mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-03-31 04:04:45 +00:00
darwin-rebuild: require running as root
This commit is contained in:
Emily
parent
2c4fc49f45
commit
1008b7d492
4 changed files with 49 additions and 51 deletions
20
.github/workflows/test.yml
vendored
20
.github/workflows/test.yml
vendored
|
|
@ -39,8 +39,8 @@ jobs:
|
|||
nix_path: nixpkgs=channel:${{ env.NIXPKGS_BRANCH }}
|
||||
- name: Install channels
|
||||
run: |
|
||||
nix-channel --add https://nixos.org/channels/${{ env.NIXPKGS_BRANCH }} nixpkgs
|
||||
nix-channel --update
|
||||
sudo nix-channel --add https://nixos.org/channels/${{ env.NIXPKGS_BRANCH }} nixpkgs
|
||||
sudo nix-channel --update
|
||||
- name: Install nix-darwin
|
||||
run: |
|
||||
sudo mkdir -p /etc/nix-darwin
|
||||
|
|
@ -61,7 +61,7 @@ jobs:
|
|||
/" \
|
||||
/etc/nix-darwin/configuration.nix
|
||||
|
||||
nix run .#darwin-rebuild -- switch \
|
||||
sudo nix run .#darwin-rebuild -- switch \
|
||||
-I darwin=. \
|
||||
-I darwin-config=/etc/nix-darwin/configuration.nix
|
||||
- name: Switch to new configuration
|
||||
|
|
@ -72,17 +72,17 @@ jobs:
|
|||
"s/pkgs.vim/pkgs.hello/" \
|
||||
/etc/nix-darwin/configuration.nix
|
||||
|
||||
darwin-rebuild switch
|
||||
sudo darwin-rebuild switch
|
||||
|
||||
hello
|
||||
- name: Test uninstallation of nix-darwin
|
||||
run: |
|
||||
# We need to specify `--extra-experimental-features` because `experimental-features` is set by
|
||||
# `cachix/install-nix-action` but not by our default config above
|
||||
nix run .#darwin-uninstaller \
|
||||
sudo nix run .#darwin-uninstaller \
|
||||
--extra-experimental-features "nix-command flakes" \
|
||||
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
nix run .#darwin-uninstaller.tests.uninstaller \
|
||||
sudo nix run .#darwin-uninstaller.tests.uninstaller \
|
||||
--extra-experimental-features "nix-command flakes" \
|
||||
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
|
||||
|
|
@ -112,7 +112,7 @@ jobs:
|
|||
's/nixpkgs.hostPlatform = "aarch64-darwin";/nixpkgs.hostPlatform = "'$(nix eval --expr builtins.currentSystem --impure --raw)'";/' \
|
||||
flake.nix
|
||||
popd
|
||||
nix run .#darwin-rebuild -- switch \
|
||||
sudo nix run .#darwin-rebuild -- switch \
|
||||
--override-input nix-darwin . \
|
||||
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
- name: Switch to new configuration
|
||||
|
|
@ -123,12 +123,12 @@ jobs:
|
|||
"s/pkgs.vim/pkgs.hello/" \
|
||||
/etc/nix-darwin/flake.nix
|
||||
|
||||
darwin-rebuild switch \
|
||||
sudo darwin-rebuild switch \
|
||||
--override-input nix-darwin . \
|
||||
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
|
||||
hello
|
||||
- name: Test uninstallation of nix-darwin
|
||||
run: |
|
||||
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
sudo nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
sudo nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
|
||||
|
|
|
|||
16
README.md
16
README.md
|
|
@ -98,9 +98,9 @@ Unlike NixOS, `nix-darwin` does not have an installer, you can just run `darwin-
|
|||
|
||||
```bash
|
