Nix SSL path set incorrectly in the daemon on macOS #226
Labels
No labels
Area/build-packaging
Area/evaluator
Area/flakes
Area/language
Area/profiles
Area/protocol
Area/releng
Area/remote-builds
Area/repl
Area/store
bug
Cross Compilation
devx
docs
Downstream Dependents
E/easy
E/hard
E/help wanted
E/reproducible
E/requires rearchitecture
imported
Needs Langver
OS/Linux
OS/macOS
performance
regression
release-blocker
RFD
stability
Status
blocked
Status
invalid
Status
postponed
Status
wontfix
testing
ux
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lix-project/lix#226
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
There's a bug in
scripts/nix-profile-daemon.sh.in
(and debatably all the other activation scripts) where on macOS, if you don't for some reason have system certificates in a path matching a Linux distribution (not a default configuration), it will try to find one in the default or user profile, which if you've accidentally misconfigured them without certificates, will then break, as there's no fallback for macOS.It will then set the environment variable to a "random" broken path within the last profile
This is worse than expected for extremely silly reasons.
It turns out that on macOS, the daemon itself never even actually sees
/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
because that file is loaded by (amongst other places that are unused)/etc/bashrc
. Nix's default daemon is launched via non-interactive, non-login/bin/sh
which runs/bin/bash
in compatibility mode on macOS.This means that it will not even see
/etc/profile
in the first place. So we try running it as a login shell right? Well. Not quite enough either. That will process/etc/profile
and it will recognize itself as running under bash with$BASH
being set, and properly source/etc/bashrc
, except, that won't even get to the line that loads the environment for the Lix daemon, because it starts by checking if there's a$PS1
set already as a proxy for "are we running interactively".What a mess. Let's just manually include the proper sourcing of the environment...