'nixbld' does not exist

I did try adding the line from this commit:

https://github.com/dustinlyons/nixos-config/commit/84767169056e3a6e5a2f6df0f13ac6af00882a10#diff-495e6e2f82e0c27bbf2e2a20fcc506fa7adcc184cc4981f20eb3d42a23e9e002R19

However, I still get the same error

[dustinlyons]

I ran into the same issue when upgrading. To get around it, I ran a bunch of commands trying to rebuild and assign the nix build user to the right group. I think this is what ultimately fixed it:

for i in {1..9}; do sudo dscl . -create /Users/_nixbld$i; sudo dscl . -append /Users/_nixbld$i uid $((30000 + i)); sudo dscl . -append /Users/_nixbld$i gid 30000; sudo dscl . -append /Users/_nixbld$i home /var/empty; sudo dscl . -append /Users/_nixbld$i shell /usr/bin/false; done

and then

dscl . -read /Groups/nixbld GroupMembership sudo dscacheutil -flushcache

[dustinlyons]

I also ran these before the command above to set up the build user again. I found these in another thread, so I'm honestly not too privy to what's going on here.

 4252  for i in 1 2 3; dseditgroup -o checkmember -m "nixbld$i" "nixbld"; end
 4253  for i in 1 2 3; dscl . -read "/Users/nixbld$i" | grep PrimaryGroupID ; end
 4254  sudo dseditgroup -o create -r "Nix build group for nix-daemon" -i "30000" "nixbld"
 4255  sudo dscl . -create /Users/nixbld1 UniqueID 30001
 4256  sudo dscl . -create /Users/nixbld1 IsHidden 1
 4257  sudo dscl . -create /Users/nixbld1 NFSHomeDirectory /var/empty
 4258  sudo dscl . -create /Users/nixbld1 RealName "Nix build user 1"
 4259  sudo dscl . -create /Users/nixbld1 UserShell /sbin/nologin
 4260  sudo dseditgroup -o edit -t user -a nixbld1 nixbld
 4261  sudo dscl . -create /Users/nixbld1 PrimaryGroupID 30000

[dustinlyons]

I also had to add this option before it would run: https://github.com/dustinlyons/nixos-config/commit/84767169056e3a6e5a2f6df0f13ac6af00882a10

And now I'm seeing some warnings when I run .#build-switch. Build runs fine, but I borked something with the commands above:

setting up users...
warning: existing user '_nixbld2' has unexpected uid 30002, skipping...
warning: existing user '_nixbld3' has unexpected uid 30003, skipping...
warning: existing user '_nixbld4' has unexpected uid 30004, skipping...
/nix/store/1argmb4dn695l3y8z2pd228jyjbmlamp-darwin-system-24.11.20240919.c04d565+darwin4.c03f85f/activate: line 181: [[: 305 30005: syntax error in expression (error token is "30005")
/nix/store/1argmb4dn695l3y8z2pd228jyjbmlamp-darwin-system-24.11.20240919.c04d565+darwin4.c03f85f/activate: line 201: [[: 306 30006: syntax error in expression (error token is "30006")
/nix/store/1argmb4dn695l3y8z2pd228jyjbmlamp-darwin-system-24.11.20240919.c04d565+darwin4.c03f85f/activate: line 221: [[: 307 30007: syntax error in expression (error token is "30007")
/nix/store/1argmb4dn695l3y8z2pd228jyjbmlamp-darwin-system-24.11.20240919.c04d565+darwin4.c03f85f/activate: line 241: [[: 308 30008: syntax error in expression (error token is "30008")
/nix/store/1argmb4dn695l3y8z2pd228jyjbmlamp-darwin-system-24.11.20240919.c04d565+darwin4.c03f85f/activate: line 261: [[: 309 30009: syntax error in expression (error token is "30009")
warning: existing user '_nixbld10' has unexpected uid 310, skipping...
warning: existing user '_nixbld11' has unexpected uid 311, skipping...
warning: existing user '_nixbld12' has unexpected uid 312, skipping...
warning: existing user '_nixbld13' has unexpected uid 313, skipping...
warning: existing user '_nixbld14' has unexpected uid 314, skipping...
warning: existing user '_nixbld15' has unexpected uid 315, skipping...
warning: existing user '_nixbld16' has unexpected uid 316, skipping...
warning: existing user '_nixbld17' has unexpected uid 317, skipping...
warning: existing user '_nixbld18' has unexpected uid 318, skipping...
warning: existing user '_nixbld19' has unexpected uid 319, skipping...
warning: existing user '_nixbld20' has unexpected uid 320, skipping...
warning: existing user '_nixbld21' has unexpected uid 321, skipping...
warning: existing user '_nixbld22' has unexpected uid 322, skipping...
warning: existing user '_nixbld23' has unexpected uid 323, skipping...
warning: existing user '_nixbld24' has unexpected uid 324, skipping...
warning: existing user '_nixbld25' has unexpected uid 325, skipping...
warning: existing user '_nixbld26' has unexpected uid 326, skipping...
warning: existing user '_nixbld27' has unexpected uid 327, skipping...
warning: existing user '_nixbld28' has unexpected uid 328, skipping...
warning: existing user '_nixbld29' has unexpected uid 329, skipping...
warning: existing user '_nixbld30' has unexpected uid 330, skipping...
warning: existing user '_nixbld31' has unexpected uid 331, skipping...
warning: existing user '_nixbld32' has unexpected uid 332, skipping...

