Installation fails on macOS High Sierra 10.13.2 beta

[currymj]

This seems to be failing at a different point than #1582 .

Michaels-MacBook-Pro:~ curry$ sh ./install-nix
downloading Nix 1.11.15 binary tarball for x86_64-darwin from 'https://nixos.org/releases/nix/nix-1.11.15/nix-1.11.15-x86_64-darwin.tar.bz2' to '/var/folders/25/h6pww5l537d8vfykld5dgp940000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.l6TJusD6'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 25.8M  100 25.8M    0     0   456k      0  0:00:58  0:00:58 --:--:--  573k
Switching to the Multi-User Darwin Installer
Welcome to the Multi-User Nix Installation

This installation tool will set up your computer with the Nix package
manager. This will happen in a few stages:

1. Make sure your computer doesn't already have Nix. If it does, I
   will show you instructions on how to clean up your old one.

2. Show you what we are going to install and where. Then we will ask
   if you are ready to continue.

3. Create the system users and groups that the Nix daemon uses to run
   builds.

4. Perform the basic installation of the Nix files daemon.

5. Configure your shell to import special Nix Profile files, so you
   can use Nix.

6. Start the Nix daemon.

Would you like to see a more detailed list of what we will do?
[y/n] n


---- let's talk about sudo -----------------------------------------------------
This script is going to call sudo a lot. Every time we do, it'll
output exactly what it'll do, and why.

Just like this:

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo echo

to demonstrate how our sudo prompts look


This might look scary, but everything can be undone by running just a
few commands. We used to ask you to confirm each time sudo ran, but it
was too many times. Instead, I'll just ask you this one time:

Can we use sudo?
[y/n] y

Yay! Thanks! Let's get going!

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo test -e /var/root/.nix-defexpr

making sure that /var/root/.nix-defexpr doesn't exist


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo test -e /var/root/.nix-channels

making sure that /var/root/.nix-channels doesn't exist


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo test -e /var/root/.nix-profile

making sure that /var/root/.nix-profile doesn't exist


---- hardware report -----------------------------------------------------------
           Cores:	8

---- Nix config report ---------------------------------------------------------
        Temp Dir:	/var/folders/25/h6pww5l537d8vfykld5dgp940000gn/T/tmp.XXXXXXXXXX.OK7d4a9c
        Nix Root:	/nix
     Build Users:	8
  Build Group ID:	30000
Build Group Name:	nixbld

build users:
    Username:	UID
     nixbld1:	30001
     nixbld2:	30002
     nixbld3:	30003
     nixbld4:	30004
     nixbld5:	30005
     nixbld6:	30006
     nixbld7:	30007
     nixbld8:	30008

Ready to continue?
[y/n] y


~~> Setting up the build group nixbld
            Exists:	Yes

~~> Setting up the build user nixbld1

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/sysadminctl -addUser -fullName Nix build user 1 -home /var/empty -UID 30001 -addUser nixbld1

Creating the Nix build user, nixbld1

2017-11-15 17:31:49.208 sysadminctl[6602:237284] Failed to authenticate with SystemAdministration framework.

---- oh no! --------------------------------------------------------------------
Jeeze, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.

:(

We'd love to help if you need it.

If you can, open an issue at https://github.com/nixos/nix/issues

Or feel free to contact the team,
 - on IRC #nixos on irc.freenode.net
 - on twitter @nixos_org

[grahamc]

Yikes! I had tested this, but the users already existed. I will update my test tool to remove users ahead of time, and will look in to it.

[grahamc]

Ok, so you can get around this via:

for i in `seq 1 8`; do
    sudo /usr/sbin/sysadminctl interactive -addUser "nixbld$i" -fullName "Nix build user $i" -home /var/empty -UID "3000$i" -addUser "nixbld$i"
done

but it'll ask for your password a bunch of times, unfortunately. I'm still looking in to a way to make this nicer for the user.

