hedgie has quit []
hedgie has joined #nix-darwin
hmpffff_ has joined #nix-darwin
hmpffff has quit [Ping timeout: 256 seconds]
<cransom> yeah, i can gc at will. no biggy. details on what you are looking for feedback on?
hmpffff_ has quit [Quit: Bye…]
hmpffff has joined #nix-darwin
__monty__ has joined #nix-darwin
<hmpffff> gnaaaa. I just installed nix via modified (removed the zx line) installer. now I'm in the situation that org.nixos.activate-system launchd script will not run (error 126 because of non-existent <some-hash>-activate-system-start) and nearly every nix-command responds with "unable to download … Problem with the SSL CA cert (path? access rights?) (77)"
<hmpffff> then I tried to uninstall (to reinstall it afterwards) – again with the cacert issue
<hmpffff> what is going wrong?
<hmpffff> in nix/store I can see h1vd46rd6k070gh3z04p1fpbpwkz1czw-nss-cacert-3.52.drv and pggx2lfjivilmf6ckiq5p4h9zpamnkaw-nss-cacert-3.49.2
<hmpffff> another question: there is no nixpkgs-darwin-unstable or like this?
<LnL> nixokgs-unstable is for all platforms
<LnL> can you share the output of sudo launchctl print system/org.nixos.nix-daemon
ncl has quit [Remote host closed the connection]
ncl has joined #nix-darwin
nikivi has quit [Write error: Connection reset by peer]
nikivi has joined #nix-darwin
hmpffff has quit [Read error: Connection reset by peer]
hmpffff has joined #nix-darwin
<hmpffff> where shall I put the output
<hmpffff> why "nix-channel --list" is ""
<hmpffff> I would expect at least one channel
<__monty__> Maybe `sudo nix-channel --list`?
<hmpffff> is also empty
<LnL> sudo -i
<LnL> make a gist or whatever paste service you prefer
<hmpffff> ah, ok… -i did it
<LnL> macOS has a bizarre KeepEnv += "HOME" in sudoers
<hmpffff> :)
<LnL> and what state is your install in currently?
<hmpffff> nix is installedand i can use the commands. but i still get the cacert error
<hmpffff> nix-env i- vagrant results in
<hmpffff> error: unable to download 'https://cache.nixos.org/2qv2y5jaiz6nrcx9kzhz8hk55rvhpvgh.narinfo': Problem with the SSL CA cert (path? access rights?) (77)
<hmpffff> nix-env -i <----
<LnL> what does sudo -i nix-env -q list?
<hmpffff> nix-2.3.5
<hmpffff> nss-cacert-3.49.2
<hmpffff> this -i thingy is new since catalina?
<LnL> hmm, that should be working then
<hmpffff> (i mean this sudo -i thingy)
<LnL> nah, since like 10.7 or something
<hmpffff> oh, wow – where was I at that time?
ncl has quit [Remote host closed the connection]
ncl has joined #nix-darwin
ncl has quit [Ping timeout: 240 seconds]
ncl has joined #nix-darwin
<abathur> hmpffff: did you run the . ~/.nix-profile/etc/profile.d/nix.sh command after the install?
<hmpffff> hmmm… nope
<hmpffff> ~/.nix-profile is a link to nowhere
<hmpffff> maybe it's important: I used the migration assistant to migrate from my old MBP 15 late 2014 to the new MBP 16
<hmpffff> some of the migrated data maybe severall years old. maybe I should try it again on a clean installed macos?
<abathur> cransom: I just posted the procedure in a gist https://gist.github.com/abathur/5cd33339a742adf0b8b6b828df03f7b1
<abathur> hmpffff: what hapens if you `echo $NIX_SSL_CERT_FILE`?
<hmpffff> empty line
<abathur> single-user install, or multi?
<hmpffff> multi
<hmpffff> on mojave i never hat such trouble :/
eraserhd has quit [Read error: Connection reset by peer]
<hmpffff> hmm… drunken fingers :)
eraserhd has joined #nix-darwin
<abathur> did you re-start the shell after installing it?
<hmpffff> yes.
