1
0
Fork 0
forked from lix-project/lix
Commit graph

71 commits

Author SHA1 Message Date
Eelco Dolstra 9277e72cb0
Typo 2019-10-09 23:35:02 +02:00
Eelco Dolstra c43d9f6131
Remove some redundant initialization 2019-10-09 23:35:01 +02:00
Eelco Dolstra 5a303093dc
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes  (CVE-2019-17365).
Should also fix .
2019-10-09 23:34:48 +02:00
Matthew Bauer d4e51aac08 Make preexisting Nix install a warning, not a failure
In the multi-user install script, we originally made sure no previous
references to Nix existed. This prevented any previous installs from
contaminating the new install. However, some users need the ability to
repair their existing Nix installation without uninstalling all
references to Nix. This change allows users with existing Nix
installations to use the installer, while still outputing a warning
message on the dangers of this. As a result, the multi-user install
script work much more like the single-user install script has worked
in the past.

This is a requirement for macOS Catalina users now that
/Library/LaunchDaemons/org.nixos.nix-daemon.plisg is not managed by
the Nix store. If there is ever a change to the .plist, all users will
need to rerun this install script to get the new changes. Otherwise,
changes to the launch daemon will require manual interventions.
2019-10-08 21:53:06 -04:00
Eelco Dolstra ad03159e25
Merge pull request from samueldr/install/detect-systemd-separately
install-multi-user: Detect and fail lack of systemd separately
2019-08-28 11:34:23 +02:00
Matthew Bauer 0463d5e36f Allow empty /nix directory in multi-user installer
With macOS catalina, we can no longer modify the root system
volume (). macOS provides a system configuration file in
synthetic.conf(5) to create empty root directories. This can be used
to mount /nix to a separate volume. As a result, this directory will
need to already exist prior to installation. Instead, check for
/nix/store and /nix/var for a live Nix installation.
2019-08-22 23:38:52 -04:00
Eelco Dolstra 38a4d38bc3
Merge pull request from bjornfor/install-multi-user-defaults
install-multi-user: reduce max-jobs from 32 to 1
2019-06-17 10:17:40 +02:00
Eelco Dolstra 989cb37777
Merge pull request from bjornfor/offline-install
install script: don't abort when "nix-channel --update" fails
2019-05-01 15:48:39 +02:00
Bjørn Forsman 07d9981f34 install-multi-user: remove unneeded settings from nix.conf
Hardcoding the "max-jobs" and "cores" settings in nix.conf at install
time, to the same value as Nix' built-in default, makes little sense to
me.
2019-03-27 16:26:14 +01:00
Bjørn Forsman dbe4c043d7 install-multi-user: reduce max-jobs from 32 to 1
Having max-jobs = 32 ($NIX_USER_COUNT is hardcoded to that value) may
severely overload the machine. The nix.conf(5) manual page says max-jobs
defaults to 1, so let's use that value.

NOTE: Both max-jobs and cores are now being set to their default value,
so they can be removed alltogether.
2019-03-27 16:23:35 +01:00
Samuel Dionne-Riel d854e7dfd6 install-multi-user: Detect and fail lack of systemd separately
Otherwise, the user is shown:

```
Sorry, I don't know what to do on Linux
```

Which is... not exactly right.
2019-03-26 21:08:22 -04:00
Domen Kožar 6f0359012c
Merge pull request from thoughtpolice/scripts/multi-user-sandbox
scripts: remove default 'sandbox = false' from multi-user installer
2019-03-24 19:45:56 +07:00
Austin Seipp d7a7a029ff
scripts: remove default 'sandbox = false' from multi-user installer
Sandboxing is now enabled by default on Linux, but is still disabled on
macOS. However, the installer always turned it off to ensure consistent
behavior.

Remove this default configuration, so we fall back to the default
platform-specific value.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-02-23 08:35:26 -06:00
Jonas Chevalier b402148d8f
remove noop uses of nix-store --init
the nix-store --init command is a noop apparently
2019-02-22 21:07:53 +01:00
Bjørn Forsman b9567aa8b6 install script: don't abort when "nix-channel --update" fails
Instead, print a message about what happened and tell the user what can
be done (run "[sudo -i] nix-channel --update nixpkgs" again at a later
time). This change allows installing Nix when you're offline.

Since the multi-user installer is so verbose, the message isn't printed
until the end.

Fixes issue  ("installation without internet connection").
2019-02-20 09:35:01 +01:00
Graham Christensen 6ba1726eeb
install-multi-user: support 'set -u' runs, closes 2018-05-30 09:35:21 -04:00
Graham Christensen c4b9486f9b
install-multi-user: don't force NIX_SSL_CERT_FILE
Following the lead of the single user installer, if NIX_SSL_CERT_FILE is explicitly set prior to running, accept the user-provided version.
2018-05-25 15:54:55 -04:00
Graham Christensen 4eb40c72ed
macos: Handle when a build user doesn't have a user ID 2018-03-30 13:57:00 -04:00
Graham Christensen f06f8102bd
Use a looser comparison for the 'user note' check
We use grep instead of an equality check because it is difficult
to extract _just_ the user's note, instead it is prefixed with
some plist junk. This was causing the user note to always be set,
even if there was no reason for it.
2018-03-30 11:38:08 -04:00
Graham Christensen 4ba91f5bae
Check for the existence of a profile target before seeing if it mentions Nix
Grep would ignore files that didn't exist, but would complain
about files in a directory if the directory didn't exist. Simply check
for the directory first, prior to grepping it.
2018-03-30 11:37:32 -04:00
Graham Christensen 2921165a9d
Expand the multi-user installer to support Linuxes with systemd
- darwin installer: delete hardware report, not necessary
 - moves os-specific code from the darwin installer to to `poly_*`
   functions
 - adds profile.d support to the profile targets, which automatically
   handles many distros which don't have a /etc/bashrc but do have an
   /etc/profile.d
 - /bin/bash -> /usr/bin/env bash
 - document why each excluded shellcheck check is excluded
 - rename the multi-user to Daemon-based
2018-03-29 15:38:01 -04:00