From 4486c3b76887be261b377f290b5347f6dee4d0aa Mon Sep 17 00:00:00 2001
From: Felix Uhl <felix.uhl@netlight.com>
Date: Sun, 15 Jan 2023 15:42:24 +0100
Subject: [PATCH 1/3] Don't overwrite already-copied files on install

Fixes #6679 and all issues that contain
`cp: cannot overwrite directory ... with non-directory` errors.
These were caused by 475fc109e72e494039b253131314e3a3ea5723c6 and
bb0c4b9f25b6d064d91aedd71940f14b1b624291. Or rather, installations after
475fc109 erroneously followed and deep-copied symlinks, which was fixed
in bb0c4b9f. This meant installations installed with the installer
released between these commits had some paths in their nix store with
directories where symlinks should have been, causing the fixed installer
to try to overwrite them with symlinks.

The -n will not overwrite existing files, which is fine inside of the
nix-store as identical store paths will have identical content.

For additional details and examples, see
https://github.com/NixOS/nix/pull/7603#issuecomment-1411124619
---
 scripts/install-multi-user.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install-multi-user.sh b/scripts/install-multi-user.sh
index 656769d84d4..474df5826c4 100644
--- a/scripts/install-multi-user.sh
+++ b/scripts/install-multi-user.sh
@@ -816,7 +816,7 @@ install_from_extracted_nix() {
         cd "$EXTRACTED_NIX_PATH"
 
         _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
-              cp -RPp ./store/* "$NIX_ROOT/store/"
+              cp -RPnp ./store/* "$NIX_ROOT/store/"
 
         _sudo "to make the new store non-writable at $NIX_ROOT/store" \
               chmod -R ugo-w "$NIX_ROOT/store/"

From 09a3b0991f49155073f3b48f0b9e360fb310e259 Mon Sep 17 00:00:00 2001
From: Felix Uhl <felix.uhl@netlight.com>
Date: Sun, 15 Jan 2023 20:55:30 +0100
Subject: [PATCH 2/3] Test for idempotency of installer

---
 tests/installer/default.nix | 40 ++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/tests/installer/default.nix b/tests/installer/default.nix
index 49cfd2bccba..0b0e0e23677 100644
--- a/tests/installer/default.nix
+++ b/tests/installer/default.nix
@@ -131,7 +131,8 @@ let
     with nixpkgsFor.${image.system}.native;
     runCommand
       "installer-test-${imageName}-${testName}"
-      { buildInputs = [ qemu_kvm openssh ];
+      {
+        buildInputs = [ qemu_kvm openssh ];
         image = image.image;
         postBoot = image.postBoot or "";
         installScript = installScripts.${testName}.script;
@@ -230,15 +231,40 @@ let
           [[ \$(nix-instantiate --eval --expr 'builtins.readFile <myChannel/someFile>') = '"someContent"' ]]
         EOF
 
+        echo "Running installer again to test for idempotency..."
+        $ssh "set -eux; $installScript"
+
+        echo "Testing Nix installation..."
+        $ssh <<EOF
+          set -ex
+
+          # FIXME: get rid of this; ideally ssh should just work.
+          source ~/.bash_profile || true
+          source ~/.bash_login || true
+          source ~/.profile || true
+          source /etc/bashrc || true
+
+          nix-env --version
+          nix --extra-experimental-features nix-command store ping
+
+          out=\$(nix-build --no-substitute -E 'derivation { name = "foo"; system = "x86_64-linux"; builder = "/bin/sh"; args = ["-c" "echo foobar > \$out"]; }')
+          [[ \$(cat \$out) = foobar ]]
+        EOF
+
         echo "Done!"
         touch $out
       '';
 
 in
 
-builtins.mapAttrs (imageName: image:
-  { ${image.system} = builtins.mapAttrs (testName: test:
-      makeTest imageName testName
-    ) installScripts;
-  }
-) images
+builtins.mapAttrs
+  (imageName: image:
+    {
+      ${image.system} = builtins.mapAttrs
+        (testName: test:
+          makeTest imageName testName
+        )
+        installScripts;
+    }
+  )
+  images

