<cransom>
yeah, i can gc at will. no biggy. details on what you are looking for feedback on?
hmpffff_ has quit [Quit: Bye…]
hmpffff has joined #nix-darwin
__monty__ has joined #nix-darwin
<hmpffff>
gnaaaa. I just installed nix via modified (removed the zx line) installer. now I'm in the situation that org.nixos.activate-system launchd script will not run (error 126 because of non-existent <some-hash>-activate-system-start) and nearly every nix-command responds with "unable to download … Problem with the SSL CA cert (path? access rights?) (77)"
<hmpffff>
then I tried to uninstall (to reinstall it afterwards) – again with the cacert issue
<hmpffff>
what is going wrong?
<hmpffff>
in nix/store I can see h1vd46rd6k070gh3z04p1fpbpwkz1czw-nss-cacert-3.52.drv and pggx2lfjivilmf6ckiq5p4h9zpamnkaw-nss-cacert-3.49.2
<hmpffff>
another question: there is no nixpkgs-darwin-unstable or like this?
<LnL>
nixokgs-unstable is for all platforms
<LnL>
can you share the output of sudo launchctl print system/org.nixos.nix-daemon
ncl has quit [Remote host closed the connection]
ncl has joined #nix-darwin
nikivi has quit [Write error: Connection reset by peer]
nikivi has joined #nix-darwin
hmpffff has quit [Read error: Connection reset by peer]
hmpffff has joined #nix-darwin
<hmpffff>
where shall I put the output
<hmpffff>
why "nix-channel --list" is ""
<hmpffff>
I would expect at least one channel
<__monty__>
Maybe `sudo nix-channel --list`?
<hmpffff>
is also empty
<LnL>
sudo -i
<LnL>
make a gist or whatever paste service you prefer
<hmpffff>
ah, ok… -i did it
<LnL>
macOS has a bizarre KeepEnv += "HOME" in sudoers
<abathur>
hmpffff: what hapens if you `echo $NIX_SSL_CERT_FILE`?
<hmpffff>
empty line
<abathur>
single-user install, or multi?
<hmpffff>
multi
<hmpffff>
on mojave i never hat such trouble :/
eraserhd has quit [Read error: Connection reset by peer]
<hmpffff>
hmm… drunken fingers :)
eraserhd has joined #nix-darwin
<abathur>
did you re-start the shell after installing it?
<hmpffff>
yes.
<abathur>
IIRC multi-user requires re-starting the shell, while single-user gives you a path to source
<abathur>
I'm not certain as I don't have a multi-user install to compare against, but it sounds like the shell script that sets up the Nix environment may not be getting sourced in your profile/rc for some reason; at least in single-user mode I have something like NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
<abathur>
what happens if you `ls -l /etc/ssl/certs/ca-certificates.crt`?
<hmpffff>
the nix commands itself can be used – until something has to be downloaded
<hmpffff>
what is the reason for you to to use the single-user-install?
<LnL>
that's not there by default
<abathur>
or, for that matter, `ls -l /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`
<LnL>
the vanilla multi-user installer doesn't configure NIX_SSL_CERT_FILE but the default fallback for openssl is /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<LnL>
which should be there given that cacert was installed
<hmpffff>
there is a /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<abathur>
what does `echo $__ETC_PROFILE_NIX_SOURCED` do?
<hmpffff>
1
<LnL>
abathur: doesn't really matter for this, the fallback is baked in
<abathur>
LnL just feeling around in the dark, since I don't have a multi-user to poke at, for the reason I have NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt which ultimately resolves down into /nix/store/1zpaxm8a1afqdrc3vw1a9djs7dw8xaac-ca-certificates.crt and hmpffff doesn't
<LnL>
yeah that's nix-darwin specific
<abathur>
k
<LnL>
enables you to customize certificates
<LnL>
sudo opensnoop -n nix-daemon
<LnL>
and then run a build
<cransom>
abathur: what's the significance if i have 0 output from the `log stream` command? no exemptions in use and it was a fresh reboot. lots of output without the `category == 'gk'` though.
<abathur>
cransom: was afraid of that, some people have reported that they aren't seeing the assessments; I just got a spare system updated to 10.15.5, so I'll make sure I still see the same results on that one to rule out things like the log format changing etc
<LnL>
hmpffff: hmm, that's unexpected, given the launchctl output from earlier
<cransom>
and there's 10.15.5 supplemental update, guess i'll do that one too.
<hmpffff>
I run macos 10.15.5 (19F101)
<hmpffff>
the latest and greatest build
<hmpffff>
the best build in the world
<LnL>
hmpffff: so looks like the service is looking in the nix-darwin location, did you have that installed before?
<hmpffff>
what points you to this direction?
burkelibbey_ has joined #nix-darwin
<LnL>
the /etc/ssl/certs/ca-certificates.crt, that doesn't exist by default
<hmpffff>
yes, my last nix-darwin setup is still in my home directory (in .config/nixpkgs
<LnL>
urgh, doesn't launchctl use the inmemory service information or something?
<hmpffff>
i assumed that the old configuration in that location is not reachable for a fresh nix installation
<LnL>
try unloading and loading the service plist
<LnL>
it's not, but I suspect you didn't fully uninstall the service
<hmpffff>
ok, i think it is time to cleanup my installation :)
<hmpffff>
(something I've been pushing off for a long time)
<hmpffff>
I thank you all very much for your help. at first i'll clean install my mbp and migrate by hand
<abathur>
cransom oh, were you not already on 10.15.5? or you just have a bonus update?
<LnL>
you don't have to go that far if you don't want to
<cransom>
I had it. Another one seems to have popped up.
<abathur>
ah
<abathur>
ok
<abathur>
I'm running a build with the exemption off now; should know in a few minutes
<hmpffff>
LnL: I wouldn't say that I wanted so badly… :)
philr has quit [Ping timeout: 246 seconds]
<abathur>
cransom: my build is producing log lines; I'll message directly so we can do a little debug I guess :/
ncl has quit [Remote host closed the connection]
ncl has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nix-darwin
mbrgm has joined #nix-darwin
__monty__ has quit [Quit: leaving]
philr has joined #nix-darwin
mbrgm_ has joined #nix-darwin
mbrgm has quit [Ping timeout: 260 seconds]
mbrgm_ is now known as mbrgm
nikivi has quit [Write error: Connection reset by peer]