-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify this if $HOME
exists, it is owned by current user in getHome()
#6676
Verify this if $HOME
exists, it is owned by current user in getHome()
#6676
Conversation
d7b70ae
to
d0a110d
Compare
I don't think this is a good idea. Having Probably the second option from #6622 (comment) would make more sense (although it could be very confusing in some cases) |
OK, this seems fair enough. I'll give that a shot since 6622 seems to have stalled a bit. |
d0a110d
to
9996f5f
Compare
getHome()
to check syscall first and $HOME
second if necessary$HOME
exists and is owned by current user in getHome()
b676606
to
ab5c922
Compare
Before:
After:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. A couple of comments, but I like the overall approach :)
ab5c922
to
5488e45
Compare
Useful because a default `sudo` on darwin doesn't clear `$HOME`, so things like `sudo nix-channel --list` will surprisingly return the USER'S channels, rather than `root`'s. Other counterintuitive outcomes can be seen in this PR description: NixOS#6622
5488e45
to
ca2be50
Compare
Updated PR based on @thufschmitt 's review. Now:
|
$HOME
exists and is owned by current user in getHome()
$HOME
exists, it is owned by current user in getHome()
Thanks for fixing this @virusdave I think this approach feels pretty complex and non-obvious. This will make the behavior of nix depend on:
That's a lot of conditionals based on the environment, which doesn't feel like it's really in the spirit of reproducibility. I don't know that there's a clean way to do it, but I wonder if even something like |
That's UNIX systems for you 😛 Fwiw, as far as reproducibility goes, this only holds for the “impure” eval mode, as the only way the pure mode will use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @virusdave , let's merge
As a result of this change, on NixOS, any
which, for processes that run a lot of |
Oof, that's definitely not desirable. Out of curiosity, what is the |
Yes, it's |
OK, i'll whip up a followup PR to make that change. Thanks for letting me know! |
Thanks. In the meantime, I can downgrade the Nix we're using in the problematic systemd service. Do you happen to know which release of Nix this change went out with? (edit: Looks like 2.10.0?) |
Sure. You could also patch this PR into nix in an overlay if you don't want to go backwards (assuming the tests pass). |
After NixOS/nix#6676, the following warning is displayed when running `darwin-rebuild switch`: warning: $HOME ('/Users/jamie') is not owned by you, falling back to the one defined in the 'passwd' file.
A [recent-ish change](NixOS#6676) logs a warning when a potentially counterintuitive situation happens. This now causes the multi-user installer to [emit a warning](NixOS/nixpkgs#189043) when it's doing the "seed the Nix database" step via a low-level `nix-store --load-db` invocation. `nix-store` functionality implementations don't actually use profiles or channels or homedir as far as i can tell. So why are we hitting this code at all? Well, the current command approach for functionality here builds a [fat `nix` binary](https://github.com/NixOS/nix/blob/master/src/nix/local.mk#L23-L26) which has _all_ the functionality of previous individual binaries (nix-env, nix-store, etc) bundled in, then [uses the invocation name](https://github.com/NixOS/nix/blob/master/src/nix/main.cc#L274-L277) to select the set of commands to expose. `nix` itself has this behavior, even when just trying to parse the (sub)command and arguments: ``` dave @ davembp2 $ nix error: no subcommand specified Try 'nix --help' for more information. dave @ davembp2 $ sudo nix warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file error: no subcommand specified Try 'nix --help' for more information. dave @ davembp2 $ HOME=~root sudo nix error: no subcommand specified Try 'nix --help' for more information. ``` This behavior can also be seen pretty easily with an arbitrary `nix-store` invocation: ``` dave @ davembp2 $ nix-store --realize dave @ davembp2 $ sudo nix-store --realize # what installer is doing now warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file dave @ davembp2 $ sudo HOME=~root nix-store --realize # what this PR effectively does dave @ davembp2 $ ```
A [recent-ish change](NixOS#6676) logs a warning when a potentially counterintuitive situation happens. This now causes the multi-user installer to [emit a warning](NixOS/nixpkgs#189043) when it's doing the "seed the Nix database" step via a low-level `nix-store --load-db` invocation. `nix-store` functionality implementations don't actually use profiles or channels or homedir as far as i can tell. So why are we hitting this code at all? Well, the current command approach for functionality here builds a [fat `nix` binary](https://github.com/NixOS/nix/blob/master/src/nix/local.mk#L23-L26) which has _all_ the functionality of previous individual binaries (nix-env, nix-store, etc) bundled in, then [uses the invocation name](https://github.com/NixOS/nix/blob/master/src/nix/main.cc#L274-L277) to select the set of commands to expose. `nix` itself has this behavior, even when just trying to parse the (sub)command and arguments: ``` dave @ davembp2 $ nix error: no subcommand specified Try 'nix --help' for more information. dave @ davembp2 $ sudo nix warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file error: no subcommand specified Try 'nix --help' for more information. dave @ davembp2 $ HOME=~root sudo nix error: no subcommand specified Try 'nix --help' for more information. ``` This behavior can also be seen pretty easily with an arbitrary `nix-store` invocation: ``` dave @ davembp2 $ nix-store --realize dave @ davembp2 $ sudo nix-store --realize # what installer is doing now warning: $HOME ('/Users/dave') is not owned by you, falling back to the one defined in the 'passwd' file dave @ davembp2 $ sudo HOME=~root nix-store --realize # what this PR effectively does dave @ davembp2 $ ```
After NixOS/nix#6676, the following warning is displayed when running `darwin-rebuild switch`: warning: $HOME ('/Users/jamie') is not owned by you, falling back to the one defined in the 'passwd' file.
Useful because a default
sudo
on darwin doesn't clear$HOME
, so things likesudo nix-channel --list
will surprisingly return the USER'S channels, rather than
root
's.Other counterintuitive outcomes can be seen in this PR description:
#6622