From 1f214d9add2a232564485fefb407a13e2b4de32c Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Fri, 24 May 2024 19:46:47 -0300
Subject: [PATCH 1/2] ci: test installer on aarch64-darwin (#973)

* Test the installer on aarch64-darwin runner

* Merge in changes from main

* Adjust ordering of blocks

* Update .github/workflows/ci.yml

* Update .github/workflows/ci.yml

---------

Co-authored-by: Cole Helbling <cole.helbling@determinate.systems>
---
 .github/workflows/ci.yml | 86 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5e968531e..989df6756 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,6 +18,9 @@ jobs:
 
   build-aarch64-linux:
     uses: ./.github/workflows/build-aarch64-linux.yml
+  
+  build-aarch64-darwin:
+    uses: ./.github/workflows/build-aarch64-darwin.yml
 
   lints:
     name: Lints
@@ -462,3 +465,86 @@ jobs:
             echo "/nix exists"
             exit 1
           fi
+
+  run-aarch64-darwin:
+    name: Run aarch64 Darwin
+    runs-on: macos-latest-xlarge
+    needs: [lints, build-aarch64-darwin]
+    permissions:
+      id-token: "write"
+      contents: "read"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Restore Github cache artifacts
+        uses: actions/cache/restore@v3
+        with:
+          path: nix-installer
+          key: aarch64-darwin-artifacts-${{ github.sha }}
+      - name: Move & set executable
+        run: |
+          mkdir install-root
+          cp nix-installer.sh install-root/nix-installer.sh
+          mv ./nix-installer install-root/nix-installer-aarch64-darwin
+          chmod +x install-root/nix-installer-aarch64-darwin install-root/nix-installer.sh
+      - run: brew install fish coreutils
+      - name: Initial install
+        uses: DeterminateSystems/nix-installer-action@main
+        with:
+          flakehub: true
+          local-root: install-root/
+          logger: pretty
+          log-directives: nix_installer=debug
+          backtrace: full
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          extra-conf: |
+            trusted-users = root runner
+      - name: Initial uninstall (without a `nix run` first)
+        run: sudo -E /nix/nix-installer uninstall
+        env:
+          NIX_INSTALLER_NO_CONFIRM: true
+          NIX_INSTALLER_LOGGER: pretty
+          NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug
+          RUST_BACKTRACE: full
+      - name: Repeated install
+        uses: DeterminateSystems/nix-installer-action@main
+        with:
+          flakehub: true
+          local-root: install-root/
+          logger: pretty
+          log-directives: nix_installer=debug
+          backtrace: full
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          extra-conf: trusted-users = root runner
+      - name: echo $PATH
+        run: echo $PATH
+      - name: Test `nix` with `$GITHUB_PATH`
+        if: success() || failure()
+        run: |
+          nix run nixpkgs#hello
+          nix profile install nixpkgs#hello
+          hello
+          nix store gc
+          nix run nixpkgs#hello
+      - name: Test bash
+        run: nix-instantiate -E 'builtins.currentTime' --eval
+        if: success() || failure()
+        shell: bash --login {0}
+      - name: Test sh
+        run: nix-instantiate -E 'builtins.currentTime' --eval
+        if: success() || failure()
+        shell: sh -l {0}
+      - name: Test zsh
+        run: nix-instantiate -E 'builtins.currentTime' --eval
+        if: success() || failure()
+        shell: zsh --login --interactive {0}
+      - name: Test fish
+        run: nix-instantiate -E 'builtins.currentTime' --eval
+        if: success() || failure()
+        shell: fish --login {0}
+      - name: Repeated uninstall
+        run: sudo -E /nix/nix-installer uninstall
+        env:
+          NIX_INSTALLER_NO_CONFIRM: true
+          NIX_INSTALLER_LOGGER: pretty
+          NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug
+          RUST_BACKTRACE: full

