Can't Install on M1 MacBook Pro

[miktros]

Platform

• Linux:
• macOS
• WSL

Additional information

After migration from jamf to kandji, a previously good Nix install started emitting error due to inaccessible (could not get password) Nix Store. Performed uninstall as instructed here https://nix.dev/manual/nix/2.18/installation/uninstall.

Attempts to re-install using sh <(curl -L https://nixos.org/nix/install) produced the errors in the Output section below.

Attempt to re-install using

curl -L https://raw.githubusercontent.com/NixOS/experimental-nix-installer/main/nix-installer.sh | sh -s install

produced the following errors:

curl -L https://raw.githubusercontent.com/NixOS/experimental-nix-installer/main/nix-installer.sh | sh -s install
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 17216  100 17216    0     0   100k      0 --:--:-- --:--:-- --:--:--  100k
info: downloading installer https://raw.githubusercontent.com/NixOS/experimental-nix-installer/prerelease/nix-installer-aarch64-darwin
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Password:
Error: 
   0: Planner error
   1: Error executing action
   2: Action `encrypt_apfs_volume` errored
   3: The keychain lacks a password for the already existing "Nix Store" volume on disk `disk3`, consider removing the volume with `diskutil apfs deleteVolume "Nix Store"` (if you receive error -69888, you may need to run `sudo launchctl bootout system/org.nixos.darwin-store` and `sudo launchctl bootout system/org.nixos.nix-daemon` first)

Location:
   src/cli/subcommand/install.rs:197

Backtrace omitted. Run with RUST_BACKTRACE=1 environment variable to display it.
Run with RUST_BACKTRACE=full to include source snippets.

Consider reporting this error using this URL: https://github.com/DeterminateSystems/nix-installer/issues/new?title=%3Cautogenerated-issue%3E&body=%23%23+Error%0A%60%60%60%0AError%3A+%0A+++0%3A+Planner+error%0A+++1%3A+Error+executing+action%0A+++2%3A+Action+%60encrypt_apfs_volume%60+errored%0A+++3%3A+The+keychain+lacks+a+password+for+the+already+existing+%22Nix+Store%22+volume+on+disk+%60disk3%60%2C+consider+removing+the+volume+with+%60diskutil+apfs+deleteVolume+%22Nix+Store%22%60+%28if+you+receive+error+-69888%2C+you+may+need+to+run+%60sudo+launchctl+bootout+system%2Forg.nixos.darwin-store%60+and+%60sudo+launchctl+bootout+system%2Forg.nixos.nix-daemon%60+first%29%0A%60%60%60%0A%0A%23%23+Metadata%0A%7Ckey%7Cvalue%7C%0A%7C--%7C--%7C%0A%7C**version**%7C0.14.0%7C%0A%7C**os**%7Cmacos%7C%0A%7C**arch**%7Caarch64%7C%0A

Output

Output

<!-- paste console output here and remove this comment -->
sh <(curl -L https://nixos.org/nix/install)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  4267  100  4267    0     0  11608      0 --:--:-- --:--:-- --:--:-- 11608
downloading Nix 2.25.2 binary tarball for aarch64-darwin from 'https://releases.nixos.org/nix/nix-2.25.2/nix-2.25.2-aarch64-darwin.tar.xz' to '/var/folders/hn/yms97sj108x2cp_x3sgv5xjh0000gq/T/nix-binary-tarball-unpack.XXXXXXXXXX.q6VPrkFuWw'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 14.6M  100 14.6M    0     0  6076k      0  0:00:02  0:00:02 --:--:-- 6078k
Switching to the Multi-user Installer
Welcome to the Multi-User Nix Installation

This installation tool will set up your computer with the Nix package
manager. This will happen in a few stages:

1. Make sure your computer doesn't already have Nix. If it does, I
   will show you instructions on how to clean up your old install.

2. Show you what I am going to install and where. Then I will ask
   if you are ready to continue.

3. Create the system users (uids [351..382]) and groups (gid 350)
   that the Nix daemon uses to run builds. To create system users
   in a different range, exit and run this tool again with
   NIX_FIRST_BUILD_UID set.

