From c206cd718d260ca657d3c3bc3c16b908fea2e67c Mon Sep 17 00:00:00 2001
From: hispirus <2120427+hispirus@users.noreply.github.com>
Date: Thu, 17 Oct 2024 23:32:41 +0000
Subject: [PATCH 1/2] encrypt_apfs_volume: always pass `-a "${VOLUME}"` and `-s
 "Nix Store"`

`/usr/bin/security {add,find,delete}-generic-password` accepts both `-a account` and `-s service` parameters as password lookup keys. Always pass `-a "${VOLUME}"` and `-s "Nix Store"`. With this change, installation succeeds even with `--encrypt` set to `true` and `--volume-label` set to any value deviating from `Nix Store`.
---
 src/action/macos/encrypt_apfs_volume.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/action/macos/encrypt_apfs_volume.rs b/src/action/macos/encrypt_apfs_volume.rs
index 032ee2630..3670d8241 100644
--- a/src/action/macos/encrypt_apfs_volume.rs
+++ b/src/action/macos/encrypt_apfs_volume.rs
@@ -251,7 +251,7 @@ impl Action for EncryptApfsVolume {
                 "-a",
                 self.name.as_str(),
                 "-s",
-                self.name.as_str(),
+                "Nix Store",
                 "-l",
                 format!("{} encryption password", disk_str).as_str(),
                 "-D",

From efc3eb6b43de1c823126781d9e91640c0ce9f7e5 Mon Sep 17 00:00:00 2001
From: hispirus <2120427+hispirus@users.noreply.github.com>
Date: Thu, 17 Oct 2024 23:38:38 +0000
Subject: [PATCH 2/2] create_volume_service: always pass `-a "${VOLUME}"` and
 `-s "Nix Store"`

`/usr/bin/security {add,find,delete}-generic-password` accepts both `-a account` and `-s service` parameters as password lookup keys. Always pass `-a "${VOLUME}"` and `-s "Nix Store"`. With this change, installation succeeds even with `--encrypt` set to `true` and `--volume-label` set to any value deviating from `Nix Store`.
---
 src/action/macos/create_volume_service.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/action/macos/create_volume_service.rs b/src/action/macos/create_volume_service.rs
index e4c97681f..9470135a4 100644
--- a/src/action/macos/create_volume_service.rs
+++ b/src/action/macos/create_volume_service.rs
@@ -258,7 +258,7 @@ async fn generate_mount_plist(
     // The official Nix scripts uppercase the UUID, so we do as well for compatibility.
     let uuid_string = uuid.to_string().to_uppercase();
     let mount_command = if encrypt {
-        let encrypted_command = format!("/usr/bin/security find-generic-password -s {apfs_volume_label_with_quotes} -w |  /usr/sbin/diskutil apfs unlockVolume {apfs_volume_label_with_quotes} -mountpoint {mount_point:?} -stdinpassphrase");
+        let encrypted_command = format!("/usr/bin/security find-generic-password -a {apfs_volume_label_with_quotes} -s \"Nix Store\" -w |  /usr/sbin/diskutil apfs unlockVolume {apfs_volume_label_with_quotes} -mountpoint {mount_point:?} -stdinpassphrase");
         vec!["/bin/sh".into(), "-c".into(), encrypted_command]
     } else {
         vec![