From 69860037f3d5fd899af4a4d1adcec5fc77bceb85 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Mon, 27 May 2024 15:21:05 -0300
Subject: [PATCH 2/2] Set `always-allow-substitutes` to `true` in `nix.conf`
 (#977)

* Set always-allow-substitutes to true in nix.conf

* Add setting to JSON fixtures

* Change Booleans to strings in JSON fixtures
---
 README.md                                    | 1 +
 src/action/common/place_nix_configuration.rs | 3 +++
 tests/fixtures/linux/linux.json              | 1 +
 tests/fixtures/linux/steam-deck.json         | 1 +
 tests/fixtures/macos/macos.json              | 1 +
 5 files changed, 7 insertions(+)

diff --git a/README.md b/README.md
index d6a0a8d15..f595a8634 100644
--- a/README.md
+++ b/README.md
@@ -441,6 +441,7 @@ Differing from the upstream [Nix](https://github.com/NixOS/nix) installer script
   + the `nix-command` and `flakes` features are enabled
   + `bash-prompt-prefix` is set
   + `auto-optimise-store` is set to `true` (On Linux only)
+  * `always-allow-substitutes` is set to `true`
   * `extra-nix-path` is set to `nixpkgs=flake:nixpkgs`
   * `max-jobs` is set to `auto`
   * `upgrade-nix-store-path-url` is set to `https://install.determinate.systems/nix-upgrade/stable/universal`, to prevent unintentional downgrades.
diff --git a/src/action/common/place_nix_configuration.rs b/src/action/common/place_nix_configuration.rs
index fe91355eb..6226686f3 100644
--- a/src/action/common/place_nix_configuration.rs
+++ b/src/action/common/place_nix_configuration.rs
@@ -111,6 +111,9 @@ impl PlaceNixConfiguration {
         #[cfg(not(target_os = "macos"))]
         settings.insert("auto-optimise-store".to_string(), "true".to_string());
 
+        // https://github.com/NixOS/nix/pull/8047
+        settings.insert("always-allow-substitutes".to_string(), "true".to_string());
+
         settings.insert(
             "bash-prompt-prefix".to_string(),
             "(nix:$name)\\040".to_string(),
diff --git a/tests/fixtures/linux/linux.json b/tests/fixtures/linux/linux.json
index df06c477c..6264004db 100644
--- a/tests/fixtures/linux/linux.json
+++ b/tests/fixtures/linux/linux.json
@@ -354,6 +354,7 @@
                 "path": "/etc/nix/nix.conf",
                 "pending_nix_config": {
                   "settings": {
+                    "always-allow-substitutes": "true",
                     "experimental-features": "nix-command flakes auto-allocate-uids",
                     "build-users-group": "nixbld",
                     "auto-optimise-store": "true",
diff --git a/tests/fixtures/linux/steam-deck.json b/tests/fixtures/linux/steam-deck.json
index 373016b84..62addf44e 100644
--- a/tests/fixtures/linux/steam-deck.json
+++ b/tests/fixtures/linux/steam-deck.json
@@ -341,6 +341,7 @@
                 "path": "/etc/nix/nix.conf",
                 "pending_nix_config": {
                   "settings": {
+                    "always-allow-substitutes": "true",
                     "auto-optimise-store": "true",
                     "bash-prompt-prefix": "(nix:$name)\\040",
                     "build-users-group": "nixbld",
diff --git a/tests/fixtures/macos/macos.json b/tests/fixtures/macos/macos.json
index d839eca1e..4984f2094 100644
--- a/tests/fixtures/macos/macos.json
+++ b/tests/fixtures/macos/macos.json
@@ -378,6 +378,7 @@
                 "path": "/etc/nix/nix.conf",
                 "pending_nix_config": {
                   "settings": {
+                    "always-allow-substitutes": "true",
                     "extra-nix-path": "nixpkgs=flake:nixpkgs",
                     "auto-allocate-uids": "true",
                     "auto-optimise-store": "true",