nix-shell -p nix-info --run "nix-info -m" fails after installation.

[mohnishkodnani]

Platform

• Linux:
• macOS -- aarch64 darwin.
• WSL

Additional information

Set NIX_SSL_CERT_FILE to the internal certificate file.

Output

nix-shell -p nix-info --run "nix-info -m"

error:
       … <borked>

         at «none»:0: (source not available)

       … while calling the 'import' builtin

         at «string»:1:18:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             |                  ^

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)

       at «none»:0: (source not available)

Added above. but some of the output from the installer is listed here.

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo cp /etc/bash.bashrc /etc/bash.bashrc.backup-before-nix

to back up your current /etc/bash.bashrc to /etc/bash.bashrc.backup-before-nix


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo tee -a /etc/bash.bashrc

extend your /etc/bash.bashrc with nix-daemon settings


# Nix
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
  . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix


~~> Setting up shell profiles for Fish with with conf.d/nix.fish inside /etc/fish /usr/local/etc/fish /opt/homebrew/etc/fish /opt/local/etc/fish

~~> Setting up the default profile

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo HOME=/var/root /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-env -i /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0

to install a bootstrapping Nix in to the default profile

installing 'nix-2.14.0'
building '/nix/store/0p5xxbqbqdjqknjp7p60f6j05y4s0hx9-user-environment.drv'...

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs

to update the default channel in the default profile

unpacking channels...

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo install -m 0664 /var/folders/p2/dsnj50zn5kb1xs6sd9xw76zw0000gq/T/tmp.yvANIt7W/nix.conf /etc/nix/nix.conf

to place the default nix daemon configuration (part 2)


~~> Setting up the nix-daemon LaunchDaemon

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /bin/cp -f /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist

to set up the nix-daemon as a LaunchDaemon


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist

to load the LaunchDaemon plist for nix-daemon


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo launchctl kickstart -k system/org.nixos.nix-daemon

to start the nix-daemon

Alright! We're done!
Try it! Open a new terminal, and type:

  $ nix-shell -p nix-info --run "nix-info -m"

Thank you for using this installer. If you have any feedback or need
help, don't hesitate:

You can open an issue at
https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md

Or get in touch with the community: https://nixos.org/community

---- Reminders -----------------------------------------------------------------
[ 1 ]
Nix won't work in active shell sessions until you restart them.

I also do not find ~/.nix-profile .
I am using zsh as the default shell for my user.
I closed the Terminal Process on mac and then ran the nix-shell command and get this error.
Shell environment variables

__CFBundleIdentifier=com.apple.Terminal
TMPDIR=/var/folders/p2/dsnj50zn5kb1xs6sd9xw76zw0000gq/T/
TERM=xterm-256color
TERM_PROGRAM=Apple_Terminal
TERM_PROGRAM_VERSION=445
TERM_SESSION_ID=780966DA-56FF-4D56-B23E-4D3BB316A8AC
SHELL=/bin/zsh
HOME=/Users/mkodnani
PATH=/Users/mkodnani/.local/state/nix/profile/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/podman/bin
SHLVL=1
PWD=/Users/mkodnani
OLDPWD=/Users/mkodnani
NIX_PROFILES=/nix/var/nix/profiles/default /Users/mkodnani/.local/state/nix/profile
SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem
NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem
REQUESTS_CA_BUNDLE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem
CURL_CA_BUNDLE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem
LANG=en_US.UTF-8
_=/usr/bin/env

Priorities

Add 👍 to issues you find important.

[abathur]

I am not caught up on detail yet, but I think this is a symptom of a known issue with the 2.14.0 release.

It looks like there's effort under way to get a .1 together (master...2.14-maintenance)

Unless maybe one of @balsoft @cole-h @Ericson2314 @edolstra weigh in by the time you see this on whether there's a quick fix for your install, I'd personally just recommend uninstalling and reinstalling with 2.13.3 for now.

• uninstall directions: https://nixos.org/manual/nix/stable/installation/installing-binary.html#macos
• install with the same curl/sh command, but use https://releases.nixos.org/nix/nix-2.13.3/install instead of https://nixos.org/nix/install

[cole-h]

A brief look at the trace just makes me think channels haven't been properly set up. You might try running nix-channel --update as your user and/or root and see if that fixes it. Also verify there is a nixpkgs or nixos channel when you run nix-channel --list as your user and/or root. (EDIT: It's possible it is related to a few issues 2.14 has been having, but I would still check that first.)

I can check for certain in my morning, but that's what I would try first.

