Nix on macOS Ventura

My mac development machine is fully managed by nix (home-manager and nix-darwin) and I’m wondering if it’s safe to upgrade to macOS Ventura? Are there any gotchas?


I have the same question. Looking at nixpkgs, there is a single issue related to Ventura: nix-build Segmentation fault on MacOS Ventura (with sandbox enabled) · Issue #6836 · NixOS/nix · GitHub

But I’m hoping somebody else will dare to take the first step and let the rest of us know if it is safe to upgrade. :slight_smile:

EDIT: I upgraded to Ventura; no issues with Nix.


I’ve been running nix-darwin + home-manager on the betas for a while now (on an x86_64 machine). The only issue I ran into was with the sandbox, back when I first installed the beta I was getting a bunch of sandbox errors that I interpreted as meaning the Nix sandbox profile needed to be updated. I ended up just disabling the sandbox and I haven’t checked again to see if that was ever fixed.


I’ve been using nix-darwin, home-manager, and nixpkgs-unstable on Ventura on an M1 MacBook Pro for several months with only one issue: the font management in nix-darwin doesn’t work on Ventura. (There’s an issue in the nix-darwin tracker for this.)

I’ve pretty much never used the Nix sandbox on macOS due to numerous issues with it, all of which (in my case) pre-date Ventura.


I have the same machine, so that’s encouraging. However, I’m curious if you upgraded macOS to Ventura with an existing working nix setup, or did you set up nix afterward?

Notarized binary packages can’t be modified anymore. They are now checked every time they are launched instead of just the first time. That required changes to iTerm2 and VS Code to prevent the derivation from changing scripts to use interpreters in the nix store. There may be other packages that are affected as well.


I just updated my M1 Max to Ventura and my existing Nix install seems to work just fine, including the sandbox. The aforelinked sandbox issue doesn’t seem to occur anymore (I still get the logs about deny file-read-metadata but the nix build itself works).