Add split-receipt command that splits receipt into phase 1 and 2 uninstallation flows (#1278)

* fixup: align ActionTag with serde and typetag tags

* Bump to 0.28.0, since receipt format changed due to misaligned serde / typetag tags

* fixup: make it possible to write receipts for anything serializable

* Leave TODO about existing macos volume services being different

* Remove determinate/upstream init service if it still exists

* Check that the GID of an existing /nix/store is the same GID as we're going to create / use

* fixup: make some fields pub(crate) for the upcoming split-receipt command

* fixup: reorganize imports

* Add `split-receipt` command that splits receipt into phase 1 and 2 uninstallation flows

* Remove phase 1 and 2 uninstall receipts if they exist upon a successful install

* Move split_receipt module into its own file

* fixup: cargo clippy

* fixup: extract "check existing nix store gid" into own function

* fixup: define roundtrip_to_extract_type outside of other function

* fixup: don't fail profile deserialization if UnknownProfileItem is missing fields

plist::Value does not implement Eq, so we need to wrap it in something
that does, I think, probably

* fixup: put uninstall phase1 command on new line

* Update fixtures

* fixup: split_receipt: split match expression to separate let

* fixup: roundtrip_to_exact_type: use type_name instead of manually passing action_tag

---------

Co-authored-by: Cole Mickens <[email protected]>

Author: cole-h

Cargo.lock

@@ -1,7 +1,7 @@
 [package]
 name = "nix-installer"
 description = "The Determinate Nix Installer"
-version = "0.27.1"
+version = "0.28.0"
 edition = "2021"
 resolver = "2"
 license = "LGPL-2.1"

Cargo.toml

@@ -20,7 +20,7 @@ If `force_prune_on_revert` is set, the folder will always be deleted on
 #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
 #[serde(tag = "action_name", rename = "create_directory")]
 pub struct CreateDirectory {
-    path: PathBuf,
+    pub(crate) path: PathBuf,
     user: Option<String>,
     group: Option<String>,
     mode: Option<u32>,

src/action/base/create_directory.rs

@@ -14,7 +14,8 @@ use crate::settings::InitSystem;
 const LINUX_NIXD_DAEMON_DEST: &str = "/etc/systemd/system/nix-daemon.service";
 
 // Darwin
-const DARWIN_NIXD_DAEMON_DEST: &str = "/Library/LaunchDaemons/systems.determinate.nix-daemon.plist";
+pub(crate) const DARWIN_NIXD_DAEMON_DEST: &str =
+    "/Library/LaunchDaemons/systems.determinate.nix-daemon.plist";
 const DARWIN_NIXD_SERVICE_NAME: &str = "systems.determinate.nix-daemon";
 
 /**
@@ -37,7 +38,31 @@ impl ConfigureDeterminateNixdInitService {
         start_daemon: bool,
     ) -> Result<StatefulAction<Self>, ActionError> {
         let service_dest: Option<PathBuf> = match init {
-            InitSystem::Launchd => Some(DARWIN_NIXD_DAEMON_DEST.into()),
+            InitSystem::Launchd => {
+                // NOTE(cole-h): if the upstream daemon exists and we're installing determinate-
+                // nixd, we need to remove the old daemon unit -- we used to have a bug[1] where
+                // these service files wouldn't get removed, so we can't rely on them not being
+                // there after phase 1 of the uninstall
+                // [1]: https://github.com/DeterminateSystems/nix-installer/pull/1266
+                if std::path::Path::new(
+                    super::configure_upstream_init_service::DARWIN_NIX_DAEMON_DEST,
+                )
+                .exists()
+                {
+                    tokio::fs::remove_file(
+                        super::configure_upstream_init_service::DARWIN_NIX_DAEMON_DEST,
+                    )
+                    .await
+                    .map_err(|e| {
+                        Self::error(ActionErrorKind::Remove(
+                            super::configure_upstream_init_service::DARWIN_NIX_DAEMON_DEST.into(),
+                            e,
+                        ))
+                    })?;
+                }
+
+                Some(DARWIN_NIXD_DAEMON_DEST.into())
+            },
             InitSystem::Systemd => Some(LINUX_NIXD_DAEMON_DEST.into()),
             InitSystem::None => None,
         };

src/action/common/configure_determinate_nixd_init_service/mod.rs

@@ -2,7 +2,7 @@ use std::path::PathBuf;
 
 use tracing::{span, Span};
 