[grahamc]

 gchristensen | creating users takes more than just being root
 gchristensen | you either have to call: sysadminctl interactive -addUser <- and this prompts for the admin password every time it is called
 gchristensen | or ... you call sysadminctl -adminUser <username> -adminPassword <password> -addUser <- but here you have to prompt the username/password ahead of time and pass it in over the CLI,
              | which feels icky
 gchristensen | for multi-user support perhaps a better approach is focusing on an upgrade path
 gchristensen | that way, users who want more safer nix on darwin can choose to, and suffer through the password prompts for a few minutes and not be scared away when they're first using it
 gchristensen | I feel bad that this is the case and I would love there to be an alternative, but I don't seee one
 gchristensen | maybe someone else knows some wizardry```

[currymj]

i'm now happily using nix, so thanks for the workaround. for anyone else who might have stumbled upon this issue after copy-and-pasting an error message into google, please note that the shell script in the comment above has a small typo. the first line should be:

for i in `seq 1 8`; do

[grahamc]

Fixed mine, thank you for the correction! I'm glad it worked :)

[orivej]

It may be worth mentioning this issue at https://forums.developer.apple.com/community/beta/macos-1013-beta

[joelparkerhenderson]

Same issue. High Sierra 10.13.2 Beta (17C60c).

I concur with @orivej about it being worth mentioning the issue on the macOS beta forums, and specifically worth asking for whatever kind of help/wizardry/guidance that Apple's experts may have.

[orivej]

The Nix manual documents the usage of dscl to create build users, which appears to work with sudo on macOS 10.13.2 beta 4 (e.g. sudo dscl . create /Users/tmp12).

[joelparkerhenderson]

Thanks! The sudo script did work for me.

Could there be a way to at minimum to print a better/clearer error message if the build users aren't existing? For example, a pointer to the documentation for dscl, or a link to this github issue, or the script above? (E.g. anything that makes it clear that the Nix group knows about this, and is working on it, and has a workaround?)

[grahamc]

dscl seems to work ... for now ...!

[grahamc]

This seems to does not work, but testing further:

sudo dscl . create "/Users/nixbld99" RealName "Nix build user 99" PrimaryGroupID 30000 UserShell /sbin/nologin NFSHomeDirectory /var/empty UniqueID 30099 IsHidden 1
sudo dseditgroup -o edit -a nixbld99 -t user nixbld 

[robx]

Just to note that the issue still exists, on non-beta High Sierra 10.13.2. And that after the work-around with creating nixbld users things seem fine.

[copumpkin]

Hmm, so @grahamc is it not fixed? I assumed #1700 was it

[joelparkerhenderson]

I'm seeing a side effect that the Nix users now show up on the login screen, and in the menu bar upper right fast user switcher. For comparison, other system-related usernames do not show up.

What removes the Nix users from the login screen and/or fast user switcher?

[orivej]

@joelparkerhenderson:

nix/scripts/install-darwin-multi-user.sh

Line 470 in 1ca8e95

dsclpath="/Users/$username"

nix/scripts/install-darwin-multi-user.sh

Line 501 in 1ca8e95

/usr/bin/dscl . -create "$dsclpath" "IsHidden" "1"

[joelparkerhenderson]

@orivej Thank you!

If anyone else on this thread has a similar issue, here's what I did:

dscl . list /Users | 
grep '^nixbld' | 
xargs -I{} sudo dscl . create /Users/{} IsHidden 1

Then reboot, or at least log out and log back in.

[copumpkin]

Does this mean we end up with a bunch of empty useless home directories under /Users?

[joelparkerhenderson]

@copumpkin As far as I can tell yes. I'm a Nix novice. Can anyone expert here comment? [Edit: I was mistaken-- thanks @orivej -- the user entries are visible on my Mac by using the dscl command and /Local/Default/Users, and are not typical Finder directories.]

For whatever it's worth, as a novice user I personally prefer a simple setup as the default, such as the software creating one nix user, and also ideally naming the user "nix".

This is because a simple setup tends to be faster and easier to start using successfully, and to document, and to troubleshoot if needed. (E.g. there would be only one broken user, and the creating script would not need a for...seq loop, and the hiding script would not need xargs, etc.)

[orivej]

@copumpkin The /Users in that command looks like a directory but does not refer to a directory on a filesystem and works even if there are no /Users/nixbld directories.

[copumpkin]

Oh, interesting, thanks!

[grahamc]

It is an entry in the Directory Service.

…

On Thu, Dec 14, 2017 at 5:22 PM Daniel Peebles ***@***.***> wrote: Oh, interesting, thanks! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1684 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAErrLtlTDwUsR2nvYcl1fIrf8aL6pnuks5tAZ-6gaJpZM4Qfrg-> .

[stale]

I marked this as stale due to inactivity. → More info

[abathur]

I think this can probably be closed at this point?

If nothing else, the macOS behavior has changed in Big Sur (see #4531) necessitating installer changes in #4532 that obsolete a lot of the specifics/commands in this thread.

[stale]

I marked this as stale due to inactivity. → More info