From cf62e96bf7c72e6a88e0bd43165110f42e44cdb4 Mon Sep 17 00:00:00 2001 From: toonn Date: Thu, 31 Mar 2022 20:24:26 +0200 Subject: [PATCH] Run sudo with -s in the darwin module (#807) Currently activation is run with `sudo -i` this defaults to the user's login shell. This can lead to problems if the user's shell isn't set properly. By passing `-s` rather than `-i`, `sudo` runs `activate` in `SHELL` instead. We assume that at this point in the activation `SHELL` contains the path to a bash in the nix store. This should always be a valid shell to run the `activate` script with. From the `sudo` manual it seems like this cannot be fixed if `SHELL` isn't set at this point or by passing a command to `-s` because that command is then passed to the user's shell. --- nix-darwin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix-darwin/default.nix b/nix-darwin/default.nix index 010d4f57..a56b3cdd 100644 --- a/nix-darwin/default.nix +++ b/nix-darwin/default.nix @@ -134,7 +134,7 @@ in system.activationScripts.postActivation.text = concatStringsSep "\n" (mapAttrsToList (username: usercfg: '' echo Activating home-manager configuration for ${username} - sudo -u ${username} -i ${pkgs.writeShellScript "activation-${username}" '' + sudo -u ${username} -s ${pkgs.writeShellScript "activation-${username}" '' ${lib.optionalString (cfg.backupFileExtension != null) "export HOME_MANAGER_BACKUP_EXT=${lib.escapeShellArg cfg.backupFileExtension}"} ${lib.optionalString cfg.verbose "export VERBOSE=1"}