Graphically Obtuse

Let's not talk about package managers in general, but you may think of nix as a solution when you desire more problems. 'Measure twice, cut once' is a saying, and you'd think a shop with the name Determinate Systems wants to be measurable. But here we are, the 'Universal' nix installer package they've released has no payload and runs everything in the postinstall script, with a separate 7MB binary for Apple Silicon and 8MB for Intel.

!/bin/sh args="--verbose install --no-confirm --diagnostic-attribution=PKG-3C6F9A5D-5AD1-470C-94B2-CF4734B2128A" if /usr/sbin/sysctl -n machdep.cpu.brand_string | /usr/bin/grep -oi "Intel"; then exec ./nix-installer-x86_64-darwin $args else exec ./nix-installer-aarch64-darwin $args fi

Installer.app therefore has no idea what the size of the actual payload is, but that's only to stay on the measuring theme, there's way many other violations of logic where the people they've asked could've enlightened them/they could've taken hints and learned about Proper Packaging Principles.

Let's start with their recent announcement post which states it was created for these two benefits: a signed package 'for secur' (obvs), and since it's in the distribution format you can push via MDM (lol).

Why the snark? (Besides the fact very few people in their right mind trust MDM a.k.a. mgmt over UDP with software installation.) Why are those two points not obviously highest-value to have for the nix community? Well when what's really happening under the covers is shelling out to the binary you delivered, your process is not noticeably more advantageous than copying and pasting from the nix-installer README. Yes, you signed a script and sped up the process some amount by not needing to curl ~8MBs before the process begins. But that's not what made this first try at a 'graphical installer' post-worthy. (Hello, soon to be 2024! small 3-ish year slumber for ye olde tumblr).

It's the claim that ~I need to join YET ANOTHER DISCORD to provide feedback~ installation packages cannot 'provide custom parameters' - sure, if you want to build a graphical experience then you need to do more than deliver bits to disk. It's not like they didn't decide to code some stuff, there's two JS functions that run before you even decide to go ahead with the install, because they want to avoid conflicting with a previous install of nix-darwin or something. How folks have handled this is providing a GUI (via an installer plugin or a first-run experience) that takes whatever responses you want to prompt about and writes to an artifact on disk that the installer can also check for to supply defaults (and even enable enterprise distribution if it writes to either preference domains or uses standards like AppConfig).

We're rooting for you, nix friendlies, you're in the MacAdmins Slack... help us help you!