#nixos-borg on 2019-04-15

2018-04-19 20:36 gchristensen changed the topic of #nixos-borg to: https://www.patreon.com/ofborg https://monitoring.nix.ci/dashboard/db/ofborg?refresh=10s&orgId=1&from=now-1h&to=now "I get to skip reviewing the PHP code and just wait until it is rewritten in something sane, like POSIX shell. || https://logs.nix.samueldr.com/nixos-borg

00:18 <infinisil> Well darn https://github.com/openssl/openssl/issues/6988

00:18 <{^_^}> openssl/openssl#6988 (by parasssh, 34 weeks ago, open): Support Ed25519 sign/verify operations from OpenSSL CLI

00:54 orivej has quit [Ping timeout: 255 seconds]

01:39 <gchristensen> oh good grief, the darwin build queue is big

01:54 <infinisil> gchristensen: I have some bash for ya

01:55 <infinisil> To generate an (encrypted) RSA private key: openssl genpkey -algorithm rsa -aes-256-cbc -out private_key

01:55 <infinisil> (drop the -aes-256-cbc if you don't want to encrypt it)

01:55 <infinisil> To derive the public key: openssl pkey -in private_key -pubout -out public_key

01:56 <infinisil> To create a base64 signature: openssl dgst -sign private_key -pass pass:<password> message_file | openssl base64 -e -out signature

01:57 <infinisil> (drop the -pass .. if you didn't encrypt the private key, also supports -pass env:PASSWORD)

01:57 <infinisil> And on my end I'll verify with: openssl dgst -verify public_key -signature <(openssl base64 -in signature -d) message_file

02:21 <gchristensen> thanks, infinisil !

02:22 <gchristensen> I very dearly wish I could easily get darwin build cores :(

02:48 <infinisil> (also you might want to remove \n from the signature)

05:08 MichaelRaskin has quit [Quit: MichaelRaskin]

08:20 orivej has joined #nixos-borg

12:33 orivej has quit [Ping timeout: 255 seconds]

14:05 andi- has quit [Ping timeout: 250 seconds]

14:11 andi- has joined #nixos-borg

14:21 andi- has quit [Excess Flood]

14:25 andi- has joined #nixos-borg

14:50 andi- has quit [Ping timeout: 240 seconds]

14:57 andi- has joined #nixos-borg

15:07 orivej has joined #nixos-borg

15:50 <samueldr> is it a failure that ofborg should (with appropriate addition) detect?

15:50 <samueldr> https://hydra.nixos.org/build/92258938

15:50 <samueldr> it's on tarball *build*

15:51 <gchristensen> would-be-nice, but-not-yet

15:51 <samueldr> not yet because of?

15:51 <gchristensen> ofborg doesn't build untrusted stuff

15:51 <samueldr> I guess "checks don't build" or something like that?

15:51 <samueldr> yeah

15:52 <gchristensen> that is a high priority thing for me

15:52 <samueldr> and I see how "but tarball is not scary" is scary since a PR can be opened and replace tarball with anything :)

15:53 <gchristensen> or any of its dependencies :)

15:54 <samueldr> though here warnings on the module system could realistically be an eval thing like check meta?

15:54 <samueldr> (not as useful as a full blown tarball build though)

15:57 <gchristensen> ah!

15:57 <gchristensen> yev

15:57 <gchristensen> yes

15:57 <gchristensen> the evalution stats work I'm doing could catch that, as it reads stderr for stats

15:57 <gchristensen> and that'd cause a failure to read stats

21:56 orivej has quit [Read error: Connection reset by peer]

21:57 orivej has joined #nixos-borg