macOS installation: Could not find service "org.nixos.darwin-store" in domain for system

[mpcsh]

Platform

• Linux:
• macOS
• WSL

Additional information

Installer failed on macOS 14.3.1 (23D60), running the recommended sh <(curl -L https://nixos.org/nix/install).

Output

Output

downloading Nix 2.20.1 binary tarball for aarch64-darwin from 'https://releases.nixos.org/nix/nix-2.20.1/nix-2.20.1-aarch64-darwin.tar.xz' to '/var/folders/j5/hx1b66rd2cv11vygx4j39fqc0000gp/T/nix-binary-tarball-unpack.XXXXXXXXXX.hgAlqaBS8v'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 11.3M  100 11.3M    0     0  31.6M      0 --:--:-- --:--:-- --:--:-- 31.5M
Switching to the Multi-user Installer
Welcome to the Multi-User Nix Installation

This installation tool will set up your computer with the Nix package
manager. This will happen in a few stages:

1. Make sure your computer doesn't already have Nix. If it does, I
   will show you instructions on how to clean up your old install.

2. Show you what I am going to install and where. Then I will ask
   if you are ready to continue.

3. Create the system users (uids [301..332]) and groups (gid 30000)
   that the Nix daemon uses to run builds. To create system users
   in a different range, exit and run this tool again with
   NIX_FIRST_BUILD_UID set.

4. Perform the basic installation of the Nix files daemon.

5. Configure your shell to import special Nix Profile files, so you
   can use Nix.

6. Start the Nix daemon.

Would you like to see a more detailed list of what I will do?
[y/n] y


I will:

 - make sure your computer doesn't already have Nix files
   (if it does, I will tell you how to clean them up.)
 - create local users (see the list above for the users I'll make)
 - create a local group (nixbld)
 - install Nix in to /nix
 - create a configuration file in /etc/nix
 - set up the "default profile" by creating some Nix-related files in
   /var/root
 - back up /etc/bashrc to /etc/bashrc.backup-before-nix
 - update /etc/bashrc to include some Nix configuration
 - back up /etc/zshrc to /etc/zshrc.backup-before-nix
 - update /etc/zshrc to include some Nix configuration
 - create a Nix volume and a LaunchDaemon to mount it
 - create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon

Ready to continue?
[y/n] y


---- let's talk about sudo -----------------------------------------------------
This script is going to call sudo a lot. Every time I do, it'll
output exactly what it'll do, and why.

Just like this:

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo echo

to demonstrate how our sudo prompts look


This might look scary, but everything can be undone by running just a
few commands. I used to ask you to confirm each time sudo ran, but it
was too many times. Instead, I'll just ask you this one time:

Can I use sudo?
[y/n] y

Yay! Thanks! Let's get going!

~~> Fixing any leftover Nix volume state
Before I try to install, I'll check for any existing Nix volume config
and ask for your permission to remove it (so that the installer can
start fresh). I'll also ask for permission to fix any issues I spot.

~~> Checking for artifacts of previous installs
Before I try to install, I'll check for signs Nix already is or has
been installed on this system.

---- Nix config report ---------------------------------------------------------
        Temp Dir:	/var/folders/j5/hx1b66rd2cv11vygx4j39fqc0000gp/T/tmp.7Q7RGziNp5
        Nix Root:	/nix
     Build Users:	32
  Build Group ID:	30000
Build Group Name:	nixbld

build users:
    Username:	UID
     _nixbld1:	301
     _nixbld2:	302
     _nixbld3:	303
     _nixbld4:	304
     _nixbld5:	305
     _nixbld6:	306
     _nixbld7:	307
     _nixbld8:	308
     _nixbld9:	309
     _nixbld10:	310
     _nixbld11:	311
     _nixbld12:	312
     _nixbld13:	313
     _nixbld14:	314
     _nixbld15:	315
     _nixbld16:	316
     _nixbld17:	317
     _nixbld18:	318
     _nixbld19:	319
     _nixbld20:	320
     _nixbld21:	321
     _nixbld22:	322
     _nixbld23:	323
     _nixbld24:	324
     _nixbld25:	325
     _nixbld26:	326
     _nixbld27:	327
     _nixbld28:	328
     _nixbld29:	329
     _nixbld30:	330
     _nixbld31:	331
     _nixbld32:	332

Ready to continue?
[y/n] y


---- Preparing a Nix volume ----------------------------------------------------
    Nix traditionally stores its data in the root directory /nix, but
    macOS now (starting in 10.15 Catalina) has a read-only root directory.
    To support Nix, I will create a volume and configure macOS to mount it
    at /nix.

~~> Configuring /etc/synthetic.conf to make a mount-point at /nix

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/ex -u NONE -n /etc/synthetic.conf

to add Nix to /etc/synthetic.conf

Password:

~~> Creating a Nix volume

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil apfs addVolume disk3 APFS Nix Store -nomount

to create a new APFS volume 'Nix Store' on disk3


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil unmount force disk3s7

to ensure the Nix volume is not mounted

disk3s7 was already unmounted

~~> Configuring /etc/fstab to specify volume mount options

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/vifs

to add nix to fstab


~~> Encrypt the Nix volume

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil mount Nix Store

to mount your Nix volume for encrypting

Volume Nix Store on Nix Store mounted

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/security -i

to add your Nix volume's password to Keychain


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil apfs encryptVolume Nix Store -user disk -stdinpassphrase

to actually encrypt your Nix volume

Encrypting with the new "Disk" crypto user on disk3s7
The new "Disk" user will be the only one who has initial access to disk3s7
The new APFS crypto user UUID will be 4655CCE0-873F-4A31-93ED-AC7F62A2F800
Encryption has likely completed due to AES hardware; see "diskutil apfs list"

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil unmount force Nix Store

to unmount the encrypted volume

Volume Nix Store on disk3s7 force-unmounted

~~> Configuring LaunchDaemon to mount 'Nix Store'

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/ex -u NONE -n /Library/LaunchDaemons/org.nixos.darwin-store.plist

to install the Nix volume mounter


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist

to launch the Nix volume mounter

Bootstrap failed: 5: Input/output error

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo launchctl kickstart -k system/org.nixos.darwin-store

to launch the Nix volume mounter

Could not find service "org.nixos.darwin-store" in domain for system

---- oh no! --------------------------------------------------------------------
Oh no, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.

:(

We'd love to help if you need it.

You can open an issue at
https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md

Or get in touch with the community: https://nixos.org/community

Priorities

Add 👍 to issues you find important.

[abathur]

I think the previous error is the one we'll need to sort out, but I don't recall seeing it before:

I am executing:

    $ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist

to launch the Nix volume mounter

Bootstrap failed: 5: Input/output error

Do you see the service definition in the file at /Library/LaunchDaemons/org.nixos.darwin-store.plist? What happens if you try to run that manually? sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist manually?

Some other questions:

• Have you previously installed Nix on this system?
• Is it an org or personal device? (Might something like a corporate MDM profile be interfering?)

[mpcsh]

Ooh, good catch. The file is there but I get the same error:

$ sudo launchctl bootstrap system /Library/LaunchDaemons/org.nixos.darwin-store.plist
Bootstrap failed: 5: Input/output error

I have not previously installed Nix on this system, and it's my own device with no MDM profiles.

[abathur]

At least it's consistent.

Can you open Console.app, give that a try again, and see if it logs anything interesting when it happens?

Does it do the same after a reboot?

I do see other reports of this, though the wifi I'm on atm is sputtering and I'm having trouble assessing them well enough to see if any mention a fix: https://github.com/search?q=%22Bootstrap+failed%3A+5%3A+Input%2Foutput+error%22&type=issues

[mpcsh]

I did try rebooting; should've mentioned that — same result unfortunately.

I found the following in Console.app, under the "Mac Analytics Data" tab:

getgrouplist_2 called triggering group enumeration
com.apple.message.value: 2147483647
com.apple.message.domain: com.apple.system.libinfo
com.apple.message.result: noop
com.apple.message.signature: getgrouplist_2
SenderMachUUID: 5C3AFA2A-1565-32BA-AC18-A3B8FDD193C5

[abathur]

Hmm. I think we'd be hoping for something under the Device section (where it'll have whatever the name of your device was). It can be a little spammy.

There is at least one case where group enumeration might be related, but I don't recall it breaking like this: Is this a new device? If so, have you previously installed Nix on a previous macOS device, and did you use Migration Assistant to set the new one up?

[mpcsh]

Aha! I found four entries in that section, though they weren't visible with the "Errors and Faults" filter enabled, so I almost missed it:

default	15:17:56.102992-0800	sudo	Reading config
default	15:17:56.103131-0800	sudo	Using original path (null)
default	15:17:56.103231-0800	sudo	Too many groups requested (2147483647).  Can cause performance issues when network directories are involved
default	15:17:56.117625-0800	sudo	   mpcsh : TTY=ttys011 ; PWD=/Users/mpcsh ; USER=root ; COMMAND=/opt/homebrew/bin/fish -c 'launchctl bootstrap system \\/Library\\/LaunchDaemons\\/org\\.nixos\\.darwin-store\\.plist'

Hmm, this device isn't new, but I may well have used Migration Assistant to set it up. I honestly don't remember. I've experimented with Nix on macOS at least once before (though quite a long time ago), so the scenario you're envisioning is definitely plausible.

[abathur]

I'm not sure that message isn't a red herring, but i guess we can pull on it. Is this a network volume, by any chance (or do you have one set up to mount)? I searched this error and most results are mentioning samba/smb.

If so, maybe try unmounting them and see if the command still errors?

For reference, here's the main report for the migration issue:

• After macOS migration: installation script failed: error: the build users group 'nixbld' has no members #6078

Your error doesn't really match, but it is at least a possibility to keep in mind. That problem did cause group issues, but none of this "too many" stuff afaik.

If you haven't already, it's probably also worth trying to follow the uninstall instructions and see if a reinstall from there works? https://nixos.org/manual/nix/stable/installation/uninstall.html#macos

[mpcsh]

No network volumes involved — just an ordinary MacBook Pro. I did try following the uninstall instructions and trying again; of course, several of the commands are either no-ops or complain about missing files (since the install didn't finish), but I did follow each step. No dice though.

[abathur]

No dice == same error?

[mpcsh]

Yes, same error.

[abathur]

Can you try to run:
sudo launchctl bootout system/org.nixos.nix-daemon and then see if the bootstrap command from earlier works?

If so, I'd try to follow the uninstall instructions again, then bootout again for good measure, and then try reinstalling?

[mpcsh]

$ sudo launchctl bootout system/org.nixos.nix-daemon
Boot-out failed: 3: No such process

[abathur]

This may be a little annoying to reformat, but if the file /Library/LaunchDaemons/org.nixos.darwin-store.plist exists on your system, can you copy the shell command (under the array node following the ProgramArguments key), strip the plist formatting out of it, and see what you get when you invoke it? (I think you'll need to use sudo.)

[mpcsh]

Hmm, so that did actually work just fine:

$ sudo /bin/sh -c "/usr/bin/security find-generic-password -s 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' -w | /usr/sbin/diskutil apfs unlockVolume 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' -mountpoint '/nix' -stdinpassphrase"
Unlocking any cryptographic user on APFS Volume disk3s7
Unlocked and mounted APFS Volume

[abathur]

😅

May be obvious by now, but fair warning that I'm just kinda flailing around for clues at this point.

Does launchctl print system/org.nixos.darwin-store say anything?

One problem we've had in the past is people who had Nix installed and then disabled one of the services, and launchctl will preserve these even if you've uninstalled. AFAIR these normally produce a pretty clear error about the service being disabled, but I guess we don't know if these can ~survive a migration and how they'd look on the other side.

If it indicates that the service is disabled, see if launchctl enable system/org.nixos.darwin-store works, (and if so, if the bootstrap command works afterwards?)

[mpcsh]

I really appreciate it! I'd be doing the same in your shoes, I just don't know Nix well enough to know what to look for.

Playing with Nix on macOS in the past I can say pretty confidently that I wouldn't have manually disabled a service via launchctl.

$ launchctl print system/org.nixos.darwin-store
Bad request.
Could not find service "org.nixos.darwin-store" in domain for system

[abathur]

Drat :)

• Can you try the enable command, for grins? I'm not certain if it would print if it had a disabled entry for the service. You might also be able to run a bare sudo launchctl print system and look for evidence that it's disabled there.
• Are you using a local GUI login session, or any sort of SSH/remote desktop?
• Is this the primary user you set up when you first got the device, or a secondary user account you made after?

[mpcsh]

$ launchctl enable system/org.nixos.darwin-store
Could not enable service: 1: Operation not permitted

$ sudo launchctl enable system/org.nixos.darwin-store

$ echo $status
0

This actually worked! No output but it succeeded.

$ sudo launchctl print system | rg nix
		"org.nixos.darwin-store" => enabled
		"org.nixos.nix-daemon" => disabled

• I'm using a local GUI login session, just iTerm2 running bare metal.
• This is indeed the primary (and only) user account.

[abathur]

Interesting. Can you try repeating the enable command for org.nixos.nix-daemon and confirm that both turn up enabled in the last print command you ran?

If that also works, I'd try to follow the full uninstall directions again, and see if a fresh install finally works 🤞

[mpcsh]

$ sudo launchctl enable system/org.nixos.nix-daemon

$ echo $status
0

$ sudo launchctl print system | rg nix
		"org.nixos.darwin-store" => enabled
		"org.nixos.nix-daemon" => enabled

[mpcsh]

So then first (relevant) step of the uninstall guide:

$ sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
Unload failed: 5: Input/output error
Try running `launchctl bootout` as root for richer errors.

$ sudo launchctl bootout system/org.nixos.nix-daemon
Boot-out failed: 3: No such process

[abathur]

Hopefully those will prove to be okay, since you don't have any daemons to actually bootout/unload. If the rest of the uninstall went okay, I'd give the install a try.

[mpcsh]

$ sudo dscl . -delete /Groups/nixbld
delete: Invalid Path
<dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)

$ for u in (sudo dscl . -list /Users | grep _nixbld); sudo dscl . -delete /Users/$u; end

$ echo $status
1

These steps in the uninstall guide were unhappy, everything else was fine (except for step 2, "stop and remove the Nix daemon services", as previously discussed).

(Also I had to translate the for loop into fish syntax but I don't think that contributed anything.)

[abathur]

Failures should be okay. Just trying to make sure dangling state's cleaned up before you try installing.

[mpcsh]

...so reinstalling worked this time?! That's mildly unsettling, I don't think I did anything different relative to the first time I tried uninstalling and reinstalling. Regardless, thanks so much for helping me out here!