[mohnishkodnani]

@cole-h thanks for your quick reply. I tried

nix-channel --update
unpacking channels...
% nix-channel --list

I dont see anything , it's empty. Also, the unpacking the channel step in the installer does not show any errors when it runs.
Let me know try to downgrade as @abathur says. Will report back.

[mohnishkodnani]

I tried 2.13.3 as suggested, and I do not get the <borked> error as before. However, I get the following

error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

which I believe is because the SSL cert due to the Netskope proxy. However, my reason for doing this was to setup the NIX_SSL_CERT_FILE to our cert file and then make sure it works later on in project specific flakes, but looks like i have missed something.

I had a working home-manager flake using which i setup my laptop. However, I wanted to try this setup after my company started using Netskope to intercept SSL traffic and provide cert override.
My flake also fails with

rror: unable to download 'https://cache.nixos.org/z69b14xisp43vy0bdx74hpqmhgzv2hhx.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

I have done the installation after NIX_SSL_CERT_FILE variable and can be seen in the installer output above.

sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs

So, it is picked up by the installer. Not sure why the home manger flake and the nix-shell command which the installer recommends run from a new Terminal are failing with the above error.

[insdami]

I'm experiencing exactly the same error.

I've tried to install the latest version which gave me exactly the same message and then I tried again with sudo which threw the SSL cert error reported by @mohnishkodnani

I confirm downgrade to 2.13.3 works

[balsoft]

Seems related to #7925 and #7929

[abathur]

2.14.1 was released a few hours ago.

If you ran into this issue yesterday it might be worth uninstalling and just re-trying the normal installer to see if the new version works fine. Others may benefit from your report on whether this does/doesn't work :)

[cole-h]

2.14.1 was released a few hours ago.

If you ran into this issue yesterday it might be worth uninstalling and just re-trying the normal installer to see if the new version works fine. Others may benefit from your report on whether this does/doesn't work :)

Well, I can say definitively: it doesn't fix this specific issue. I'm doing a bit of looking around to see where this issue comes from, but one initial weirdness that I noticed when straceing nix-shell -p nix-info --run 'nix-info -m':

2.13.3:

getcwd("/home/ubuntu", 4096)            = 13
newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", {st_mode=S_IFLNK|0777, st_size=46, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels/nixpkgs", 0x7fff692486b0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0

2.14.1:

getcwd("/home/ubuntu", 4096)            = 13
munmap(0x7fe0c8fb1000, 266240)          = 0
openat(AT_FDCWD, "/tmp", O_RDONLY)      = 3
newfstatat(3, "nix-shell-3071-0", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
openat(3, "/tmp/nix-shell-3071-0", O_RDONLY) = 4

So I'm thinking there's also a bug in the C++ code somewhere regarding the path lookups. I don't have evidence this is caused by the XDG PR (though likely since it does look like potential fallout) just yet.

EDIT: Something else interesting:

2.13.3:

newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", {st_mode=S_IFLNK|0777, st_size=46, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", {st_mode=S_IFLNK|0777, st_size=59, ...}, AT_SYMLINK_NOFOLLOW) = 0
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels", {st_mode=S_IFLNK|0777, st_size=15, ...}, AT_SYMLINK_NOFOLLOW) = 0

2.14.1:

newfstatat(AT_FDCWD, "/home/ubuntu/.nix-defexpr/channels", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels/nixpkgs", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/nix/var/nix/profiles/per-user/root/channels", 0x7fff96d55fd0, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory)

Users' channels don't exist. Maybe not a C++ issue.

[mohnishkodnani]

One thing to note for me even with 2.13.3. I get errors like the following
https://cache.nixos.org/03dklqjq9amyhr4cbf73k3mmkvhqj8qm.narinfo
Same for this
https://cache.nixos.org/ipac5znmsxa3s67sqq1xrnrllx2rsnhz.narinfo
If i put these links in the browser I get 404, so not sure what's going on there. These links are giving 404 on the browser itself.
Later today i will try 2.14.1 as well.

[mohnishkodnani]

I'm experiencing exactly the same error.

I've tried to install the latest version which gave me exactly the same message and then I tried again with sudo which threw the SSL cert error reported by @mohnishkodnani

I confirm downgrade to 2.13.3 works

Even with the downgrade I get the SSL cert errors and the URLs that are printed give me 404, do you see this ?