[dustinlyons]

Definitely the upgrade to macOS Sequoia was no fun. I couldn't find much info on the error but stumbled around based on what I could find. I generally don't recommend running random commands from the Internet 😆 But I needed to get Nix back online and was willing to erase my disk and start over (Nix makes this easy) if needed. Thankfully it went okay.

I currently don't know much about how Nix manages the build users. I'll need to spend more time looking into the warnings, or post somewhere else. Any information anyone else finds would be helpful.

[gjolund]

when you get a chance could you document your process for upgrading to sequoia? been holding off in fear that it would be messy, have ptsd from previous MacOS upgrades

[victorhooi]

Is there some way of uninstalling Nix, and reinstalling Nix (via the Determinate Systems installer, and reapplying my Nix config) without wiping macOS?

(This is a work machine, and it's a pain to have to set that stuff up again - so if I could just get rid of the Nix installed stuff - including the Homebrew casks - then reinstall it - that would be great. This would also help in the future, if I do manage to catastrophically break things.)

That being said - Determinate Systems does seem to mention a workaround to this build users being broken issue here:

https://determinate.systems/posts/nix-support-for-macos-sequoia/

Apparently you're meant to run the command they give there before you upgrade to macOS Sequoia....lol.

[victorhooi]

I just tried to run this on my machine, and got this:

❯ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.26.0 | sh -s -- repair sequoia --move-existing-users
info: downloading installer https://install.determinate.systems/nix/tag/v0.26.0/nix-installer-aarch64-darwin
 INFO nix-installer v0.26.0
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Password:
 INFO nix-installer v0.26.0
 WARN get_existing_receipt: Could not parse receipt. Your receipt will not be updated to account for the new UIDs
Will move the _nixbld users to the Sequoia-compatible 350+ UID range and WILL NOT update the receipt

Proceed? ([Y]es/[n]o): yes
 WARN get_existing_receipt: Could not parse receipt. Your receipt will not be updated to account for the new UIDs
 WARN Unable to find create_users_and_group in receipt (receipt didn't exist or is unable to be parsed by this version of the installer). Your receipt at /nix/receipt.json will not reflect the changed UIDs, but the users will still be relocated to the new Sequoia-compatible UID range, starting at 350, and uninstallation will continue to work as normal, even if the UIDs do not match.
 INFO Finished repairing successfully!

[gilescope]

Just did the first bit and that seemed enough. Alas getting "Error: unknown or unsupported macOS version: :dunno" for slack and docker... Maybe I need to do brew update somehow? (Edit: nix flake update seemed to get around that. Edit: now me pinentry's gone walkabout... Edit: turns out export GPG_TTY=$(tty) needed to be set for mac)