Skip to content

Commit

Permalink
nix-darwin: simplify activation script invocation
Browse files Browse the repository at this point in the history 
In nix-community#587, kalbasit introduce the `-i` flag so the sudo invocation would
run in an environment with `HOME` set to the correct value for the
target user. This was necessary to be able to set up multiple users
without interfering with the invoking user's `HOME`.

In nix-community#807, I switched to `-s` instead because I managed to get an
invalid shell set for my user by switching `useUserPackages` from
`true` to `false` which changes the location where packages are
installed and `~/.nix-profile/bin/<my-shell>` was no longer valid.
This was based on the assumption that `SHELL` would be set to some
sensible value by Home Manager at this point. This turned out to be
false as reported in nix-community#2900.

In 0ced6d6 (this commit's parent at this time), I explicitly set
`SHELL` to `${pkgs.bash}` so it is definitely set to a good shell when
invoking the activation script.

However, nix-community#807 broke activation for multiple users, the original
motivation for `-i`, as reported in nix-community#2856. I fixed this in nix-community#2857 by
additionally passing `--set-home`.

Further discussion with rycee in nix-community#3040 made me realize that the
activation script already has a good Nix store bash shebang. So all
the problems have been caused, not by the shell used for the
activation script but by sudo trying to use a different shell at all.
`-i` uses the shell set in the `passwd` file for the target user, but
this can become invalid as happened to me. `-s` uses either `SHELL` if
it's defined or the invoking user's shell as set in the `passwd` file.
By explicitly setting this to a shell provided by Nix we make sure
we're not trying to launch a non-existent shell. However, we're
clearly already running in an existing shell and because of
`--set-home` we can activate other users properly so there's not
actually any need to try to have sudo start a different shell first,
it just adds an extra process that then goes on to run the activation
script with a good bash because of the shebang.

Dropping `-s` altogether and keeping `--set-home` should avoid all of
these issues.
  • Loading branch information
@toonn @rycee
toonn authored and rycee committed Sep 19, 2022
1 parent 610b1d9 commit 9555918
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion nix-darwin/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ in {
system.activationScripts.postActivation.text = concatStringsSep "\n"
(mapAttrsToList (username: usercfg: ''
echo Activating home-manager configuration for ${username}
SHELL=${pkgs.bash} sudo -u ${username} -s --set-home ${
sudo -u ${username} --set-home ${
pkgs.writeShellScript "activation-${username}" ''
${lib.optionalString (cfg.backupFileExtension != null)
"export HOME_MANAGER_BACKUP_EXT=${
Expand Down

0 comments on commit 9555918

Please sign in to comment.