FS#73120 - [nix] 2.5.1-1 dupicates entry in $PATH variable, possibly due to extra file in /etc/profile.d

Attached to Project: Community Packages
Opened by Mihir Kumar Roy (aulonsal) - Thursday, 23 December 2021, 01:34 GMT
Last edited by George Rawlinson (rawlinsong) - Sunday, 02 January 2022, 21:01 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Caleb Maclennan (alerque)
George Rawlinson (rawlinsong)
Architecture x86_64
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


After installing [nix] 2.5.1-1 and following https://wiki.archlinux.org/title/Nix#Configuration, opening a shell
that sources /etc/profile has the path "$HOME/.nix-profile/bin" as the first two entries in $PATH.

Potential Reason for the above:
[nix] installs both of the following files:
* /etc/profile.d/nix-daemon.sh(generated from https://github.com/NixOS/nix/blob/2.5.1/scripts/nix-profile-daemon.sh.in)
* /etc/profile.d/nix.sh(generated from https://github.com/NixOS/nix/blob/2.5.1/scripts/nix-profile.sh.in)
nix.sh and nix-daemon.sh, when not preceded by a full path, will hereafter be used to refer only to these installed files.

I believe that nix.sh is not supposed to be a part of this package.

Steps taken to arrive at this belief:
Both nix-daemon.sh and nix.sh seem to achieve similar purposes:
* both export $NIX_SSL_CERT_FILE (though nix-daemon.sh looks in the nix profile in /nix too, does not change a preset value and nix.sh looks in an extra position - commented with # old cacert in Nix profile - which may have something to do with it not having been updated in two years)
* both export $NIX_PROFILES as "/nix/var/nix/profiles/default $HOME/.nix-profile"
* both prepend $HOME/.nix_profile/bin to $PATH but nix-daemon.sh also prepends /nix/var/nix/profiles/default/bin

However, nix-daemon.sh is only meant to be run once (by means of setting a shell variable and then checking for it) ( https://github.com/NixOS/nix/blob/2.5.1/scripts/nix-profile-daemon.sh.in#L1-L3),
while nix.sh is meant to run whenever $HOME and $USER are defined, as it's supposed to set up the per-user profile ( https://github.com/NixOS/nix/blob/2.5.1/scripts/nix-profile.sh.in#L1-L3), it also edits $MANPATH if it exists.

This would lead one to believe that both of these are not meant to be run at the same time,
to confirm this I installed nixOS on the official archlinux vagrant box, version 20211201.40458 ( https://app.vagrantup.com/archlinux/boxes/archlinux/versions/20211201.40458),
using `sh <(curl -L https://nixos.org/nix/install) --daemon`, following the multi-user-installation instructions in the nix manual ( https://nixos.org/manual/nix/stable/installation/installing-binary.html#multi-user-installation).

This did install a file at /etc/profile.d/nix.sh, however, this is not the same as our nix.sh and its sole purpose is to source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh, which is identical to the nix-daemon.sh installed by [nix], identical entries sourcing nix-daemon.sh were appended to /etc/bash.bashrc, /etc/zsh/zshrc and /etc/zsh/zshrc.

The install also created 32 nixbld users, a nix store at /nix, and added the nix-daemon socket and service, and I confirmed that the install works by running `nix-shell -p nix-info --run "nix-info -m"` which states that it's a "multi-user" install ( https://gist.github.com/AulonSal/c11e077f8e068356ecb833d214dbf7e6) and thus would be termed a "multi-user nix install on a linux system running systemd".

I also then installed nix on another vm based on the same box, this time going for the "single-user" install with `sh <(curl -L https://nixos.org/nix/install) --no-daemon"` ( https://nixos.org/manual/nix/stable/installation/installing-binary.html#single-user-installation),
this modified $HOME/.bashrc and $HOME/.zshrc to source /home/vagrant/.nix-profile/etc/profile.d/nix.sh, which is identical to our nix.sh.

As a final sanity check, I deleted /etc/profile.d/nix.sh from my own system, rebooted, and nix appears to be working fine.

All of this would suggest that nix.sh is not meant to be sourced by a multi-user nix install on linux, thus it should be removed
from the [nix] package.

How to fix the package:
Adding `rm -rf "$pkgdir/etc/profile.d/nix.sh"` right after line99 (`rm -rf "$pkgdir/etc/init"`) in the PKGBUILD ( https://github.com/archlinux/svntogit-community/blob/packages/nix/trunk/PKGBUILD#L99) should fix it.
Also, $srcdir/nix-2.5.1/scripts/local.mk ( https://github.com/NixOS/nix/blob/2.5.1/scripts/local.mk) adds nix-profile.sh (the file nix.sh is generated from) to "noinst-scripts" and that may have some significance?

Additional info:
pkgversion: 2.5.1-1
The PKGBUILD appears to not be idempotent.
It has to do with the fact that after the first build, $srcdir/$pkgbase-$pkgver/nix-docs (created in line102) is not deleted after its contents are moved out, thus when line102 is run in the next build, in package_nix(), the $pkgdir/usr/share/doc directory is move inside of nix-docs, thus the docs go inside $srcdir/$pkgbase-$pkgver/nix-docs/doc/nix and package_nix-docs() fails at line 113.
Adding `rmdir nix-docs` at the end of package_nix-docs() should make it idempotent if one were inclined to do so.

Steps to reproduce:
* Install [nix] v2.5.1-1
* Open a shell that does not make $PATH entries unique automatically(zsh seems to do this) and sources /etc/profile
* run `echo $PATH`

If somebody wishes to repro the installs on vagrant, beware that the arch box threw warnings (Warning: Connection refused. Retrying...) for minutes before continuing (might be something wrong with my config).
This task depends upon

Closed by  George Rawlinson (rawlinsong)
Sunday, 02 January 2022, 21:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 2.5.1-2
Comment by Mihir Kumar Roy (aulonsal) - Thursday, 23 December 2021, 01:39 GMT
I didn't know links needed whitespace before them to render correctly, my bad.
Comment by George Rawlinson (rawlinsong) - Wednesday, 29 December 2021, 19:02 GMT
Thanks for the report, I'll have a look at this after work.
Comment by George Rawlinson (rawlinsong) - Thursday, 30 December 2021, 07:03 GMT
I'm uncomfortable removing either one of these files, as they're quite intermingled (and heavily referenced) throughout upstream's repository.

Feel free to open an issue upstream (and link it here, so we can follow it) for clarification on these two files though.
Comment by Mihir Kumar Roy (aulonsal) - Thursday, 30 December 2021, 23:53 GMT
I've asked upstream for clarification.
Comment by Mihir Kumar Roy (aulonsal) - Saturday, 01 January 2022, 04:13 GMT
Upstream has confirmed that only nix-daemon.sh is supposed to be sourced by a multi-user install, with links to how it happens in the upstream install scripts, in https://github.com/NixOS/nix/issues/5848#issuecomment-1003413905.