johnw has quit [Remote host closed the connection]
<clever> LnL: what can go wrong if `darwin-rebuild switch` is ran as root the first time you switch?
johnny101 has joined #nix-darwin
philr has joined #nix-darwin
__monty__ has joined #nix-darwin
Chiliparrot has joined #nix-darwin
<LnL> clever: not much I think, it only uses root for system stuff because 1. nix single-user install 2. things like defaults write are only apply for the login user
philr has quit [Ping timeout: 260 seconds]
<evelyn> that issue on github has really got out of hand
<evelyn> it is so big that people are complaining that things don't work that are documented further up
<evelyn> e.g. the last comment 'Apple offers a new option for writable / volumes in Catalina: man synthetic.conf'
<LnL> yeah, github issues doesn't work for something like this
<LnL> and it's not really the right place IMHO
<evelyn> I think the issue should be locked
<evelyn> it's just confusing people
<LnL> the issue is about readonly / and the answer is synthetic.conf the rest is unrelated discussion or another issue
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
philr has joined #nix-darwin
Chiliparrot has joined #nix-darwin
eraserhd has quit [Ping timeout: 260 seconds]
eraserhd has joined #nix-darwin
Chiliparrot has quit [Ping timeout: 240 seconds]
Chiliparrot has joined #nix-darwin
<clever> LnL: i worked around the problem by running `darwin-rebuild build` as root, then `darwin-rebuild switch` as the right user
<LnL> yeah that should be finie
<clever> creating user hercules-ci-agent...
<clever> dscl_cmd> DS Error: -14135 (eDSRecordAlreadyExists)
<clever> main> attribute status: eDSRecordAlreadyExists
<clever> LnL: ive also got this error causing darwin-rebuild to crash hard
<LnL> hm
<LnL> what does this return?
<LnL> dscl . -read '/Users/hercules-ci-agent' UniqueID
<clever> <dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
<clever> LnL: if darwin-rebuild fails hard, then my ssh keys arent allowed into the machine, so i cant see what happens in that case
<clever> LnL: if i disable hercules-ci-agent, then it obviously doesnt exist
<LnL> what about id hercules-ci-agent?
<clever> id: hercules-ci-agent: no such user
<clever> we are using zfs snapshots to undo all state to the mac on every shutdown
<LnL> why is it failing then...
<clever> thats what makes no sense
<LnL> oh hold on
<LnL> x=$(dscl . -read '/Users/hercules-ci-agent' UniqueID)
<LnL> echo "'$x'"
<clever> ''
<clever> when hercules is disabled, it prints an empty string
<LnL> nevermind, that's not a problem
<LnL> unless the read fails for some reason?
<clever> LnL: i cant run any tests after the failure happens, because the failure prevents ssh keys from being configured
<LnL> this might help for debugging
<LnL> system.activationScripts.preActivation.text = '' dscl . -read /Users/hercules-ci-agent || true '';
<LnL> the outptut is redirected during normal execution
<LnL> I'd expect this to fail once with NotFound but then not succeed the second time
<clever> ah, that also sounds like a good place for `set -x`
<LnL> actually... looking at the order this might be the first place where permissions are required
<LnL> or more specifically the root check above
<LnL> are you running root -> ( switch; user -> switch ) or root -> switch; user -> switch
<clever> looks like activate-user runs as the user, and activate runs as root, seems normal
<clever> its running as `nixos`
<clever> 134 sudo -i -H -u nixos -- darwin-rebuild switch
<LnL> alright, that looks fine
<clever> deploying...
<clever> /Volumes/CONFIG/apply.sh::::132 darwin-rebuild build -I darwin-config=/Users/nixos/.nixpkgs/darwin-configuration.nix
<clever> building the system configuration...
<clever> copying path '/nix/store/izzvxbikdr9pc9kp01fjgy3i0zvya5wb-mirrors-list' from 'https://cache.nixos.org'...
<clever> LnL: it doesnt seem to be fully obeying the nix.conf file...
<LnL> before configuration?
<clever> there is a second nix.conf, made with a bash heredoc
<clever> which is part of why its a 2 step build + switch
<clever> so i can delete that one before switch gets upset about it being in the way
<LnL> so that's the second activation?
<clever> the download is happening on the build step, when the custom nix.conf is still in place
<clever> once that build finishes, i'll see the hercules error
<LnL> did you reload the daemon? it only loads on start and nix-darwin doesn't know things changed yet
<clever> 75 cat <<EOF > /etc/nix/nix.conf
<clever> 101 sudo launchctl kickstart system/org.nixos.nix-daemon
<LnL> add -k to that
<clever> after the kickstart cmd?
<LnL> -k If the service is already running, kill the running instance before restarting the service.
<LnL> sudo launchctl kickstart -k system/org.nixos.nix-daemon
<LnL> don't know if the order is important
<clever> i dont think thats needed...
<clever> //Volumes/CONFIG/apply.sh::::97 nix-build https://github.com/hercules-ci/nix-darwin/archive/e2277706f08d7d1a77e86e5628352e4a1ef66eab.tar.gz -A installer --no-out-link
<clever> copying path '/nix/store/b7hkcyhrqsiwmwq1hr1gbvsa9lcnpr1w-Libsystem-osx-10.11.6' from 'http://192.168.3.1:8081'...
<clever> the install of nix-darwin itself, prior to the `darwin-rebuild build` was obeying nix.conf
<clever> 97 installer=$(nix-build @nixDarwinUrl@ -A installer --no-out-link)
<clever> oh, thats before the kickstart!
<clever> weird, i would expect that to have not worked
<clever> LnL: pastebinning...
<clever> angerman: you where right!
<angerman> clever: what?
<clever> LnL: why is it assigning the same uid to both users?
<clever> angerman: buildkite and hercules are the same uid!
<LnL> aha!
<angerman> clever: ahh! Good(?) to know!
* LnL should add a check for that
<clever> LnL: nothing is setting the uid for buildkite, so how did it wind up with 532?
<LnL> dunno
<LnL> line 3 implies it's set somewhere
<clever> aha
<clever> 76 users.users.buildkite-agent = {
<clever> 77 uid = 532;
<clever> then why is hercules using the same uid?...
<clever> theres the problem!
<LnL> heh :D
<clever> i'll make it 727 now
<LnL> clever: 3d50598ae007b175924344992cfcd41366e1bf57
hedgie has quit []
hedgie has joined #nix-darwin
philr has quit [Ping timeout: 268 seconds]
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
johnw has joined #nix-darwin
ryanartecona has joined #nix-darwin
eraserhd has quit [Ping timeout: 260 seconds]
eraserhd has joined #nix-darwin
ryanartecona has quit [Quit: ryanartecona]
hedgie has quit [Read error: Connection reset by peer]
hedgie has joined #nix-darwin
ryanartecona has joined #nix-darwin
Chiliparrot has joined #nix-darwin
ryanartecona has quit [Quit: ryanartecona]
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
hedgie has quit [Ping timeout: 265 seconds]
hedgie has joined #nix-darwin
philr has joined #nix-darwin
ryanartecona has joined #nix-darwin
__monty__ has quit [Quit: leaving]