<sphalerite>
dotlambda: yes they will if you use it as a remote builder
<sphalerite>
dotlambda: the remote build mechanism doesn't use signatures at all
justanotheruser has quit [Ping timeout: 260 seconds]
zupo has joined #nixos-aarch64
zupo has quit [Client Quit]
<dotlambda>
sphalerite: And whose signature will they bear?
<dotlambda>
That matters if you e.g. wanna copy them to a different machine
<sphalerite>
dotlambda: none, or your laptop's. Not sure on that one
<sphalerite>
("laptop" = "machine triggering the remote builds")
<sphalerite>
dotlambda: ok, never mind, it does have a signature from the remote builder, provided the remote builder actually signs anything
<dotlambda>
sphalerite: If find that all quite counterintuitive, as you have to trust a subtituter's signature
<dotlambda>
Also, I can't find anything on the subject in `man nix.conf`.
<sphalerite>
dotlambda: nix's trust model isn't that useful anyway, as it stands.
<dotlambda>
sphalerite: That's a big bummer. So essentially it's only used for substituters, for the rest we have to trust the SSH keys?
<sphalerite>
dotlambda: pretty much
<sphalerite>
dotlambda: the thing is, signatures on paths don't take into account the provenance of any of the dependencies
<dotlambda>
sphalerite: I'm okay with that, I have to trust who's trusted by someone I trust.
<sphalerite>
dotlambda: and machines performing remote builds have to trust the initiating machines fully anyway
<dotlambda>
sphalerite: Of course. I was thinking from the other angle: There's really no reason to use the community build box as a remote builder because I don't want its resuts to end up in my Nix store, so I guess it makes sense if I have to ssh into it.
<sphalerite>
yeah
<sphalerite>
you could of course use the community builder as a remote builder with a chroot store
orivej has quit [Ping timeout: 265 seconds]
bennofs_ has quit [Read error: Connection reset by peer]
bennofs_ has joined #nixos-aarch64
zupo has joined #nixos-aarch64
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zupo has joined #nixos-aarch64
dev_mohe has joined #nixos-aarch64
dev_mohe has quit [Client Quit]
superherointj has joined #nixos-aarch64
vikanezrimaya has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-aarch64
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dev_mohe has joined #nixos-aarch64
justanotheruser has joined #nixos-aarch64
dev_mohe has quit [Ping timeout: 250 seconds]
cole-h has joined #nixos-aarch64
bennofs_ has quit [Read error: Connection reset by peer]
bennofs_ has joined #nixos-aarch64
justanotheruser has quit [Ping timeout: 246 seconds]
dev_mohe has joined #nixos-aarch64
justanotheruser has joined #nixos-aarch64
dev_mohe has quit [Remote host closed the connection]
dev_mohe has joined #nixos-aarch64
dev_mohe1 has joined #nixos-aarch64
apache8080 has joined #nixos-aarch64
dev_mohe has quit [Ping timeout: 250 seconds]
dev_mohe1 is now known as dev_mohe
apache8080 has quit [Client Quit]
apache8080 has joined #nixos-aarch64
<apache8080>
I have been going through the kernel build setup for the raspberrypi and I am confused on where the platforms.nix stuff gets used by the linux-rpi.nix file
<apache8080>
In general I don't get how the platforms.nix file gets used
<samueldr>
"the raspberry pi" there is no such thing :)
<samueldr>
0, 1, 2, 3, 4?
<apache8080>
specifically 3
<apache8080>
but there is also a raspberrypi set in the platforms.nix file that sets stuff like the kernel version and defconfig
rajivr has quit [Quit: Connection closed for inactivity]
<samueldr>
the raspberrypi in platforms.nix should be "raspberrypi-flavoured-armv6l-linux" :)
<samueldr>
I'm not really sure how extraConfig is used there, if even used
<apache8080>
ok, what I am trying to do is add support for a new board using the upstream kernel build setup and was wondering if I had to add it to the platforms.nix file?
<samueldr>
"support for a new board", sorry to be a bit pedant, but I want to make sure I understand what you mean
<samueldr>
you have an ARM board, and want to make it work with NixOS, right?
<apache8080>
I have an iMX8 from nxp and want to build a NixOS image on it
<samueldr>
good
<samueldr>
don't look at platforms.nix
<samueldr>
it is supported by the mainline kernel, right?
<samueldr>
or does it require a vendor tree?
<apache8080>
vendor tree
<samueldr>
which board?
<samueldr>
(there might be already people who did some community work)
<samueldr>
I'm not saying it's "the" approach, but it's "an" approach a user went with
zupo has quit [Client Quit]
<samueldr>
generally speaking, with board-specific vendor kernels, the approach is to provide a new pair of `linux_XXX` and `linuxPackages_XXX` attrsets in `pkgs`