From a641089519671ba672d78f9b54dddb8c407f91e2 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 11 Jan 2025 15:44:41 +0000
Subject: [PATCH] =?UTF-8?q?checks:=20remove=20user=E2=80=90dependent=20che?=
=?UTF-8?q?cks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
I’m not sure how important the channel check is given the
`nixPath` check, and support for managing single‐user installs
isn’t long for this world. These are mostly of limited utility in a
post‐user‐activation world, and the adaptation they’d require
just to keep them around a bit longer for compatibility doesn’t
seem worth it.
---
modules/system/checks.nix | 70 ++-------------------------------
tests/checks-nix-gc.nix | 3 --
tests/services-nix-gc.nix | 3 --
tests/services-nix-optimise.nix | 3 --
4 files changed, 4 insertions(+), 75 deletions(-)
diff --git a/modules/system/checks.nix b/modules/system/checks.nix
index 8b526b35..f8d29882 100644
--- a/modules/system/checks.nix
+++ b/modules/system/checks.nix
@@ -152,25 +152,6 @@ let
fi
'';
- nixChannels = ''
- channelsLink=$(readlink "$HOME/.nix-defexpr/channels") || true
- case "$channelsLink" in
- *"$USER"*)
- ;;
- "")
- ;;
- *)
- echo "�[1;31merror: The ~/.nix-defexpr/channels symlink does not point your users channels, aborting activation�[0m" >&2
- echo "Running nix-channel will regenerate it" >&2
- echo >&2
- echo " rm ~/.nix-defexpr/channels" >&2
- echo " nix-channel --update" >&2
- echo >&2
- exit 2
- ;;
- esac
- '';
-
nixInstaller = ''
if grep -q 'etc/profile.d/nix-daemon.sh' /etc/profile; then
echo "�[1;31merror: Found nix-daemon.sh reference in /etc/profile, aborting activation�[0m" >&2
@@ -233,43 +214,6 @@ let
fi
'';
- nixStore = ''
- if test -w /nix/var/nix/db -a ! -O /nix/store; then
- echo >&2 "�[1;31merror: the store is not owned by this user, but /nix/var/nix/db is writable�[0m"
- echo >&2 "If you are using the daemon:"
- echo >&2
- echo >&2 " sudo chown -R root:wheel /nix/var/nix/db"
- echo >&2
- echo >&2 "Otherwise:"
- echo >&2
- echo >&2 " sudo chown -R $USER:staff /nix/store"
- echo >&2
- exit 2
- fi
- '';
-
- nixGarbageCollector = ''
- if test -O /nix/store; then
- echo "�[1;31merror: A single-user install can't run gc as root, aborting activation�[0m" >&2
- echo "Configure the garbage collector to run as the current user:" >&2
- echo >&2
- echo " nix.gc.user = \"$USER\";" >&2
- echo >&2
- exit 2
- fi
- '';
-
- nixStoreOptimiser = ''
- if test -O /nix/store; then
- echo "�[1;31merror: A single-user install can't run optimiser as root, aborting activation�[0m" >&2
- echo "Configure the optimiser to run as the current user:" >&2
- echo >&2
- echo " nix.optimise.user = \"$USER\";" >&2
- echo >&2
- exit 2
- fi
- '';
-
# TODO: Remove this a couple years down the line when we can assume
# that anyone who cares about security has upgraded.
oldSshAuthorizedKeysDirectory = ''
@@ -315,6 +259,10 @@ let
in
{
+ imports = [
+ (mkRemovedOptionModule [ "system" "checks" "verifyNixChannels" ] "This check has been removed.")
+ ];
+
options = {
system.checks.verifyNixPath = mkOption {
type = types.bool;
@@ -322,12 +270,6 @@ in
description = "Whether to run the NIX_PATH validation checks.";
};
- system.checks.verifyNixChannels = mkOption {
- type = types.bool;
- default = config.nix.channel.enable;
- description = "Whether to run the nix-channels validation checks.";
- };
-
system.checks.verifyBuildUsers = mkOption {
type = types.bool;
default =
@@ -358,10 +300,6 @@ in
(mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
(mkIf config.nix.configureBuildUsers buildGroupID)
nixDaemon
- nixStore
- (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
- (mkIf (config.nix.optimise.automatic && config.nix.optimise.user == null) nixStoreOptimiser)
- (mkIf cfg.verifyNixChannels nixChannels)
nixInstaller
(mkIf cfg.verifyNixPath nixPath)
oldSshAuthorizedKeysDirectory
diff --git a/tests/checks-nix-gc.nix b/tests/checks-nix-gc.nix
index e3dccd7f..467084f2 100644
--- a/tests/checks-nix-gc.nix
+++ b/tests/checks-nix-gc.nix
@@ -9,9 +9,6 @@ in
nix.package = nix;
test = ''
- echo checking nix-gc validation >&2
- grep "nix.gc.user = " ${config.out}/activate-user
-
echo checking nix-gc service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-gc</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
(! grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist)
diff --git a/tests/services-nix-gc.nix b/tests/services-nix-gc.nix
index 6d7cdef8..28ad86c8 100644
--- a/tests/services-nix-gc.nix
+++ b/tests/services-nix-gc.nix
@@ -18,8 +18,5 @@ in
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
(! grep "<key>KeepAlive</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist)
-
- echo checking nix-gc validation >&2
- (! grep "nix.gc.user = " ${config.out}/activate-user)
'';
}
diff --git a/tests/services-nix-optimise.nix b/tests/services-nix-optimise.nix
index 4108eb0f..a488dacb 100644
--- a/tests/services-nix-optimise.nix
+++ b/tests/services-nix-optimise.nix
@@ -18,8 +18,5 @@ in
grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
(! grep "<key>KeepAlive</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist)
-
- echo checking nix-optimise validation >&2
- (! grep "nix.optimise.user = " ${config.out}/activate-user)
'';
}