Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

etc: add more known hashes for DeterminateSystems nix-installer #834

Closed
wants to merge 1 commit into from

Conversation

ryan4yin
Copy link

Copy link
Collaborator

@Enzime Enzime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a copy of the files to doc/known-files?

@ryan4yin ryan4yin force-pushed the more-hashes-for-nix-installer branch from 1c52608 to d6be0f4 Compare December 18, 2023 07:47
@ryan4yin
Copy link
Author

ryan4yin commented Dec 18, 2023

@Enzime the /etc/nix/nix.conf.before-nix-darwin's hash is the same as https://github.com/LnL7/nix-darwin/blob/master/doc/known-files/97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2

› shasum -a 256 /etc/nix/nix.conf.before-nix-darwin
97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2  /etc/nix/nix.conf.before-nix-darwin

@ryan4yin
Copy link
Author

And /etc/zshenv is also reported as The following files have unrecognized content and would be overwritten, I add environment.etc."zshenv".knownSha256Hashes to resolve this problem but do not know if it's suitable.

@ryan4yin ryan4yin force-pushed the more-hashes-for-nix-installer branch from d6be0f4 to 5a754c7 Compare December 18, 2023 07:56
@ryan4yin
Copy link
Author

Seems like nix-installer add some new comments into /etc/zshenv:

› cat /etc/zshenv.before-nix-darwin

# Set up Nix only on SSH connections
# See: https://github.com/DeterminateSystems/nix-installer/pull/714
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ] && [ -n "${SSH_CONNECTION}" ] && [ "${SHLVL}" -eq 1 ]; then
    . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
# /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
# This file is read for all shells.

# Only execute this file once per shell.
# But don't clobber the environment of interactive non-login children!
if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
export __ETC_ZSHENV_SOURCED=1

# Don't execute this file when running in a pure nix-shell.
if test -n "$IN_NIX_SHELL"; then return; fi

if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
  . /nix/store/aqx44dhrnk2kdk5mvpxix8xaqsr9f3lh-set-environment
fi



# Read system-wide modifications.
if test -f /etc/zshenv.local; then
  source /etc/zshenv.local
fi

@ryan4yin ryan4yin force-pushed the more-hashes-for-nix-installer branch from 5a754c7 to b353111 Compare December 18, 2023 08:14
@ryan4yin ryan4yin requested a review from Enzime December 20, 2023 00:23
@Enzime
Copy link
Collaborator

Enzime commented Dec 20, 2023

Can you add a copy of each file you added a hash for inside the doc/known-files folder?

@ryan4yin ryan4yin force-pushed the more-hashes-for-nix-installer branch from b353111 to d2d3d3a Compare December 20, 2023 02:16
@ryan4yin
Copy link
Author

@Enzime Added.

@matteing
Copy link

matteing commented Dec 20, 2023

After running a fresh install with Determinate Systems installer, I'm seeing /etc/zshenv hash d07015be6875f134976fce84c6c7a77b512079c1c5f9594dfa65c70b7968b65f on my system, leading to errors.

Also seeing /etc/nix/nix.conf with hash 97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2.

Solved with:

  environment.etc."bashrc".knownSha256Hashes = ["08ffbf991a9e25839d38b80a0d3bce3b5a6c84b9be53a4b68949df4e7e487bb7"];
  environment.etc."zshrc".knownSha256Hashes = ["2af1b563e389d11b76a651b446e858116d7a20370d9120a7e9f78991f3e5f336"];
  environment.etc."zshenv".knownSha256Hashes = ["d07015be6875f134976fce84c6c7a77b512079c1c5f9594dfa65c70b7968b65f"];
  environment.etc."nix/nix.conf".knownSha256Hashes = ["97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2"];

Reporting if perhaps this helps anyone out there looking into this.

@ryan4yin ryan4yin force-pushed the more-hashes-for-nix-installer branch from d2d3d3a to 5c57559 Compare December 20, 2023 09:10
Copy link
Collaborator

@Enzime Enzime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like none of the files in your PR have non-nix-darwin content which means most users shouldn't ever have these hashes

Comment on lines +21 to +23
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
. /nix/store/aqx44dhrnk2kdk5mvpxix8xaqsr9f3lh-set-environment
fi
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think these files are valid as these lines of code come from nix-darwin, not from DetSys's nix-installer and shouldn't occur normally. They also include a store path which is going to change between systems.

Comment on lines +19 to +21
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
. /nix/store/aqx44dhrnk2kdk5mvpxix8xaqsr9f3lh-set-environment
fi
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, it looks like /etc/zshenv on your machine is a mix of one from nix-darwin and DetSys's installer's changes

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is one supposed to both use Determinate Systems’ installer and nix-darwin in the different shell files? I have the same issue as OP.

@ryan4yin ryan4yin closed this Dec 22, 2023
@ryan4yin ryan4yin deleted the more-hashes-for-nix-installer branch December 22, 2023 01:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants