| 12 Nov 2025 |
 jonhermansen | Is it normal that darwin-rebuild wants to clobber /etc/bashrc and /etc/zshrc ?
user@desktop mac-flake % sudo nix --extra-experimental-features "nix-command flakes" run nix-darwin/master#darwin-rebuild -- switch --flake .#desktop
warning: $HOME ('/Users/user') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
building the system configuration...
error: Unexpected files in /etc, aborting activation
The following files have unrecognized content and would be overwritten:
/etc/bashrc
/etc/zshrc
Please check there is nothing critical in these files, rename them by adding .before-nix-darwin to the end, and then try again.
| 00:53:20 |
| jonhermansen | It's a fairly fresh install of Tahoe, I guess I was just surprised it was necessary. Oh, maybe this is how Nix stuff gets injected into PATH? | 00:59:19 |
 samasaur | it is, yes. that said what we normally do is add the hashes of the macOS-provided files to nix-darwin itself so that they are "recognized" and can be overwritten automatically | 01:49:46 |
| samasaur | are you on the latest nix-darwin? | 01:49:56 |
| jonhermansen | I think I'm on the latest nix-darwin (trying to install master). I think I actually caused this problem 😇 because I messed with the Nix installer.
My /nix and /nix/store are on ZFS and so I had to disable the launchd service which attaches and mounts the APFS disk.
Hmm, OK, mea culpa. I didn't realize nix-darwin would try to manage the plist file too. I actually made the plist immutable, ran darwin-rebuild switch again, and got this
cp: cannot remove '/Library/LaunchDaemons/org.nixos.nix-daemon.plist': Operation not permitted | 01:53:58 |
| jonhermansen | I'll have to find a way to import and mount my ZFS filesytems before the nix-daemon service fires | 01:54:24 |
| samasaur | the nix-daemon service runs /bin/wait4path, so you should be okay to just replace the org.nixos.darwin-store.plist file? | 01:55:53 |
| samasaur | not to trivialize that ofc | 01:56:05 |
| jonhermansen | During the Nix installation, it also modified /etc/bashrc I think. I thought I accepted the Nix installer's copy of /etc/bashrc. My install is not typical, but I was curious about the "first-time installation" step of darwin-rebuild | 01:56:06 |
| jonhermansen | That makes sense, except I deleted it :p I can find it and put it back | 01:56:27 |
| samasaur | re: your original issue, there's no special first-time installation logic. nix-darwin will refuse to overwrite any files in /etc that aren't either a) managed by nix-darwin; b) have a "known hash" | 01:58:01 |
| jonhermansen | I wasn't sure exactly where to add my ZFS import / mount steps, and so I had put them into the nix-daemon plist but clearly that was not the right idea | 01:58:01 |
| jonhermansen | It makes me wonder what the hell I did to those files so that they didn't have a known hash. | 01:58:38 |
| samasaur | we just include known hashes for the macOS-provided, upstream nix installer–provided, and determinate nix installer–provided zshrc, zprofile, bashrc, etc. | 01:58:42 |
| jonhermansen | That makes good sense, and its reasonable that it asked me if I wanted to clobber them in that case! | 01:59:31 |
| samasaur | most of them are listed here, and you can see how they are set | 02:00:19 |
| samasaur | not entirely uncommon. often global installs of things (via non-nix) will modify these files so that the tools are in PATH | 02:01:13 |
| jonhermansen | It looks like I have two backups. One which was before I installed Nix, and the other was the one that didn't match a known hash.
user@desktop:~/ > cat /etc/bashrc.backup-before-nix
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"
user@desktop:~/ > cat /etc/bashrc.bak
# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"
| 02:03:31 |
| samasaur | that's actually the happy path to some extent, because the main alternative (/etc/paths.d) is ignored by nix-darwin | 02:03:31 |
| samasaur | at least this way you catch it | 02:03:37 |
| samasaur | hmm. what installer did you use? | 02:04:14 |
| jonhermansen | The recommended multi-user one from nixos.org. I saved it to disk before running it too. The one from https://nixos.org/nix/install | 02:05:35 |
| samasaur | huh | 02:05:45 |
| samasaur | what's the SHA256 hash of the one with Nix in it? | 02:07:32 |
| samasaur | any chance it happens to be 6be16cf7c24a3c6f7ae535c913347a3be39508b3426f5ecd413e636e21031e66? | 02:07:48 |
| samasaur | im guessing no bc if so you should not have seen this error | 02:08:09 |
| jonhermansen | The fact that I messed with the Nix installer... makes me think it was something stupid that I did. I wasn't aware of the hash check, hence my confusion. I don't think I edited either file, or installed anything that would edit those files. So something happened to BOTH files in between the time I installed Nix and tried nix-darwin | 02:08:13 |
| jonhermansen | user@desktop:~/ > sha256sum /etc/bashrc.backup-before-nix
444c716ac2ccd9e1e3347858cb08a00d2ea38e8c12fdc5798380dc261e32e9ef /etc/bashrc.backup-before-nix
user@desktop:~/ > sha256sum /etc/bashrc.bak
8b5e3466922d1ae34bc145e21c7e53e7329a7a7b58b148b436bd954d5e651ac3 /etc/bashrc.bak
user@desktop:~/ > sha256sum /etc/bashrc
fd20bcfedb93eef9f3890c9bd7a3516a70373bd026f829a23c174a27a4f94101 /etc/bashrc
user@desktop:~/ > sha256sum /etc/zshrc.backup-before-nix
4d1ab5704f9d167a042fecac0d056c8a79a8ebd71e032d3489536c8db9ffe3e0 /etc/zshrc.backup-before-nix
user@desktop:~/ > sha256sum /etc/zshrc.bak
cf0f7b7775b4c058d6085d9e7e57d58c307ca43730f8e4d921a9ef4e530e7e16 /etc/zshrc.bak
user@desktop:~/ > sha256sum /etc/zshrc
ef9773f1f3175cc8fbddea7fa40a9f85e55ab23bf2701ab0ca747ba939a54dd2 /etc/zshrc
| 02:08:31 |
| samasaur | yeah looks like the .backup-before-nix ones are in our known files and the .bak ones are not. i am inclined to say that somehow you did cause this by messing with the installer | 02:11:21 |
| samasaur | i mean it seems like it's just reordering blocks of that file, which should be functionally identical even though it will not match the hash | 02:11:54 |
