From bf2ee3c565864852f83e676b677f1933c18e721e Mon Sep 17 00:00:00 2001 From: "Travis A. Everett" Date: Tue, 31 Aug 2021 22:33:52 -0500 Subject: [PATCH] install: fix addVolume perm issue for some users As reported in #5198, volume creation can fail with a permission error for some macOS users (probably secondary user accounts?) Sudo appears to be sufficient to avoid this. While I'm here, I also updated the sudo invocation added in 079bde2ae to use the _sudo explanation wrapper. --- scripts/create-darwin-volume.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/create-darwin-volume.sh b/scripts/create-darwin-volume.sh index 1a17b3439..b52232dd3 100755 --- a/scripts/create-darwin-volume.sh +++ b/scripts/create-darwin-volume.sh @@ -715,7 +715,8 @@ create_volume() { # 6) getting special w/ awk may be fragile, but doing it to: # - save time over running slow diskutil commands # - skirt risk we grab wrong volume if multiple match - /usr/sbin/diskutil apfs addVolume "$NIX_VOLUME_USE_DISK" "$NIX_VOLUME_FS" "$NIX_VOLUME_LABEL" -nomount | /usr/bin/awk '/Created new APFS Volume/ {print $5}' + _sudo "to create a new APFS volume '$NIX_VOLUME_LABEL' on $NIX_VOLUME_USE_DISK" \ + /usr/sbin/diskutil apfs addVolume "$NIX_VOLUME_USE_DISK" "$NIX_VOLUME_FS" "$NIX_VOLUME_LABEL" -nomount | /usr/bin/awk '/Created new APFS Volume/ {print $5}' } volume_uuid_from_special() { @@ -738,7 +739,6 @@ await_volume() { setup_volume() { local use_special use_uuid profile_packages task "Creating a Nix volume" >&2 - # DOING: I'm tempted to wrap this call in a grep to get the new disk special without doing anything too complex, but this sudo wrapper *is* a little complex, so it'll be a PITA unless maybe we can skip sudo on this. Let's just try it without. use_special="${NIX_VOLUME_USE_SPECIAL:-$(create_volume)}" @@ -760,7 +760,8 @@ setup_volume() { await_volume if [ "$(/usr/sbin/diskutil info -plist "$NIX_ROOT" | xmllint --xpath "(/plist/dict/key[text()='GlobalPermissionsEnabled'])/following-sibling::*[1]" -)" = "" ]; then - sudo /usr/sbin/diskutil enableOwnership "$NIX_ROOT" + _sudo "to set enableOwnership (enabling users to own files)" \ + /usr/sbin/diskutil enableOwnership "$NIX_ROOT" fi # TODO: below is a vague kludge for now; I just don't know