-use crate::action::{ActionError, ActionTag, StatefulAction};
+use crate::action::{ActionError, ActionErrorKind, ActionTag, StatefulAction};
 
 use crate::action::common::configure_init_service::{SocketFile, UnitSrc};
 use crate::action::{common::ConfigureInitService, Action, ActionDescription};
@@ -15,7 +15,7 @@ const SERVICE_DEST: &str = "/etc/systemd/system/nix-daemon.service";
 // Darwin
 const DARWIN_NIX_DAEMON_SOURCE: &str =
     "/nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist";
-const DARWIN_NIX_DAEMON_DEST: &str = "/Library/LaunchDaemons/org.nixos.nix-daemon.plist";
+pub(crate) const DARWIN_NIX_DAEMON_DEST: &str = "/Library/LaunchDaemons/org.nixos.nix-daemon.plist";
 const DARWIN_LAUNCHD_SERVICE_NAME: &str = "org.nixos.nix-daemon";
 
 /**
@@ -39,7 +39,32 @@ impl ConfigureUpstreamInitService {
             InitSystem::None => None,
         };
         let service_dest: Option<PathBuf> = match init {
-            InitSystem::Launchd => Some(DARWIN_NIX_DAEMON_DEST.into()),
+            InitSystem::Launchd => {
+                // NOTE(cole-h): if the determinate daemon exists and we're installing the upstream
+                // daemon, we need to remove the old daemon unit -- we used to have a bug[1] where
+                // these service files wouldn't get removed, so we can't rely on them not being
+                // there after phase 1 of the uninstall
+                // [1]: https://github.com/DeterminateSystems/nix-installer/pull/1266
+                if std::path::Path::new(
+                    super::configure_determinate_nixd_init_service::DARWIN_NIXD_DAEMON_DEST,
+                )
+                .exists()
+                {
+                    tokio::fs::remove_file(
+                        super::configure_determinate_nixd_init_service::DARWIN_NIXD_DAEMON_DEST,
+                    )
+                    .await
+                    .map_err(|e| {
+                        Self::error(ActionErrorKind::Remove(
+                            super::configure_determinate_nixd_init_service::DARWIN_NIXD_DAEMON_DEST
+                                .into(),
+                            e,
+                        ))
+                    })?;
+                }
+
+                Some(DARWIN_NIX_DAEMON_DEST.into())
+            },
             InitSystem::Systemd => Some(SERVICE_DEST.into()),
             InitSystem::None => None,
         };

src/action/common/configure_upstream_init_service.rs

@@ -8,22 +8,31 @@ use crate::{
     },
     settings::{CommonSettings, SCRATCH_DIR},
 };
+use std::os::unix::fs::MetadataExt as _;
 use std::path::PathBuf;
 
+pub(crate) const NIX_STORE_LOCATION: &str = "/nix/store";
+
 /**
 Place Nix and it's requirements onto the target
  */
 #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
 #[serde(tag = "action_name", rename = "provision_nix")]
 pub struct ProvisionNix {
-    fetch_nix: StatefulAction<FetchAndUnpackNix>,
-    create_nix_tree: StatefulAction<CreateNixTree>,
-    move_unpacked_nix: StatefulAction<MoveUnpackedNix>,
+    pub(crate) fetch_nix: StatefulAction<FetchAndUnpackNix>,
+    pub(crate) create_nix_tree: StatefulAction<CreateNixTree>,
+    pub(crate) move_unpacked_nix: StatefulAction<MoveUnpackedNix>,
 }
 
 impl ProvisionNix {
     #[tracing::instrument(level = "debug", skip_all)]
     pub async fn plan(settings: &CommonSettings) -> Result<StatefulAction<Self>, ActionError> {
+        if std::path::Path::new(NIX_STORE_LOCATION).exists() {
+            check_existing_nix_store_gid_matches(settings.nix_build_group_id)
+                .await
+                .map_err(Self::error)?;
+        }
+
         let fetch_nix = FetchAndUnpackNix::plan(
             settings.nix_package_url.clone(),
             PathBuf::from(SCRATCH_DIR),
@@ -144,3 +153,24 @@ impl Action for ProvisionNix {
         }
     }
 }
+
+/// If there is an existing /nix/store directory, ensure that the group ID we're going to use for
+/// the nix build group matches the group that owns /nix/store to prevent weird mismatched-ownership
+/// issues.
+async fn check_existing_nix_store_gid_matches(
+    desired_nix_build_group_id: u32,
+) -> Result<(), ActionErrorKind> {
+    let previous_store_metadata = tokio::fs::metadata(NIX_STORE_LOCATION)
+        .await
+        .map_err(|e| ActionErrorKind::GettingMetadata(NIX_STORE_LOCATION.into(), e))?;
+    let previous_store_group_id = previous_store_metadata.gid();
+    if previous_store_group_id != desired_nix_build_group_id {
+        return Err(ActionErrorKind::PathGroupMismatch(
+            NIX_STORE_LOCATION.into(),
+            previous_store_group_id,
+            desired_nix_build_group_id,
+        ));
+    }
+
+    Ok(())
+}

src/action/common/provision_nix.rs

@@ -11,7 +11,7 @@ use crate::action::{Action, ActionDescription};
 use crate::os::darwin::{DiskUtilApfsListOutput, DiskUtilInfoOutput};
 
