Skip to content

Commit

Permalink
Synchronize macOS UIDs and GIDs with upstream scripts to prepare for …
Browse files Browse the repository at this point in the history 
…Sequoia (#1123)

This removes the conditionality of the higher UID range and instead
makes all future installs on macOS use 351+.
  • Loading branch information
@cole-h
cole-h committed Aug 30, 2024
1 parent 1768a3f commit d8f9ed9
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 75 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -491,10 +491,10 @@ These settings are available for all commands.
| `--extra-conf` | Extra configuration lines for `/etc/nix.conf` | | `NIX_INSTALLER_EXTRA_CONF` |
| `--force` | If `nix-installer` should forcibly recreate files it finds existing | `false` | `NIX_INSTALLER_FORCE` |
| `--init` | Which init system to configure (if `--init none` Nix will be root-only) | `launchd` (macOS), `systemd` (Linux) | `NIX_INSTALLER_INIT` |
| `--nix-build-group-id` | The Nix build group GID | `30000` | `NIX_INSTALLER_NIX_BUILD_GROUP_ID` |
| `--nix-build-group-id` | The Nix build group GID | `350` (macOS), `30000` (Linux) | `NIX_INSTALLER_NIX_BUILD_GROUP_ID` |
| `--nix-build-group-name` | The Nix build group name | `nixbld` | `NIX_INSTALLER_NIX_BUILD_GROUP_NAME` |
| `--nix-build-user-count` | The number of build users to create | `32` | `NIX_INSTALLER_NIX_BUILD_USER_COUNT` |
| `--nix-build-user-id-base` | The Nix build user base UID (ascending) | `300` (macOS), `30000` (Linux) | `NIX_INSTALLER_NIX_BUILD_USER_ID_BASE` |
| `--nix-build-user-id-base` | The Nix build user base UID (ascending) (NOTE: the first UID will be this base + 1) | `350` (macOS), `30000` (Linux) | `NIX_INSTALLER_NIX_BUILD_USER_ID_BASE` |
| `--nix-build-user-prefix` | The Nix build user prefix (user numbers will be postfixed) | `_nixbld` (macOS), `nixbld` (Linux) | `NIX_INSTALLER_NIX_BUILD_USER_PREFIX` |
| `--nix-package-url` | The Nix package URL | | `NIX_INSTALLER_NIX_PACKAGE_URL` |
| `--no-confirm` | Run installation without requiring explicit user confirmation | `false` | `NIX_INSTALLER_NO_CONFIRM` |
Expand Down
87 changes: 14 additions & 73 deletions src/settings.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,6 @@ use clap::{
error::{ContextKind, ContextValue},
ArgAction,
};
use color_eyre::owo_colors::OwoColorize as _;
use eyre::Context as _;
use once_cell::sync::OnceCell;
use serde::Deserialize;
use url::Url;

pub const SCRATCH_DIR: &str = "/nix/temp-install-dir";
Expand Down Expand Up @@ -100,12 +96,11 @@ pub struct CommonSettings {
/// The Nix build group GID
#[cfg_attr(
feature = "cli",
clap(
long,
default_value_t = 30_000,
env = "NIX_INSTALLER_NIX_BUILD_GROUP_ID",
global = true
)
clap(long, env = "NIX_INSTALLER_NIX_BUILD_GROUP_ID", global = true)
)]
#[cfg_attr(
all(feature = "cli"),
clap(default_value_t = default_nix_build_group_id())
)]
pub nix_build_group_id: u32,

Expand Down Expand Up @@ -228,74 +223,20 @@ pub struct CommonSettings {
pub diagnostic_endpoint: Option<String>,
}

#[derive(Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "PascalCase")]
pub struct SystemVersionPlist {
product_version: String,
}

const MACOS_SYSTEM_VERSION_PLIST_PATH: &str = "/System/Library/CoreServices/SystemVersion.plist";
const MACOS_SYSTEM_VERSION_PLIST_SYMLINK_PATH: &str =
"/System/Library/CoreServices/.SystemVersionPlatform.plist";

pub fn is_macos_15_or_later() -> bool {
static MACOS_MAJOR_VERSION: OnceCell<u64> = OnceCell::new();
let maybe_major_version = MACOS_MAJOR_VERSION
.get_or_try_init(|| {
// NOTE(cole-h): Sometimes, macOS decides it's a good idea to change the contents of the file you're reading.
// See also:
// https://eclecticlight.co/2020/08/13/macos-version-numbering-isnt-so-simple/
// https://github.com/ziglang/zig/pull/7714/
let symlink_path = std::path::Path::new(MACOS_SYSTEM_VERSION_PLIST_SYMLINK_PATH);
let plist: SystemVersionPlist = if symlink_path.exists() {
plist::from_file(symlink_path).with_context(|| {
format!("Failed to parse plist from {MACOS_SYSTEM_VERSION_PLIST_SYMLINK_PATH}")
})?
} else {
plist::from_file(MACOS_SYSTEM_VERSION_PLIST_PATH).with_context(|| {
format!("Failed to parse plist from {MACOS_SYSTEM_VERSION_PLIST_PATH}")
})?
};

let Some((major, _rest)) = plist.product_version.split_once('.') else {
return Err(eyre::eyre!(
"Failed to parse ProductVersion: {}",
plist.product_version
));
};

let major = major
.parse::<u64>()
.with_context(|| format!("Failed to parse major version '{major}'"))?;

Ok::<_, eyre::Error>(major)
})
.inspect_err(|e| {
// NOTE(cole-h): cannot using tracing here because this is called before we setup the
// tracing subscriber
eprintln!(
"{}",
format!("WARNING: Failed to detect macOS major version, assuming <= macOS 14: {e}")
.yellow()
);
})
.ok();
fn default_nix_build_user_id_base() -> u32 {
use target_lexicon::OperatingSystem;

maybe_major_version.is_some_and(|&v| v >= 15)
match OperatingSystem::host() {
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => 350,
_ => 30_000,
}
}

fn default_nix_build_user_id_base() -> u32 {
fn default_nix_build_group_id() -> u32 {
use target_lexicon::OperatingSystem;

match OperatingSystem::host() {
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => {
// NOTE(cole-h): https://github.com/NixOS/nix/issues/10892#issuecomment-2212094287
if is_macos_15_or_later() {
450
} else {
300
}
},
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => 350,
_ => 30_000,
}
}
Expand Down Expand Up @@ -335,7 +276,7 @@ impl CommonSettings {
determinate_nix: false,
modify_profile: true,
nix_build_group_name: String::from("nixbld"),
nix_build_group_id: 30_000,
nix_build_group_id: default_nix_build_group_id(),
nix_build_user_id_base: default_nix_build_user_id_base(),
nix_build_user_count: 32,
nix_build_user_prefix: nix_build_user_prefix.to_string(),
Expand Down

0 comments on commit d8f9ed9

Please sign in to comment.