<abathur> IIRC multi-user requires re-starting the shell, while single-user gives you a path to source
<abathur> I'm not certain as I don't have a multi-user install to compare against, but it sounds like the shell script that sets up the Nix environment may not be getting sourced in your profile/rc for some reason; at least in single-user mode I have something like NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
<abathur> what happens if you `ls -l /etc/ssl/certs/ca-certificates.crt`?
<hmpffff> the nix commands itself can be used – until something has to be downloaded
<hmpffff> what is the reason for you to to use the single-user-install?
<LnL> that's not there by default
<abathur> or, for that matter, `ls -l /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`
<LnL> the vanilla multi-user installer doesn't configure NIX_SSL_CERT_FILE but the default fallback for openssl is /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<LnL> which should be there given that cacert was installed
<hmpffff> there is a /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<abathur> what does `echo $__ETC_PROFILE_NIX_SOURCED` do?
<hmpffff> 1
<LnL> abathur: doesn't really matter for this, the fallback is baked in
<LnL> strings /nix/store/d81730b86arkcm1bbjyws74bvdrgavap-openssl-1.1.1g/lib/libcrypto.1.1.dylib | grep ca-bundle.crt
<LnL> /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<LnL> if you opensnoop the build that might help
<abathur> LnL just feeling around in the dark, since I don't have a multi-user to poke at, for the reason I have NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt which ultimately resolves down into /nix/store/1zpaxm8a1afqdrc3vw1a9djs7dw8xaac-ca-certificates.crt and hmpffff doesn't
<LnL> yeah that's nix-darwin specific
<abathur> k
<LnL> enables you to customize certificates
<LnL> sudo opensnoop -n nix-daemon
<LnL> and then run a build
<cransom> abathur: what's the significance if i have 0 output from the `log stream` command? no exemptions in use and it was a fresh reboot. lots of output without the `category == 'gk'` though.
<abathur> cransom: was afraid of that, some people have reported that they aren't seeing the assessments; I just got a spare system updated to 10.15.5, so I'll make sure I still see the same results on that one to rule out things like the log format changing etc
<LnL> hmpffff: hmm, that's unexpected, given the launchctl output from earlier
<cransom> and there's 10.15.5 supplemental update, guess i'll do that one too.
<hmpffff> I run macos 10.15.5 (19F101)
<hmpffff> the latest and greatest build
<hmpffff> the best build in the world
<LnL> hmpffff: so looks like the service is looking in the nix-darwin location, did you have that installed before?
<hmpffff> what points you to this direction?
burkelibbey_ has joined #nix-darwin
<LnL> the /etc/ssl/certs/ca-certificates.crt, that doesn't exist by default
<hmpffff> yes, my last nix-darwin setup is still in my home directory (in .config/nixpkgs
<LnL> urgh, doesn't launchctl use the inmemory service information or something?
<hmpffff> i assumed that the old configuration in that location is not reachable for a fresh nix installation
<LnL> try unloading and loading the service plist
<LnL> it's not, but I suspect you didn't fully uninstall the service
<hmpffff> ok, i think it is time to cleanup my installation :)
<hmpffff> (something I've been pushing off for a long time)
<hmpffff> I thank you all very much for your help. at first i'll clean install my mbp and migrate by hand
<abathur> cransom oh, were you not already on 10.15.5? or you just have a bonus update?
<LnL> you don't have to go that far if you don't want to
<cransom> I had it. Another one seems to have popped up.
<abathur> ah
<abathur> ok
<abathur> I'm running a build with the exemption off now; should know in a few minutes
<hmpffff> LnL: I wouldn't say that I wanted so badly… :)
philr has quit [Ping timeout: 246 seconds]
<abathur> cransom: my build is producing log lines; I'll message directly so we can do a little debug I guess :/
ncl has quit [Remote host closed the connection]
ncl has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nix-darwin
mbrgm has joined #nix-darwin
__monty__ has quit [Quit: leaving]
philr has joined #nix-darwin
mbrgm_ has joined #nix-darwin
mbrgm has quit [Ping timeout: 260 seconds]
mbrgm_ is now known as mbrgm
nikivi has quit [Write error: Connection reset by peer]
nikivi has joined #nix-darwin