[mohnishkodnani]

@abathur I tried 2.14.1 installation and still see this error when running the following command

nix-shell -p nix-info --run "nix-info -m"
error:
       … <borked>

         at «none»:0: (source not available)

       … while calling the 'import' builtin

         at «string»:1:18:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             |                  ^

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)

       at «none»:0: (source not available)

nix --version
nix (Nix) 2.14.1

If I run the same command with sudo I get the following error instead.

warning: $HOME ('/Users/mkodnani') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 318 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 290 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 299 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 333 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 601 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 664 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 674 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 544 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 1204 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 1023 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 1068 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 1060 ms
warning: error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35); retrying in 2579 ms
warning: error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35); retrying in 2637 ms
warning: error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35); retrying in 2178 ms
warning: error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35); retrying in 2242 ms
error (ignored): error: unable to download 'https://cache.nixos.org/0q1jfjlwr4vig9cz7lnb5il9rg0y1n84.narinfo': SSL connect error (35)
error (ignored): error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': SSL connect error (35)
error (ignored): error: unable to download 'https://cache.nixos.org/qrz2mnb2gsnzmw2pqax693daxh5hsgap.narinfo': SSL connect error (35)
error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': SSL connect error (35)

[hogsmead]

I have the same problem on Linux with 2.13.3

Edit:
Nevermind. I thought the command given on https://nixos.org/download.html installs the version mentioned on the same page. 2.13.3 works fine.

[mohnishkodnani]

I manually added the channel. Now I am get channel in the list command as opposed to empty

 nix-channel --add https://nixos.org/channels/nixpkgs-unstable
mkodnani@C2CKVCFH3G ~ % nix-channel --update                                         
unpacking channels...
mkodnani@C2CKVCFH3G ~ % nix-channel --list                                           
nixpkgs https://nixos.org/channels/nixpkgs-unstable

However, running the nix-shel still gives the same SSL Cert path error

nix-shell -p nix-info --run "nix-info -m"
error (ignored): error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)
error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

[echo-devnull]

I just installed on Pop os 22.04, (like, a few hours ago)) and I got the same problem. Searched for the error and found this open ticket.
So clean install on a Linux box also produces this error.

I've been playing with trying to get things to work for a while now, adding it to packages, adding the channel, etc. But I'm no further.

Just though I'd add that it's a problem on Linux too. ;-)

[abiosoft]

Yeah, this fully affect Linux as well and it is not fixed with 2.14.1.

Downgrading and pinning to 2.13.3 till further notice.

[abathur]

@edolstra @Ericson2314 @thufschmitt

[mohnishkodnani]

Any idea about my original problem that even with 2.13 i get SSL cert path issues.

…

On Sat, Mar 4, 2023, 08:06 Travis A. Everett ***@***.***> wrote: @edolstra <https://github.com/edolstra> @Ericson2314 <https://github.com/Ericson2314> @thufschmitt <https://github.com/thufschmitt> — Reply to this email directly, view it on GitHub <#7937 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABW4SVDLWP7VEQJ5HJYOG6TW2NR73ANCNFSM6AAAAAAVMXQD7A> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[abathur]

I tried 2.13.3 as suggested, and I do not get the <borked> error as before. However, I get the following

error: unable to download 'https://cache.nixos.org/amgkmsb48dymvy57varfxz7gxwvjc5gp.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

which I believe is because the SSL cert due to the Netskope proxy. However, my reason for doing this was to setup the NIX_SSL_CERT_FILE to our cert file and then make sure it works later on in project specific flakes, but looks like i have missed something.

...

sudo HOME=/var/root NIX_SSL_CERT_FILE=/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem /nix/store/4x9975rdvy4r0mybf8ic2ry9j5b0ag2g-nix-2.14.0/bin/nix-channel --update nixpkgs

So, it is picked up by the installer. Not sure why the home manger flake and the nix-shell command which the installer recommends run from a new Terminal are failing with the above error.

@mohnishkodnani Sorry--I thought I'd responded with at least a couple thoughts here but I guess I got interrupted and left it half-written in a tab somewhere...

With the big caveat that I haven't dealt with a proxy like this and am just kinda guessing:

1. I assume you did since the command quoted shouldn't run at all if you didn't, but if you synthesized the sudo quoted above from more than one separate statement, I'd verify that you quoted /Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem to avoid word splitting in the shell?

