Zsh compinit warning on every shell session

busti · October 24, 2022, 7:10pm

I have zsh enabled globally on nix-darwin and on new users I am getting the following warning in the terminal:

zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]?

When I run compinit audit it reveals the responsible directories:

$ compaudit
There are insecure directories and files:
/nix/var/nix/profiles/default/share/zsh/site-functions
/nix/var/nix/profiles/default/share/zsh
/nix/var/nix/profiles/default/share/zsh
/nix/var/nix/profiles/default/share/zsh/site-functions/_nix

Is there any way to fix this issue / to suppress these messages?

nrdxp · October 24, 2022, 7:38pm

if you call compinit with the -u flag, it will suppress these warnings and assume they are safe to load

busti · October 24, 2022, 9:50pm

I believe that command is automatically added to the .zshrc file by home manager.
I have tried adding the following config option to my home.nix file but to no avail.

programs.zsh.completionInit = "autoload -U compinit && compinit -u";

This changes the command inside .zshrc but the error message still occurs. Changing it to autoload -U 'compinit -u' && compinit -u causes the following error message to appear:

zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]? ncompinit: initialization aborted
compinit: command not found

busti · October 24, 2022, 10:11pm

Seems like there is another zsh init file that gets run before ~/.zshrc
Even upon removing the line entirely the error stays the same.

busti · October 24, 2022, 10:52pm

Turns out nix darwin generates another zshrc in /etc/zshrc which contains the line.
I was able to disable it using programs.zsh.enableCompletion = false;

r.giskard · June 8, 2023, 9:00am

I’m having the same issue. On starting a new terminal I’m presented with:

Last login: Thu Jun  8 09:46:52 on ttys001
zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]?

I’ve tried using the programs.zsh.completionInit however checking the content /etc/zshrc file after running a switch reveals the original command without my change to the options.

Added to my flake.nix

programs.zsh.completionInit = "autoload -U compinit && compinit -u";

Content of /etc/zshrc

autoload -U promptinit && promptinit && prompt walters

autoload -U compinit && compinit
autoload -U bashcompinit && bashcompinit

I’d appreciate a hand in getting this sorted. Even a hack would be nice at this point.

Just to note that I’ve tried changing the permission of the files indicated by compaudit but this doesn’t fix the issue.

meztihn · August 4, 2023, 6:00pm

Changing to

programs.zsh.completionInit = "autoload -U compinit && compinit -i";

helped in my case (notice -i instead of -u).
Source: zsh docs 20.2.1 Use of compinit:
“…To avoid these tests and make all files found be used without asking, use the option -u, and to make compinit silently ignore all insecure files and directories use the option -i…”