home-manager on Darwin: LaunchAgent fails with empty PATH, cannot find getconf

[ananthb]

The sops-nix home-manager LaunchAgent on macOS/Darwin fails with an empty PATH when no age plugins are configured, causing sops-install-secrets to fail because it cannot find the getconf utility.

The LaunchAgent exits with code 1 and logs show:

/nix/store/.../sops-install-secrets: cannot figure out runtime directory: cannot get DARWIN_USER_TEMP_DIR: exec: "getconf": executable file not found in $PATH

What I think is going on:

1. In modules/home-manager/sops.nix:368, the PATH environment variable is set to:

   PATH = lib.makeBinPath cfg.age.plugins;

2. When cfg.age.plugins is empty, this results in an empty PATH being set in the LaunchAgent plist.

3. In pkgs/sops-install-secrets/darwin.go:16, the code calls:

   exec.Command("getconf", "DARWIN_USER_TEMP_DIR")

4. With an empty PATH, getconf (which is at /usr/bin/getconf) cannot be found, causing the failure.

This affects all macOS users who use sops-nix with home-manager and don't have any age plugins configured.

I worked around it by manually adding a proper PATH to my home-manager configuration:

launchd.agents.sops-nix = pkgs.lib.mkIf pkgs.stdenv.isDarwin {
  enable = true;
  config = {
    EnvironmentVariables = {
      PATH = pkgs.lib.mkForce "/usr/bin:/bin:/usr/sbin:/sbin";
    };
  };
};

[Prince213]

As a workaround, pin sops-nix to d7593b8, right before #781 was merged.