2. There's another copy of this env just for the Nix daemon in /Library/LaunchDaemons/org.nixos.nix-daemon.plist, so you might just need to point this one at your cert (perhaps a cert set on the CLI isn't explicitly passed to the daemon). I do see some users in other threads reporting fixing this with something like:

   sudo launchctl setenv NIX_SSL_CERT_FILE "<cert-path>"
   sudo launchctl kickstart -k system/org.nixos.nix-daemon

[tylerc]

macOS 13.2.1 here - no special SSL config on my side. First time running Nix and hit this error :)

Fix for me was:

nix-channel --add https://nixos.org/channels/nixpkgs-22.11-darwin nixpkgs
nix-channel --update

And now the command succeeds:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"aarch64-darwin"`
 - host os: `Darwin 22.3.0, macOS 13.2.1`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.14.1`
 - nixpkgs: `/Users/tylerchurch/.nix-defexpr/channels/nixpkgs`

Based on other bugs I found online, I also briefly had this in my ~/.zshenv:

export NIX_PATH=${NIX_PATH:+$NIX_PATH:}$HOME/.nix-defexpr/channels

But I've since commented that out and things are still working.

[abiosoft]

Fix for me was:

nix-channel --add https://nixos.org/channels/nixpkgs-22.11-darwin nixpkgs
nix-channel --update

Thanks for the feedback @tylerc. The average Nix user actually knows about this and it is more of a workaround than a fix.

Prior to this issue, I have had to take zero extra steps after installing Nix to get it working.

[benrbray]

First time Nix user. I followed the homepage's recommendation for a multi-user install:

sh <(curl -L https://nixos.org/nix/install) --daemon

The script succeeded with no errors. I'm only using Nix because obelisk insists, so next I tried to install:

$ nix --version
nix (Nix) 2.14.1
$ nix-env -f https://github.com/obsidiansystems/obelisk/archive/master.tar.gz -iA command
installing 'obelisk-command-0.9.0.1'
error:
       … while calling the 'derivationStrict' builtin
         at //builtin/derivation.nix:9:12: (source not available)
       … while evaluating derivation 'obelisk-command-0.9.0.1'
         whose name attribute is located at /nix/store/yxa12wh8fc6j8w61y3jn27vw8dhydby7-source/pkgs/development/haskell-modules/generic-builder.nix:290:3
       … while evaluating attribute 'buildInputs' of derivation 'obelisk-command-0.9.0.1'
         at /nix/store/yxa12wh8fc6j8w61y3jn27vw8dhydby7-source/pkgs/stdenv/generic/make-derivation.nix:221:11:
          220|           depsHostHost                = lib.elemAt (lib.elemAt dependencies 1) 0;
          221|           buildInputs                 = lib.elemAt (lib.elemAt dependencies 1) 1;
             |           ^
          222|           depsTargetTarget            = lib.elemAt (lib.elemAt dependencies 2) 0;
       (stack trace truncated; use '--show-trace' to show the full trace)
       error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
       at «none»:0: (source not available)

My attempts to diagnose led me to this issue. I ran:

$ echo $NIX_PATH
(empty)
$ nix-channel --list
(empty)

Thanks to those in this thread who posted their solutions, I was able to fix it with:

$ nix-channel --add https://nixos.org/channels/nixos-22.11 nixpkgs
nix-channel --update
(base) benjamin@apollo:~/Documents/notes/logs
$ nix-channel --update
unpacking channels...

Now I can run nix-info:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.0-80-generic, Ubuntu, 20.04.5 LTS (Focal Fossa), nobuild`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.14.1`
 - nixpkgs: `/home/benjamin/.nix-defexpr/channels/nixpkgs`

I have heard good things about Nix, but I have to say, this gives me a pretty bad first impression.

[mohnishkodnani]

sudo launchctl kickstart -k system/org.nixos.nix-daemon

I tried

mkodnani ~ % sudo launchctl setenv NIX_SSL_CERT_FILE "/Library/Application Support/Netskope/STAgent/download/nscacert_combined.pem"
mkodnani~ % sudo launchctl kickstart -k system/org.nixos.nix-daemon

mkodnani home-config % nix-shell -p nix-info --run "nix-info -m"
error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

Not sure where things are not working...
Will try a bunch of other steps around this.

[Ericson2314]

I opened up #7984 which I think describes at least one part of this.

[mohnishkodnani]

Update:
If I run the command as instructed by the installer in a new terminal after doing a multi-user install on mac osx I get the following error.

nix-shell -p nix-info --run "nix-info -m"
error: unable to download 'https://cache.nixos.org/0025zncyzwcmsp3v3z1srs51b7py6psc.narinfo': Problem with the SSL CA cert (path? access rights?) (77)
However, if I try this it seems to work. Not sure why i have to do this yet.
sudo NIX_SSL_CERT_FILE=/Users/mkodnani/nscacert_combined.pem nix-shell -p nix-info --run "nix-info -m"

It seems like i have to do sudo and then provide the env variable. Looks like the multi user install requires sudo to work, not sure, just reporting what seems to work

[corneliusroemer]

Not fixed on 2.14.1 - can you alter the install script so that it pulls a working version until this problem is reliably fixed? This is a major turn off for anyone trying out nix.

