From 83a2cd0c469f02a7d5f8f8f903429702f0059f56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Mon, 6 May 2024 18:13:15 +0200
Subject: [PATCH 1/2] Fix failing darwin tests

Some tests were failing on darwin,
if the auto-allocate-uids featrure was enabled.
This was because AAU on darwin works by setuid-ing as a non-existent
user, so the tests that were relying on `whoami` were failing.

In the case of trusted-users we fall back to printing the user id,
which is already handled gracefully in the daemon code - i.e. when
a user does not exist or for some other reason looking up their
username is not possible, the daemon falls back to searching for their
uid inside the trusted-users list.

When whoami is used to print the username for other purpose,
we default to printing nixbld.

Change-Id: Ib61615677565098cb5fbf5e26a946ef427c58caf
---
 tests/functional/bash-profile.sh | 2 +-
 tests/functional/init.sh         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/functional/bash-profile.sh b/tests/functional/bash-profile.sh
index 3faeaaba1..01e869202 100644
--- a/tests/functional/bash-profile.sh
+++ b/tests/functional/bash-profile.sh
@@ -2,7 +2,7 @@ source common.sh
 
 sed -e "s|@localstatedir@|$TEST_ROOT/profile-var|g" -e "s|@coreutils@|$coreutils|g" < ../../scripts/nix-profile.sh.in > $TEST_ROOT/nix-profile.sh
 
-user=$(whoami)
+user=$(whoami || echo -n nixbld)
 rm -rf $TEST_HOME $TEST_ROOT/profile-var
 mkdir -p $TEST_HOME
 USER=$user $SHELL -e -c ". $TEST_ROOT/nix-profile.sh; set"
diff --git a/tests/functional/init.sh b/tests/functional/init.sh
index f5a04f62e..663d04721 100755
--- a/tests/functional/init.sh
+++ b/tests/functional/init.sh
@@ -28,7 +28,7 @@ substituters =
 flake-registry = $TEST_ROOT/registry.json
 show-trace = true
 include nix.conf.extra
-trusted-users = $(whoami)
+trusted-users = $(whoami || id -u)
 EOF
 
 cat > "$NIX_CONF_DIR"/nix.conf.extra <<EOF

From f894cce79b05913891c8356948b5fc468a53c198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Mon, 6 May 2024 18:16:50 +0200
Subject: [PATCH 2/2] Always initialize curl in parent process on darwin

Because of an objc quirk[1], calling curl_global_init for the first time
after fork() will always result in a crash.
Up until now the solution has been to set
OBJC_DISABLE_INITIALIZE_FORK_SAFETY for every nix process to ignore
that error.
This is less than ideal because we were setting it in package.nix,
which meant that running nix tests locally would fail because
that variable was not set.
Instead of working around that error we address it at the core -
by calling curl_global_init inside initLibStore, which should mean
curl will already have been initialized by the time we try to do so in
a forked process.

[1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636

Change-Id: Icf26010a8be655127cc130efb9c77b603a6660d0
---
 misc/launchd/org.nixos.nix-daemon.plist.in |  5 -----
 package.nix                                |  4 ----
 src/libstore/globals.cc                    | 14 +++++++++++++-
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/misc/launchd/org.nixos.nix-daemon.plist.in b/misc/launchd/org.nixos.nix-daemon.plist.in
index e1470cf99..664608305 100644
--- a/misc/launchd/org.nixos.nix-daemon.plist.in
+++ b/misc/launchd/org.nixos.nix-daemon.plist.in
@@ -2,11 +2,6 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
   <dict>
-    <key>EnvironmentVariables</key>
-    <dict>
-      <key>OBJC_DISABLE_INITIALIZE_FORK_SAFETY</key>
-      <string>YES</string>
-    </dict>
     <key>Label</key>
     <string>org.nixos.nix-daemon</string>
     <key>KeepAlive</key>
diff --git a/package.nix b/package.nix
index 455e21135..af0a44fee 100644
--- a/package.nix
+++ b/package.nix
@@ -400,10 +400,6 @@ stdenv.mkDerivation (finalAttrs: {
 
   mesonInstallCheckFlags = [ "--suite=installcheck" ];
 
-  preInstallCheck = lib.optionalString stdenv.hostPlatform.isDarwin ''
-    export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
-  '';
-
   installCheckPhase = lib.optionalString buildWithMeson ''
     runHook preInstallCheck
     flagsArray=($mesonInstallCheckFlags "''${mesonInstallCheckFlagsArray[@]}")
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index b7397da1a..3308cad1f 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -25,6 +25,7 @@
 #include "config-impl.hh"
 
 #ifdef __APPLE__
+#include <curl/curl.h>
 #include <sys/sysctl.h>
 #endif
 
@@ -409,10 +410,21 @@ void initLibStore() {
 
     preloadNSS();
 
+#if __APPLE__
+    /* Because of an objc quirk[1], calling curl_global_init for the first time
+       after fork() will always result in a crash.
+       Up until now the solution has been to set OBJC_DISABLE_INITIALIZE_FORK_SAFETY
+       for every nix process to ignore that error.
+       Instead of working around that error we address it at the core -
+       by calling curl_global_init here, which should mean curl will already
+       have been initialized by the time we try to do so in a forked process.
+
+       [1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636
+    */
+    curl_global_init(CURL_GLOBAL_ALL);
     /* On macOS, don't use the per-session TMPDIR (as set e.g. by
        sshd). This breaks build users because they don't have access
        to the TMPDIR, in particular in ‘nix-store --serve’. */
-#if __APPLE__
     if (getEnv("TMPDIR").value_or("/tmp").starts_with("/var/folders/"))
         unsetenv("TMPDIR");
 #endif