Merge pull request #1265 from emilazy/push-turlyykvtunt

checks: check for macOS ≥ 11.3

modules/system/base.nix

@@ -2,60 +2,35 @@
 
 {
   system.activationScripts.createRun.text = ''
-    IFS="." read -r -a macOSVersion <<< "$(sw_vers -productVersion)"
+    if [[ $(stat -c '%a' /etc/synthetic.conf) != "644" ]]; then
+      echo "fixing permissions on /etc/synthetic.conf..."
+      sudo chmod 644 /etc/synthetic.conf
+    fi
 
-    if [[ ''${macOSVersion[0]} -gt 10 || ( ''${macOSVersion[0]} -eq 10 && ''${macOSVersion[1]} -ge 15 ) ]]; then
-      if [[ $(stat -c '%a' /etc/synthetic.conf) != "644" ]]; then
-        echo "fixing permissions on /etc/synthetic.conf..."
-        sudo chmod 644 /etc/synthetic.conf
-      fi
+    if [[ $(grep -c '^run\b' /etc/synthetic.conf) -gt 1 ]]; then
+      echo "found duplicate run entries in /etc/synthetic.conf, removing..."
+      sudo sed -i "" -e '/^run\tprivate\/var\/run$/d' /etc/synthetic.conf
+    fi
 
-      if [[ $(grep -c '^run\b' /etc/synthetic.conf) -gt 1 ]]; then
-        echo "found duplicate run entries in /etc/synthetic.conf, removing..."
-        sudo sed -i "" -e '/^run\tprivate\/var\/run$/d' /etc/synthetic.conf
-      fi
+    if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
+      echo "setting up /run via /etc/synthetic.conf..."
+      printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
+    fi
 
-      if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
-        echo "setting up /run via /etc/synthetic.conf..."
-        printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
-      fi
+    sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
 
-      if [[ ''${macOSVersion[0]} -gt 10 ]]; then
-        sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
-      else
-        sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B || true
-      fi
-
-      if [[ ! -L /run ]]; then
-        printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
-        printf >&2 'To create a symlink from /run to /var/run, please run:\n'
-        printf >&2 '\n'
-        printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf"
-
-        if [[ ''${macOSVersion[0]} -gt 10 ]]; then
-          printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n'
-        else
-          printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B\n'
-        fi
-
-        printf >&2 '\n'
-        printf >&2 'The current contents of /etc/synthetic.conf is:\n'
-        printf >&2 '\n'
-        sudo sed 's/^/    /' /etc/synthetic.conf >&2
-        printf >&2 '\n'
-        exit 1
-      fi
-    else
-      echo "setting up /run..."
-      sudo ln -sfn private/var/run /run
-
-      if [[ ! -L /run ]]; then
-        printf >&2 'error: failed to symlink /run, aborting activation\n'
-        printf >&2 'To create a symlink from /run to /var/run, please run:\n'
-        printf >&2 '\n'
-        printf >&2 '$ sudo ln -sfn private/var/link /run\n'
-        exit 1
-      fi
+    if [[ ! -L /run ]]; then
+      printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
+      printf >&2 'To create a symlink from /run to /var/run, please run:\n'
+      printf >&2 '\n'
+      printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf\n"
+      printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n'
+      printf >&2 '\n'
+      printf >&2 'The current contents of /etc/synthetic.conf is:\n'
+      printf >&2 '\n'
+      sed 's/^/    /' /etc/synthetic.conf >&2
+      printf >&2 '\n'
+      exit 1
     fi
   '';
 }

modules/system/checks.nix

@@ -24,6 +24,29 @@ let
     fi
   '';
 
+  macOSVersion = ''
+    IFS=. read -ra osVersion <<<"$(sw_vers --productVersion)"
+    if (( osVersion[0] < 11 || (osVersion[0] == 11 && osVersion[1] < 3) )); then
+      printf >&2 '\e[1;31merror: macOS version is less than 11.3, aborting activation\e[0m\n'
+      printf >&2 'Nixpkgs 25.05 requires macOS Big Sur 11.3 or newer, and 25.11 will\n'
+      printf >&2 'require macOS Sonoma 14.\n'
+      printf >&2 '\n'
+      printf >&2 'For more information on your options going forward, see the 25.05\n'
+      printf >&2 'release notes:\n'
+      printf >&2 '<https://nixos.org/manual/nixos/unstable/release-notes#sec-release-25.05>\n'
+      printf >&2 '\n'
+      printf >&2 'Nixpkgs 24.11 and nix-darwin 24.11 continue to support down to macOS\n'
+      printf >&2 'Sierra 10.12, and will be supported through June 2025.\n'
+      printf >&2 '\n'
+      printf >&2 'You can override this check by setting:\n'
+      printf >&2 '\n'
+      printf >&2 '    system.checks.verifyMacOSVersion = false;\n'
+      printf >&2 '\n'
+      printf >&2 'However, we are unable to provide support if you do so.\n'
+      exit 1
+    fi
+  '';
+
   runLink = ''
     if [[ ! -e /run ]]; then
       printf >&2 'error: directory /run does not exist, aborting activation\n'
@@ -341,6 +364,12 @@ in
       description = "Whether to run the Nix build users validation checks.";
     };
 
+    system.checks.verifyMacOSVersion = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to run the macOS version check.";
+    };
+
     system.checks.text = mkOption {
       internal = true;
       type = types.lines;
@@ -352,6 +381,7 @@ in
 
     system.checks.text = mkMerge [
       darwinChanges
+      (mkIf cfg.verifyMacOSVersion macOSVersion)
       runLink
       (mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers)
       (mkIf cfg.verifyBuildUsers buildUsers)

modules/system/defaults/universalaccess.nix

@@ -28,7 +28,6 @@ with lib;
       default = null;
       description = ''
         Disable transparency in the menu bar and elsewhere.
-        Requires macOS Yosemite or later.
         The default is false.
       '';
     };

pkgs/darwin-uninstaller/default.nix

@@ -56,7 +56,6 @@ in writeShellApplication {
     if [[ -L /run ]]; then
       if [[ -e /etc/synthetic.conf ]]; then
         sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
-        sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
         sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
         echo >&2 "NOTE: the /run symlink will be removed on reboot"
       else

pkgs/nix-tools/darwin-rebuild.sh

@@ -22,15 +22,9 @@ showSyntax() {
 }
 
 sudo() {
-  # REMOVEME when support for macOS 10.13 is dropped
-  # macOS 10.13 does not support sudo --preserve-env so we make this conditional
-  if command sudo --help | grep -- --preserve-env= >/dev/null; then
-    # We use `env` before our command to ensure the preserved PATH gets checked
-    # when trying to resolve the command to execute
-    command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
-  else
-    command sudo -H "$@"
-  fi
+  # We use `env` before our command to ensure the preserved PATH gets checked
+  # when trying to resolve the command to execute
+  command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
 }
 
 # Parse the command line.