Here's my write up on Stackoverflow. Clean macOS install: https://stackoverflow.com/questions/75657834/fresh-install-of-nix-fails-on-m1-mac-error-attribute-nixpkgs-in-selection-pa

Yesterday, someone suggested on a different Stackoverflow question to nix-channel --add https://nixos.org/channels/nixpkgs-unstable. This appears to work for me. But something tells me this is a workaround. I shouldn't need to add a channel, and it shouldn't be unstable. Answer: https://stackoverflow.com/a/75641511/7483211

[mohnishkodnani]

Another thing to note

mkodnani@C2CKVCFH3G ~ % sudo launchctl getenv NIX_SSL_CERT_FILE
/Library/Application Support/Certs/STAgent/download/mycert.pem
mkodnani@C2CKVCFH3G ~ % sudo launchctl kickstart -pk system/org.nixos.nix-daemon
service spawned with pid: 5729
mkodnani@C2CKVCFH3G ~ % sudo ps -Eww 5729                                                 
  PID TTY           TIME CMD
 5729 ??         0:00.06 /nix/var/nix/profiles/default/bin/nix-daemon OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES PATH=/usr/bin:/bin:/usr/sbin:/sbin PWD=/ XPC_FLAGS=0x0 NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt XPC_SERVICE_NAME=org.nixos.nix-daemon SHLVL=0
mkodnani@C2CKVCFH3G ~ % 

I am not sure if this is an issue. I have the NIX_SSL_CERT_FILE set to my internal cert file and the ps command still shows it pointing to the default one..

[Townk]

Hi folks, Just want to add my experience with this issue:

I had Nix working on macOS for a couple of years now, but yesterday I decided to do a full machine reset, and had to install Nix again. Using the instructions on the main website (sh <(curl -L https://nixos.org/nix/install)) successfully installs the 2.16.1 version, but no Nix command would work, complaining about certificate with the error "Problem with the SSL CA cert (path? access rights?) (77)".

I tried several suggestions, going from manually changing the LaunchDeamon file, to exporting environment variables, but nothing helped.

Then, I tried what @abathur suggested on his comment... and it worked!

I don't know if any newer version than 2.13.3 works, but since the Nix repository does not have any release tags between 2.13.3 and 2.16.1, I assume it does not.

Does anyone know if there is a workaround to use the latest Nix on macOS at this point?

[abathur]

Not certain, but you could try reinstalling latest and setting the new nix.conf option added in #8062. If that shows the same error, maybe there is a problem with cert permissions?

[Townk]

I can try that, but I don't think is anything wrong with the certs. I'm not using custom certs, and Nix 2.13.3 works, so I assume is something with the latest release

[abathur]

I don't know if any newer version than 2.13.3 works, but since the Nix repository does not have any release tags between 2.13.3 and 2.16.1, I assume it does not.

Where are you looking? https://github.com/NixOS/nix/tags and releases.nixos.org both list tags for 2.13.4, 2.14.0, 2.14.1, 2.15.0, 2.15.1, and 2.16.0.

I'm not using custom certs, and Nix 2.13.3 works, so I assume is something with the latest release

I'm not sure what's causing trouble here, but 2.16.1 has been out for 5 weeks already--I imagine we'd be drowning in reports if no new installs were working. I tried installing it on a spare macbook and get:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-darwin"`
 - host os: `Darwin 18.7.0, macOS 10.14.6`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.16.1`
 - channels(root): `"nixpkgs"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`

[Townk]

I'll try to get a fresh mac image that is not tied to my work to see if something changes, thanks for letting me know!

[jmp-0x7C0]

I'm also having this issue with a fresh install albeit using the DeterminateSystems installer (v0.10.0). Cross posting report here for visibility. The nix version installed is nix-2.15.0-x86_64-darwin, and I'm running macOS 13.4.1.

λ nix-shell -p nix-info --run "nix-info -m"
error:
       … <borked>

         at «none»:0: (source not available)

       … while calling the 'import' builtin

         at «string»:1:18:

            1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (nix-info) ]; } ""
             |                  ^

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: unable to download 'https://channels.nixos.org/flake-registry.json': Problem with the SSL CA cert (path? access rights?) (77)