||||
# To use Nixpkgs unstable:
|
||||
nix run nix-darwin/master#darwin-rebuild -- switch
|
||||
sudo nix run nix-darwin/master#darwin-rebuild -- switch
|
||||
# To use Nixpkgs 24.11:
|
||||
nix run nix-darwin/nix-darwin-24.11#darwin-rebuild -- switch
|
||||
sudo nix run nix-darwin/nix-darwin-24.11#darwin-rebuild -- switch
|
||||
```
|
||||
|
||||
### Step 3. Using `nix-darwin`
|
||||
|
|
@ -108,7 +108,7 @@ nix run nix-darwin/nix-darwin-24.11#darwin-rebuild -- switch
|
|||
After installing, you can run `darwin-rebuild` to apply changes to your system:
|
||||
|
||||
```bash
|
||||
darwin-rebuild switch
|
||||
sudo darwin-rebuild switch
|
||||
```
|
||||
|
||||
#### Using flake inputs
|
||||
|
|
@ -155,7 +155,7 @@ To install `nix-darwin`, you can just run `darwin-rebuild switch` to install nix
|
|||
|
||||
```bash
|
||||
nix-build '<darwin>' -A darwin-rebuild
|
||||
./result/bin/darwin-rebuild switch -I darwin-config=/etc/nix-darwin/configuration.nix
|
||||
sudo ./result/bin/darwin-rebuild switch -I darwin-config=/etc/nix-darwin/configuration.nix
|
||||
```
|
||||
|
||||
### Step 4. Using `nix-darwin`
|
||||
|
|
@ -163,7 +163,7 @@ nix-build '<darwin>' -A darwin-rebuild
|
|||
After installing, you can run `darwin-rebuild` to apply changes to your system:
|
||||
|
||||
```bash
|
||||
darwin-rebuild switch
|
||||
sudo darwin-rebuild switch
|
||||
```
|
||||
|
||||
### Step 5. Updating `nix-darwin`
|
||||
|
|
@ -186,13 +186,13 @@ The documentation is also available as manpages by running `man 5 configuration.
|
|||
To run the latest version of the uninstaller, you can run the following command:
|
||||
|
||||
```
|
||||
nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
|
||||
sudo nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
|
||||
```
|
||||
|
||||
If that command doesn't work for you, you can try the locally installed uninstaller:
|
||||
|
||||
```
|
||||
darwin-uninstaller
|
||||
sudo darwin-uninstaller
|
||||
```
|
||||
|
||||
## Tests
|
||||
|
|
@ -218,7 +218,7 @@ flag can also be used to override darwin-config or nixpkgs, for more
|
|||
information on the `-I` flag look at the nix-build [manpage](https://nixos.org/manual/nix/stable/command-ref/nix-build.html).
|
||||
|
||||
```bash
|
||||
darwin-rebuild switch -I darwin=.
|
||||
sudo darwin-rebuild switch -I darwin=.
|
||||
```
|
||||
|
||||
If you're adding a module, please add yourself to `meta.maintainers`, for example
|
||||
|
|
|
|||
|
|
@ -53,16 +53,16 @@ in writeShellApplication {
|
|||
${uninstallSystem.system}/sw/bin/darwin-rebuild activate
|
||||
|
||||
if [[ -L /run/current-system ]]; then
|
||||
sudo rm /run/current-system
|
||||
rm /run/current-system
|
||||
fi
|
||||
|
||||
if [[ -L /run ]]; then
|
||||
if [[ -e /etc/synthetic.conf ]]; then
|
||||
sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
|
||||
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
|
||||
sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
|
||||
/System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
|
||||
echo >&2 "NOTE: the /run symlink will be removed on reboot"