4. Perform the basic installation of the Nix files daemon.

5. Configure your shell to import special Nix Profile files, so you
   can use Nix.

6. Start the Nix daemon.

Would you like to see a more detailed list of what I will do?
[y/n] y


I will:

 - make sure your computer doesn't already have Nix files
   (if it does, I will tell you how to clean them up.)
 - create local users (see the list above for the users I'll make)
 - create a local group (nixbld)
 - install Nix in /nix
 - create a configuration file in /etc/nix
 - set up the "default profile" by creating some Nix-related files in
   /var/root
 - back up /etc/bashrc to /etc/bashrc.backup-before-nix
 - update /etc/bashrc to include some Nix configuration
 - back up /etc/profile.d/nix.sh to /etc/profile.d/nix.sh.backup-before-nix
 - update /etc/profile.d/nix.sh to include some Nix configuration
 - back up /etc/zshrc to /etc/zshrc.backup-before-nix
 - update /etc/zshrc to include some Nix configuration
 - back up /etc/bash.bashrc to /etc/bash.bashrc.backup-before-nix
 - update /etc/bash.bashrc to include some Nix configuration
 - back up /etc/zsh/zshrc to /etc/zsh/zshrc.backup-before-nix
 - update /etc/zsh/zshrc to include some Nix configuration
 - create a Nix volume and a LaunchDaemon to mount it
 - create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon

Ready to continue?
[y/n] y


---- let's talk about sudo -----------------------------------------------------
This script is going to call sudo a lot. Every time I do, it'll
output exactly what it'll do, and why.

Just like this:

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo echo

to demonstrate how our sudo prompts look


This might look scary, but everything can be undone by running just a
few commands. I used to ask you to confirm each time sudo ran, but it
was too many times. Instead, I'll just ask you this one time:

Can I use sudo?
[y/n] y

Yay! Thanks! Let's get going!

~~> Fixing any leftover Nix volume state
Before I try to install, I'll check for any existing Nix volume config
and ask for your permission to remove it (so that the installer can
start fresh). I'll also ask for permission to fix any issues I spot.

~~> Checking for artifacts of previous installs
Before I try to install, I'll check for signs Nix already is or has
been installed on this system.

---- Nix config report ---------------------------------------------------------
        Temp Dir:	/var/folders/hn/yms97sj108x2cp_x3sgv5xjh0000gq/T/tmp.iLwd7Mc3rv
        Nix Root:	/nix
     Build Users:	32
  Build Group ID:	350
Build Group Name:	nixbld

build users:
    Username:	UID
     _nixbld1:	351
     _nixbld2:	352
     _nixbld3:	353
     _nixbld4:	354
     _nixbld5:	355
     _nixbld6:	356
     _nixbld7:	357
     _nixbld8:	358
     _nixbld9:	359
     _nixbld10:	360
     _nixbld11:	361
     _nixbld12:	362
     _nixbld13:	363
     _nixbld14:	364
     _nixbld15:	365
     _nixbld16:	366
     _nixbld17:	367
     _nixbld18:	368
     _nixbld19:	369
     _nixbld20:	370
     _nixbld21:	371
     _nixbld22:	372
     _nixbld23:	373
     _nixbld24:	374
     _nixbld25:	375
     _nixbld26:	376
     _nixbld27:	377
     _nixbld28:	378
     _nixbld29:	379
     _nixbld30:	380
     _nixbld31:	381
     _nixbld32:	382

Ready to continue?
[y/n] y


---- Preparing a Nix volume ----------------------------------------------------
    Nix traditionally stores its data in the root directory /nix, but
    macOS now (starting in 10.15 Catalina) has a read-only root directory.
    To support Nix, I will create a volume and configure macOS to mount it
    at /nix.

~~> Configuring /etc/synthetic.conf to make a mount-point at /nix

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/bin/ex -u NONE -n /etc/synthetic.conf

to add Nix to /etc/synthetic.conf

Password:

~~> Creating a Nix volume

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil apfs addVolume disk3 APFS Nix Store -nomount

to create a new APFS volume 'Nix Store' on disk3


---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil unmount force disk3s7

to ensure the Nix volume is not mounted

disk3s7 was already unmounted

~~> Configuring /etc/fstab to specify volume mount options

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/vifs

to add nix to fstab


~~> Encrypt the Nix volume

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /usr/sbin/diskutil mount Nix Store

to mount your Nix volume for encrypting

Volume on disk3s7 failed to mount: "SUIS premount dissented"

---- oh no! --------------------------------------------------------------------
Oh no, something went wrong. If you can take all the output and open
an issue, we'd love to fix the problem so nobody else has this issue.

:(

We'd love to help if you need it.

You can open an issue at
https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md

Or get in touch with the community: https://nixos.org/community

Priorities

Add 👍 to issues you find important.

[abathur]

Afaik Volume on disk3s7 failed to mount: "SUIS premount dissented" indicates an mdm profile preventing the mount:

• Installation error on M1 Macbook Pro: SUIS premount dissented #6669

[grahamc]

That's right. Specifically, a deprecated SystemUIServer policy: https://determinate.systems/solutions/macos-internal-disk-policy/. Jamf admins should grant an exception for this policy for machines running Nix. Is that possible, @miktros?