From 0e87d3d3914321ceea5b10a87f48b6ff6179e190 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 11 Jan 2025 15:44:41 +0000
Subject: [PATCH 1/3] =?UTF-8?q?activate-system:=20don=E2=80=99t=20`KeepAli?=
 =?UTF-8?q?ve`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It seems like a bad idea to keep restarting the activation daemon
when it fails.
---
 modules/services/activate-system/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/services/activate-system/default.nix b/modules/services/activate-system/default.nix
index 6a982fe8..d8d86831 100644
--- a/modules/services/activate-system/default.nix
+++ b/modules/services/activate-system/default.nix
@@ -28,7 +28,6 @@
         ${config.system.activationScripts.keyboard.text}
       '';
       serviceConfig.RunAtLoad = true;
-      serviceConfig.KeepAlive.SuccessfulExit = false;
     };
   };
 }

From ff80eacd0f756fa2c410f9128b114eeb0b4e5bc5 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 11 Jan 2025 15:44:41 +0000
Subject: [PATCH 2/3] activation-scripts: remove `_status`

I believe this has been obsolete since `set -e` was added in
8708ebb7964fc68311f5eae73bb7c45bfbb93d54.
---
 modules/system/activation-scripts.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix
index 5f8916cc..b95ea324 100644
--- a/modules/system/activation-scripts.nix
+++ b/modules/system/activation-scripts.nix
@@ -44,9 +44,6 @@ in
 
       systemConfig=@out@
 
-      _status=0
-      trap "_status=1" ERR
-
       # Ensure a consistent umask.
       umask 0022
 
@@ -82,8 +79,6 @@ in
 
       # Prevent the current configuration from being garbage-collected.
       ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
-
-      exit $_status
     '';
 
     # FIXME: activationScripts.checks should be system level

From 4bff4bc8ae105dbc3a56ed5255fbde9495cbf4c1 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 11 Jan 2025 15:44:41 +0000
Subject: [PATCH 3/3] {activation-scripts,activate-system}: purify environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This ensures that system activation does not depend on various
details of its process environment, ensuring uniformity across various
invocation contexts and with the `activate-system` daemon. This becomes
more important in a post‐user‐activation world to avoid problematic
dependencies like `$SUDO_USER`, but is a good idea in general.

The `sudoers(5)` defaults on my Sequoia system are:

    Defaults	env_reset
    Defaults	env_keep += "BLOCKSIZE"
    Defaults	env_keep += "COLORFGBG COLORTERM"
    Defaults	env_keep += "__CF_USER_TEXT_ENCODING"
    Defaults	env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
    Defaults	env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
    Defaults	env_keep += "LINES COLUMNS"
    Defaults	env_keep += "LSCOLORS"
    Defaults	env_keep += "SSH_AUTH_SOCK"
    Defaults	env_keep += "TZ"
    Defaults	env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
    Defaults	env_keep += "EDITOR VISUAL"
    Defaults	env_keep += "HOME MAIL"

Of these preserved environment variables, the ones that are set in
practice when I run `sudo env` that aren’t set in the activation
script here are:

* `$COLORTERM`
* `$DISPLAY`
* `$EDITOR`
* `$MAIL`
* `$SSH_AUTH_SOCK`
* `$TERM`
* `$__CF_USER_TEXT_ENCODING`

Most of these seem either pointless or actively harmful to set for
the purpose of the system activation script.

This will mean that tools run during activation won’t print output
in the user’s preferred language, but that’s probably the right
trade‐off overall, as that is likely to break activation scripts
that parse command output anyway.
---
 modules/services/activate-system/default.nix |  7 +++++++
 modules/system/activation-scripts.nix        | 19 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/modules/services/activate-system/default.nix b/modules/services/activate-system/default.nix
index d8d86831..127514a6 100644
--- a/modules/services/activate-system/default.nix
+++ b/modules/services/activate-system/default.nix
@@ -10,7 +10,14 @@
       script = ''
         set -e
         set -o pipefail
+
         export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+        export USER=root
+        export LOGNAME=root
+        export HOME=~root
+        export SHELL=$BASH
+        export LANG=C
+        export LC_CTYPE=UTF-8
 
         systemConfig=$(cat ${config.system.profile}/systemConfig)
 
diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix
index b95ea324..0143d2ba 100644
--- a/modules/system/activation-scripts.nix
+++ b/modules/system/activation-scripts.nix
@@ -37,16 +37,33 @@ in
   config = {
 
     system.activationScripts.script.text = ''
-      #! ${stdenv.shell}
+      #!/usr/bin/env -i ${stdenv.shell}
+      # shellcheck shell=bash
+      # shellcheck disable=SC2096
+
       set -e
       set -o pipefail
+
       export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+      export USER=root
+      export LOGNAME=root
+      export HOME=~root
+      export SHELL=$BASH
+      export LANG=C
+      export LC_CTYPE=UTF-8
 
       systemConfig=@out@
 
       # Ensure a consistent umask.
       umask 0022
 
+      cd /
+
+      if [[ $(id -u) -ne 0 ]]; then
+        printf >&2 '\e[1;31merror: `activate` must be run as root\e[0m\n'
+        exit 2
+      fi
+
       ${cfg.activationScripts.preActivation.text}
 
       # We run `etcChecks` again just in case someone runs `activate`