|
||||
else
|
||||
sudo rm /run
|
||||
rm /run
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,12 @@
|
|||
set -e
|
||||
set -o pipefail
|
||||
|
||||
if [[ $(id -u) -eq 0 ]]; then
|
||||
# On macOS, `sudo(8)` preserves `$HOME` by default, which causes Nix
|
||||
# to output warnings.
|
||||
HOME=~root
|
||||
fi
|
||||
|
||||
export PATH=@path@
|
||||
export NIX_PATH=${NIX_PATH:-@nixPath@}
|
||||
|
||||
|
|
@ -22,12 +28,6 @@ showSyntax() {
|
|||
exit 1
|
||||
}
|
||||
|
||||
sudo() {
|
||||
# We use `env` before our command to ensure the preserved PATH gets checked
|
||||
# when trying to resolve the command to execute
|
||||
command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
|
||||
}
|
||||
|
||||
# Parse the command line.
|
||||
origArgs=("$@")
|
||||
extraMetadataFlags=()
|
||||
|
|
@ -142,6 +142,11 @@ done
|
|||
|
||||
if [ -z "$action" ]; then showSyntax; fi
|
||||
|
||||
if [[ $action =~ ^switch|activate|rollback|check$ && $(id -u) -ne 0 ]]; then
|
||||
printf >&2 '%s: system activation must now be run as root\n' "$0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
flakeFlags=(--extra-experimental-features 'nix-command flakes')
|
||||
|
||||
# Use /etc/nix-darwin/flake.nix if it exists. It can be a symlink to the
|
||||
|
|
@ -190,15 +195,10 @@ if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ] || [
|
|||
-- "$flake#$flakeAttr.system" \
|
||||
| jq -r '.[0].outputs.out')
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
if [ "$action" = list ] || [ "$action" = rollback ]; then
|
||||
if [ "$USER" != root ] && [ ! -w $(dirname "$profile") ]; then
|
||||
sudo nix-env -p "$profile" "${extraProfileFlags[@]}"
|
||||
else
|
||||
nix-env -p "$profile" "${extraProfileFlags[@]}"
|
||||
fi
|
||||
nix-env -p "$profile" "${extraProfileFlags[@]}"
|
||||
fi
|
||||
|
||||
if [ "$action" = rollback ]; then
|
||||
|
|
@ -222,24 +222,26 @@ else
|
|||
hasActivateUser=
|
||||
fi
|
||||
|
||||
if [ "$action" = switch ]; then
|
||||
if [ "$USER" != root ] && [ ! -w $(dirname "$profile") ]; then
|
||||
sudo nix-env -p "$profile" --set "$systemConfig"
|
||||
runActivateUser() {
|
||||
if [[ -n $SUDO_USER ]]; then
|
||||
sudo --user="$SUDO_USER" --set-home -- "$systemConfig/activate-user"
|
||||
else
|
||||
nix-env -p "$profile" --set "$systemConfig"
|
||||
printf >&2 \
|
||||
'%s: $SUDO_USER not set, can’t run legacy `activate-user` script\n' \
|
||||
"$0"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "$action" = switch ]; then
|
||||
nix-env -p "$profile" --set "$systemConfig"
|
||||
fi
|
||||
|
||||
if [ "$action" = switch ] || [ "$action" = activate ] || [ "$action" = rollback ]; then
|
||||
if [[ -n $hasActivateUser ]]; then
|
||||
"$systemConfig/activate-user"
|
||||
fi
|
||||
|
||||
if [ "$USER" != root ]; then
|
||||
sudo "$systemConfig/activate"
|
||||
else
|
||||
"$systemConfig/activate"
|
||||
runActivateUser
|
||||
fi
|
||||
"$systemConfig/activate"
|
||||
fi
|
||||
|
||||
if [ "$action" = changelog ]; then
|
||||
|
|
@ -249,12 +251,8 @@ fi
|
|||
if [ "$action" = check ]; then
|
||||
export checkActivation=1
|
||||
if [[ -n $hasActivateUser ]]; then
|
||||
"$systemConfig/activate-user"
|
||||
runActivateUser
|
||||
else
|
||||
if [ "$USER" != root ]; then
|
||||
sudo "$systemConfig/activate"
|
||||
else
|
||||
"$systemConfig/activate"
|
||||
fi
|
||||
"$systemConfig/activate"
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue