bennofs__ has quit [Ping timeout: 252 seconds]
bennofs_ has joined #nixos-aarch64
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-aarch64
h0m1 has quit [Ping timeout: 250 seconds]
h0m1 has joined #nixos-aarch64
rajivr has joined #nixos-aarch64
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-aarch64
cole-h has quit [Ping timeout: 252 seconds]
<sphalerite> dotlambda: yes they will if you use it as a remote builder
<sphalerite> dotlambda: the remote build mechanism doesn't use signatures at all
justanotheruser has quit [Ping timeout: 260 seconds]
zupo has joined #nixos-aarch64
zupo has quit [Client Quit]
<dotlambda> sphalerite: And whose signature will they bear?
<dotlambda> That matters if you e.g. wanna copy them to a different machine
<sphalerite> dotlambda: none, or your laptop's. Not sure on that one
<sphalerite> ("laptop" = "machine triggering the remote builds")
<sphalerite> dotlambda: ok, never mind, it does have a signature from the remote builder, provided the remote builder actually signs anything
<dotlambda> sphalerite: If find that all quite counterintuitive, as you have to trust a subtituter's signature
<dotlambda> Also, I can't find anything on the subject in `man nix.conf`.
<sphalerite> dotlambda: nix's trust model isn't that useful anyway, as it stands.
<dotlambda> sphalerite: That's a big bummer. So essentially it's only used for substituters, for the rest we have to trust the SSH keys?
<sphalerite> dotlambda: pretty much
<sphalerite> dotlambda: the thing is, signatures on paths don't take into account the provenance of any of the dependencies
<dotlambda> sphalerite: I'm okay with that, I have to trust who's trusted by someone I trust.
<sphalerite> dotlambda: and machines performing remote builds have to trust the initiating machines fully anyway
<dotlambda> sphalerite: Of course. I was thinking from the other angle: There's really no reason to use the community build box as a remote builder because I don't want its resuts to end up in my Nix store, so I guess it makes sense if I have to ssh into it.
<sphalerite> yeah
<sphalerite> you could of course use the community builder as a remote builder with a chroot store
orivej has quit [Ping timeout: 265 seconds]
bennofs_ has quit [Read error: Connection reset by peer]
bennofs_ has joined #nixos-aarch64
zupo has joined #nixos-aarch64
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zupo has joined #nixos-aarch64
dev_mohe has joined #nixos-aarch64
dev_mohe has quit [Client Quit]
superherointj has joined #nixos-aarch64
vikanezrimaya has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-aarch64
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dev_mohe has joined #nixos-aarch64
justanotheruser has joined #nixos-aarch64
dev_mohe has quit [Ping timeout: 250 seconds]
cole-h has joined #nixos-aarch64
bennofs_ has quit [Read error: Connection reset by peer]
bennofs_ has joined #nixos-aarch64
justanotheruser has quit [Ping timeout: 246 seconds]
dev_mohe has joined #nixos-aarch64
justanotheruser has joined #nixos-aarch64
dev_mohe has quit [Remote host closed the connection]
dev_mohe has joined #nixos-aarch64
dev_mohe1 has joined #nixos-aarch64
apache8080 has joined #nixos-aarch64
dev_mohe has quit [Ping timeout: 250 seconds]
dev_mohe1 is now known as dev_mohe
apache8080 has quit [Client Quit]
apache8080 has joined #nixos-aarch64
<apache8080> I have been going through the kernel build setup for the raspberrypi and I am confused on where the platforms.nix stuff gets used by the linux-rpi.nix file
<apache8080> In general I don't get how the platforms.nix file gets used
<samueldr> "the raspberry pi" there is no such thing :)
<samueldr> 0, 1, 2, 3, 4?
<apache8080> specifically 3
<apache8080> but there is also a raspberrypi set in the platforms.nix file that sets stuff like the kernel version and defconfig
rajivr has quit [Quit: Connection closed for inactivity]
<samueldr> the raspberrypi in platforms.nix should be "raspberrypi-flavoured-armv6l-linux" :)
<samueldr> I'm not really sure how extraConfig is used there, if even used
<apache8080> ok, what I am trying to do is add support for a new board using the upstream kernel build setup and was wondering if I had to add it to the platforms.nix file?
<samueldr> "support for a new board", sorry to be a bit pedant, but I want to make sure I understand what you mean
<samueldr> you have an ARM board, and want to make it work with NixOS, right?
<apache8080> I have an iMX8 from nxp and want to build a NixOS image on it
<samueldr> good
<samueldr> don't look at platforms.nix
<samueldr> it is supported by the mainline kernel, right?
<samueldr> or does it require a vendor tree?
<apache8080> vendor tree
<samueldr> which board?
<samueldr> (there might be already people who did some community work)
<samueldr> e.g. here's for the mnt-reform https://github.com/NixOS/nixos-hardware/pull/247
<{^_^}> nixos-hardware#247 (by ehmry, 5 weeks ago, open): Add mnt-reform2-nitrogen8m
<apache8080> imx8 M Plus EVK
zupo has joined #nixos-aarch64
<samueldr> I'm not saying it's "the" approach, but it's "an" approach a user went with
zupo has quit [Client Quit]
<samueldr> generally speaking, with board-specific vendor kernels, the approach is to provide a new pair of `linux_XXX` and `linuxPackages_XXX` attrsets in `pkgs`
<samueldr> (e.g. through an overlay)
<samueldr> then you would be able to have a customized sd image build based on https://github.com/NixOS/nixpkgs/tree/master/nixos/modules/installer/sd-card
<apache8080> are the derivations in pkgs/os-specific/linux/kernel an example of this?
<samueldr> (sorry, there's no clear porting guide at this point)
<samueldr> kind of
<samueldr> the link for the mnt-reform is another example
<samueldr> which is out of Nixpkgs
<samueldr> note that we are not planning to accept any vendor-specific kernel trees anymore
<samueldr> in Nixpkgs outright
<apache8080> oh ok, good to know
<samueldr> but we are accepting configuration changes from the mainline / upstream linux kernel if options can help :)
<samueldr> (and modules to add to stage-1 for mainline linux)
<samueldr> then there's the question of your "initial boot firmware"
<samueldr> e.g. your u-boot install
<samueldr> it may or may not require the sd image to be further customized, either out of band or in the build
<samueldr> depending on what exactly you want to achieve
sphalerite has joined #nixos-aarch64
dev_mohe has quit [Ping timeout: 260 seconds]
<apache8080> smaueldr: thanks for the help on this, makes more sense now
monk has left #nixos-aarch64 ["Error from remote client"]
monk has joined #nixos-aarch64
dev_mohe has joined #nixos-aarch64
apache8080 has quit [Ping timeout: 260 seconds]
dev_mohe has quit [Client Quit]
zupo has joined #nixos-aarch64
<mvnetbiz_> Has anyone shared anything about running nixos on Xilinx mpsoc dev boards?
zupo has quit [Ping timeout: 265 seconds]
zupo has joined #nixos-aarch64
apache8080 has joined #nixos-aarch64
<samueldr> since I can't shut up about booting on ARM, I wrote some words
<samueldr> and did some things
justanotheruser has quit [Ping timeout: 276 seconds]
apache8080 has quit [Ping timeout: 252 seconds]
justanotheruser has joined #nixos-aarch64
<dotlambda> samueldr" "even for all its defaults" Do you mean "even for all its defects"?
<samueldr> yes
<colemickens> oh hey congrats
cptchaos83 has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
cptchaos83 has joined #nixos-aarch64
<samueldr> dotlambda: faults, not defects!
* samueldr fixes again
<samueldr> in french you'd realistically use the same word for the three here in many cases [defects, faults, defaults] confusingly enough
superherointj has quit [Quit: Leaving]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]