From dbdbd95d8c12398cc818cc72eda9b7f4828c208e Mon Sep 17 00:00:00 2001
From: "Travis A. Everett" <travis.a.everett@gmail.com>
Date: Sat, 15 Jun 2024 11:52:20 -0500
Subject: [PATCH] install-darwin: fix _nixbld uids for macOS sequoia

Starting in macOS 15 Sequoia, macOS daemon UIDs are encroaching on our
default UIDs of 301-332. This commit relocates our range up to avoid
clashing with the current UIDs of 301-304 and buy us a little time
while still leaving headroom for people installing more than 32 users.

It also adds a migration script that can save people some heartache if
they discover and run it before installing the macOS update.
---
 scripts/bigsur-nixbld-user-migration.sh  |  2 +-
 scripts/install-darwin-multi-user.sh     |  2 +-
 scripts/sequoia-nixbld-user-migration.sh | 36 ++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 scripts/sequoia-nixbld-user-migration.sh

diff --git a/scripts/bigsur-nixbld-user-migration.sh b/scripts/bigsur-nixbld-user-migration.sh
index 0eb312e07cd..1b4d30856aa 100755
--- a/scripts/bigsur-nixbld-user-migration.sh
+++ b/scripts/bigsur-nixbld-user-migration.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-((NEW_NIX_FIRST_BUILD_UID=301))
+((NEW_NIX_FIRST_BUILD_UID=331))
 
 id_available(){
 	dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
diff --git a/scripts/install-darwin-multi-user.sh b/scripts/install-darwin-multi-user.sh
index 24c9052f91c..ba6a4940fc4 100644
--- a/scripts/install-darwin-multi-user.sh
+++ b/scripts/install-darwin-multi-user.sh
@@ -4,7 +4,7 @@ set -eu
 set -o pipefail
 
 # System specific settings
-export NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-301}"
+export NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-331}"
 export NIX_BUILD_USER_NAME_TEMPLATE="_nixbld%d"
 
 readonly NIX_DAEMON_DEST=/Library/LaunchDaemons/org.nixos.nix-daemon.plist
diff --git a/scripts/sequoia-nixbld-user-migration.sh b/scripts/sequoia-nixbld-user-migration.sh
new file mode 100644
index 00000000000..778a9568810
--- /dev/null
+++ b/scripts/sequoia-nixbld-user-migration.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+((NEW_NIX_FIRST_BUILD_UID=331))
+
+id_available(){
+	dscl . list /Users UniqueID | grep -E '\b'"$1"'\b' >/dev/null
+}
+
+change_nixbld_names_and_ids(){
+	local name uid next_id
+	((next_id=NEW_NIX_FIRST_BUILD_UID))
+	echo "Attempting to migrate _nixbld users."
+	echo "Each _nixbld# user should have its UID moved to $next_id+"
+	while read -r name uid; do
+		echo "   Checking $name (uid: $uid)"
+		# iterate for a clean ID
+		while id_available "$next_id"; do
+			((next_id++))
+			if ((next_id >= 400)); then
+				echo "We've hit UID 400 without placing all of your users :("
+				echo "You should use the commands in this script as a starting"
+				echo "point to review your UID-space and manually move the"
+				echo "remaining users (or delete them, if you don't need them)."
+				exit 1
+			fi
+		done
+
+		# first 2 are cleanup, it's OK if they aren't here
+		sudo dscl . delete "/Users/$name" dsAttrTypeNative:_writers_passwd &>/dev/null || true
+		sudo dscl . change "/Users/$name" NFSHomeDirectory "/private/var/empty 1" "/var/empty" &>/dev/null || true
+		sudo dscl . change "/Users/$name" UniqueID "$uid" "$next_id"
+		echo "      $name migrated to uid: $next_id"
+	done < <(dscl . list /Users UniqueID | grep _nixbld | sort -n -k2)
+}
+
+change_nixbld_names_and_ids