From f09d0e9729699a8ef3e0929772e62f360f8d7ac2 Mon Sep 17 00:00:00 2001
From: Felix Uhl <felix.uhl@outlook.com>
Date: Tue, 17 Jan 2023 01:00:01 +0100
Subject: [PATCH 3/3] Make multi-user installer fully idempotent

Fixes #7215, #7069 and #6617
---
 scripts/install-multi-user.sh | 48 +++++++++++++++++++++++++----------
 1 file changed, 34 insertions(+), 14 deletions(-)

diff --git a/scripts/install-multi-user.sh b/scripts/install-multi-user.sh
index 474df5826c4..1dae0cdec24 100644
--- a/scripts/install-multi-user.sh
+++ b/scripts/install-multi-user.sh
@@ -441,19 +441,31 @@ $(uninstall_directions)
 EOF
     fi
 
-    # TODO: I think it would be good for this step to accumulate more
-    #       knowledge of older obsolete artifacts, if there are any.
-    #       We could issue a "reminder" here that the user might want
-    #       to clean them up?
-
+    problematic_profile_targets=()
     for profile_target in "${PROFILE_TARGETS[@]}"; do
-        # TODO: I think it would be good to accumulate a list of all
-        #       of the copies so that people don't hit this 2 or 3x in
-        #       a row for different files.
-        if [ -e "$profile_target$PROFILE_BACKUP_SUFFIX" ]; then
-            # this backup process first released in Nix 2.1
-            failure <<EOF
+        # this backup process first released in Nix 2.1
+        if [ -e "$profile_target$PROFILE_BACKUP_SUFFIX" ] && ! contains_source_lines "$profile_target"; then
+            # Identical backup and original happens especially on macOS as it overwrites /etc/zshrc on every update
+            if cmp -s "$profile_target" "$profile_target$PROFILE_BACKUP_SUFFIX"; then
+                rm "$profile_target$PROFILE_BACKUP_SUFFIX"
+            else
+                problematic_profile_targets+=("$profile_target")
+            fi
+        fi
+    done
+
+    if [ "${PROFILE_TARGETS[@]}" ]; then
+        resolution_explanation=$(cat <<EOF
 I back up shell profile/rc scripts before I add Nix to them.
+However, at least one of them was already backed up.
+Clean them up manually to continue.
+EOF
+)
+
+        for profile_target in "${problematic_profile_targets[@]}"; do
+            resolution_explanation+=$(cat <<EOF
+
+
 I need to back up $profile_target to $profile_target$PROFILE_BACKUP_SUFFIX,
 but the latter already exists.
 
@@ -470,8 +482,11 @@ Here's how to clean up the old backup file:
    $profile_target$PROFILE_BACKUP_SUFFIX doesn't mention Nix, run:
    mv $profile_target$PROFILE_BACKUP_SUFFIX $profile_target
 EOF
-        fi
-    done
+)
+        done
+
+        failure "$resolution_explanation"
+    fi
 
     if is_os_linux && [ ! -e /run/systemd/system ]; then
         warning <<EOF
@@ -862,6 +877,11 @@ end
 EOF
 }
 
+contains_source_lines() {
+    # This works for both POSIX shells and fish
+    grep -q "# Nix" "$1" && grep -q "# End Nix" "$1"
+}
+
 configure_shell_profile() {
     task "Setting up shell profiles: ${PROFILE_TARGETS[*]}"
     for profile_target in "${PROFILE_TARGETS[@]}"; do
@@ -877,7 +897,7 @@ configure_shell_profile() {
             fi
         fi
 
-        if [ -e "$profile_target" ]; then
+        if [ -e "$profile_target" ] && ! contains_source_lines "$profile_target"; then
             shell_source_lines \
                 | _sudo "extend your $profile_target with nix-daemon settings" \
                         tee -a "$profile_target"