gchristensen changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | 18.03 release managers: fpletz and vcunat | https://logs.nix.samueldr.com/nixos-dev
mbrgm has quit [Ping timeout: 255 seconds]
mbrgm has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
drakonis has quit [Remote host closed the connection]
__Sander__ has joined #nixos-dev
vcunat has joined #nixos-dev
vcunat has quit [Client Quit]
MichaelRaskin has quit [Quit: MichaelRaskin]
pie___ has quit [Ping timeout: 256 seconds]
pie___ has joined #nixos-dev
pie___ has quit [Ping timeout: 240 seconds]
Synthetica has joined #nixos-dev
vcunat has joined #nixos-dev
<Synthetica> Is it always okay to remove a `assert stdenv.system == "x86_64-linux";` if it's already mentioned in `meta.platforms`?
s33se has joined #nixos-dev
s33se has quit [Quit: s33se]
orivej has joined #nixos-dev
s33se has joined #nixos-dev
<LnL> yes, platforms shouldn't be asserted like that
<Dezgeg> IIRC there used to be reasons why that was necessary
<Dezgeg> maybe it's fixed now though, but if the package referenced something linux-specific, say stdenv.glibc, darwin users would get an `undefined attribute 'stdenv.glibc'` error
phreedom has quit [Ping timeout: 255 seconds]
Willi_Butz_ has joined #nixos-dev
niksnut_ has joined #nixos-dev
infinisil_ has joined #nixos-dev
<domenkozar> niksnut_: is key name part of secret/public key used for sigs? or does nix strip key name off when signing/verifying?
Willi_Butz has quit [*.net *.split]
obadz has quit [*.net *.split]
infinisil has quit [*.net *.split]
primeos has quit [*.net *.split]
niksnut has quit [*.net *.split]
disasm has joined #nixos-dev
<clever> domenkozar: from store-api.cc: sigs.insert(secretKey.signDetached(fingerprint()));, with fingerprint being the path, narhash, narsize, and list of references
<niksnut_> yes, it's used
<niksnut_> to look up the public key
<domenkozar> clever: yeah but is secretKey there
<domenkozar> random bits
<niksnut_> see verifyDetached
<niksnut_> auto ss = split(sig);
<domenkozar> or cache.nixos.org:bits
<niksnut_> auto key = publicKeys.find(ss.first);
<domenkozar> ah
<clever> i believe the name is only used to tell nix which public it should lookup in nix.conf
<clever> and you could rename it in both the signatures and nix.conf, and the signature would remain valid
<niksnut_> that's right
<niksnut_> I thought about trying all configured public keys
<niksnut_> but that would be slower
niksnut_ is now known as niksnut
<domenkozar> weird
<domenkozar> something is off, need to debug this :)
<clever> and it also acts as a hint about which key you should search for if you wish to trust a given binary cache
<domenkozar> I generate correct fingerprint
<domenkozar> and encode secret/public keys with base64
<domenkozar> which I think is standard one
<domenkozar> and signature still fails
<clever> domenkozar: nix-serve and perl?
primeos has joined #nixos-dev
<domenkozar> no, custom haskell :)
<clever> ah
<domenkozar> niksnut: oh another thing, user nix.conf and system nix.conf don't merge
obadz has joined #nixos-dev
<domenkozar> at least for substituters and trusted keys
<domenkozar> I assume user config should merge rather than override?
<clever> is that hercules i'm guessing?
<niksnut> domenkozar: ideally yes, but it doesn't at the moment
* aminechikhaoui thinks there should be a `nix configure` like `aws configure` :)
<domenkozar> ok so I'll need to read system config and add it to user config
<domenkozar> fun times :)
<domenkozar> niksnut: thanks!
<niksnut> domenkozar: you should check whether the string you're signing is the same as what fingerprint() generates
<domenkozar> yeah that's my next thing to check
<domenkozar> I guess I'll need to use C++ to check what Nix does
<domenkozar> s/does/returns/
<domenkozar> or perl
<domenkozar> + narHash.to_string(Base32) + ";"
<domenkozar> so that uses nix custom base32?
<vcunat> at least the fixed-output hashes seem to use the standard one
<domenkozar> nah it's the custom one
<domenkozar> damn, I hoped I could escape that one
<domenkozar> so even if narinfo hashes are flexible, fingerprint always uses base32
<domenkozar> kind of makes sense, so you can switch narinfo hashing, but signatures don't fall apart
<domenkozar> although they could be recalculated
<domenkozar> ok gonna try some shelling
genesis has quit [Ping timeout: 276 seconds]
genesis has joined #nixos-dev
infinisil_ has quit [Quit: Configuring ZNC, sorry for the join/quits!]
infinisil has joined #nixos-dev
phreedom has joined #nixos-dev
drakonis has joined #nixos-dev
__Sander__ has quit [Quit: Konversation terminated!]
primeos has quit [Ping timeout: 260 seconds]
primeos has joined #nixos-dev
phreedom_ has joined #nixos-dev
vcunat has quit [Quit: Leaving.]
phreedom has quit [Ping timeout: 255 seconds]
drakonis has quit [Remote host closed the connection]
Cale has joined #nixos-dev
Sonarpulse has joined #nixos-dev
obadz- has joined #nixos-dev
obadz has quit [Ping timeout: 256 seconds]
obadz- is now known as obadz
<niksnut> wtf is pkgs/top-level/unix-tools.nix?
<Synthetica> niksnut: it says at the top right?
<Synthetica> It repackages binaries that are often assumed to be available, but are in different packages in linux and darwin
<niksnut> okay, at first glance I thought it was a misguided attempt to abstract over coreutils
<niksnut> but if it's system-specific tools like mount I guess it's okay
<Synthetica> I'm just looking at it and wondering why it isn't using lib.mapAttrsToList instead of `foo = singleBinary "foo"`
lopsided98 has quit [Ping timeout: 260 seconds]
lopsided98 has joined #nixos-dev
lopsided98_ has joined #nixos-dev
lopsided98 has quit [Ping timeout: 265 seconds]
orivej has quit [Ping timeout: 264 seconds]
MichaelRaskin has joined #nixos-dev
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
lopsided98_ has quit [Quit: Disconnected]
orivej has joined #nixos-dev
lopsided98 has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
zybell has quit [Ping timeout: 256 seconds]
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
orivej has quit [Remote host closed the connection]
orivej has joined #nixos-dev
<Sonarpulse> niksnut: it's stuff like unix-tools that allows us to avoid the "conditional soup" when supporting weird platforms
zybell has joined #nixos-dev
pauldub_ has joined #nixos-dev
tilpner_ has joined #nixos-dev
cbarrett_ has joined #nixos-dev
sys9mm has joined #nixos-dev
sphalerite_ has joined #nixos-dev
layus_ has joined #nixos-dev
pauldub has quit [*.net *.split]
layus has quit [*.net *.split]
mingc has quit [*.net *.split]
tilpner has quit [*.net *.split]
fpletz has quit [*.net *.split]
rycee has quit [*.net *.split]
octe has quit [*.net *.split]
cbarrett has quit [*.net *.split]
sphalerite has quit [*.net *.split]
layus_ is now known as layus
pauldub_ is now known as pauldub
tilpner_ is now known as tilpner
fpletz has joined #nixos-dev
cbarrett_ is now known as cbarrett
octe has joined #nixos-dev
rycee has joined #nixos-dev
rycee has quit [Changing host]
rycee has joined #nixos-dev
obadz has quit [Ping timeout: 260 seconds]
obadz has joined #nixos-dev
pie_ has joined #nixos-dev
rycee has quit [*.net *.split]
rycee has joined #nixos-dev