 #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
-#[serde(tag = "action_name", rename = "create_volume")]
+#[serde(tag = "action_name", rename = "create_apfs_volume")]
 pub struct CreateApfsVolume {
     disk: PathBuf,
     name: String,
@@ -53,7 +53,7 @@ impl CreateApfsVolume {
 }
 
 #[async_trait::async_trait]
-#[typetag::serde(name = "create_volume")]
+#[typetag::serde(name = "create_apfs_volume")]
 impl Action for CreateApfsVolume {
     fn action_tag() -> ActionTag {
         ActionTag("create_apfs_volume")

src/action/macos/create_apfs_volume.rs

@@ -35,10 +35,10 @@ pub struct CreateDeterminateNixVolume {
     create_directory: StatefulAction<CreateDirectory>,
     create_or_append_synthetic_conf: StatefulAction<CreateOrInsertIntoFile>,
     create_synthetic_objects: StatefulAction<CreateSyntheticObjects>,
-    unmount_volume: StatefulAction<UnmountApfsVolume>,
-    create_volume: StatefulAction<CreateApfsVolume>,
+    pub(crate) unmount_volume: StatefulAction<UnmountApfsVolume>,
+    pub(crate) create_volume: StatefulAction<CreateApfsVolume>,
     create_fstab_entry: StatefulAction<CreateFstabEntry>,
-    encrypt_volume: StatefulAction<EncryptApfsVolume>,
+    pub(crate) encrypt_volume: StatefulAction<EncryptApfsVolume>,
     setup_volume_daemon: StatefulAction<CreateDeterminateVolumeService>,
     bootstrap_volume: StatefulAction<BootstrapLaunchctlService>,
     kickstart_launchctl_service: StatefulAction<KickstartLaunchctlService>,

src/action/macos/create_determinate_nix_volume.rs

@@ -22,18 +22,18 @@ pub const NIX_VOLUME_MOUNTD_DEST: &str = "/Library/LaunchDaemons/org.nixos.darwi
 
 /// Create an APFS volume
 #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
-#[serde(tag = "action_name", rename = "create_apfs_volume")]
+#[serde(tag = "action_name", rename = "create_nix_volume")]
 pub struct CreateNixVolume {
     disk: PathBuf,
     name: String,
     case_sensitive: bool,
     encrypt: bool,
     create_or_append_synthetic_conf: StatefulAction<CreateOrInsertIntoFile>,
     create_synthetic_objects: StatefulAction<CreateSyntheticObjects>,
-    unmount_volume: StatefulAction<UnmountApfsVolume>,
-    create_volume: StatefulAction<CreateApfsVolume>,
+    pub(crate) unmount_volume: StatefulAction<UnmountApfsVolume>,
+    pub(crate) create_volume: StatefulAction<CreateApfsVolume>,
     create_fstab_entry: StatefulAction<CreateFstabEntry>,
-    encrypt_volume: Option<StatefulAction<EncryptApfsVolume>>,
+    pub(crate) encrypt_volume: Option<StatefulAction<EncryptApfsVolume>>,
     setup_volume_daemon: StatefulAction<CreateVolumeService>,
     bootstrap_volume: StatefulAction<BootstrapLaunchctlService>,
     kickstart_launchctl_service: StatefulAction<KickstartLaunchctlService>,
@@ -121,7 +121,7 @@ impl CreateNixVolume {
 }
 
 #[async_trait::async_trait]
-#[typetag::serde(name = "create_apfs_volume")]
+#[typetag::serde(name = "create_nix_volume")]
 impl Action for CreateNixVolume {
     fn action_tag() -> ActionTag {
         ActionTag("create_nix_volume")
@@ -138,7 +138,7 @@ impl Action for CreateNixVolume {
     fn tracing_span(&self) -> Span {
         span!(
             tracing::Level::DEBUG,
-            "create_apfs_volume",
+            "create_nix_volume",
             disk = tracing::field::display(self.disk.display()),
             name = self.name
         )

src/action/macos/create_nix_volume.rs

@@ -103,6 +103,8 @@ impl CreateVolumeService {
                             ?expected_plist,
                             "Parsed plists not equal"
                         );
+                        // TODO(cole-h): should this really be an error? we could just replace the contents.......
+                        // maybe it's possible to have duplicate volume names...?
                         return Err(Self::error(CreateVolumeServiceError::DifferentPlist {
                             expected: expected_plist,
                             discovered: discovered_plist,