drakonis has quit [Remote host closed the connection]
__Sander__ has joined #nixos-dev
vcunat has joined #nixos-dev
vcunat has quit [Client Quit]
MichaelRaskin has quit [Quit: MichaelRaskin]
pie___ has quit [Ping timeout: 256 seconds]
pie___ has joined #nixos-dev
pie___ has quit [Ping timeout: 240 seconds]
Synthetica has joined #nixos-dev
vcunat has joined #nixos-dev
<Synthetica>
Is it always okay to remove a `assert stdenv.system == "x86_64-linux";` if it's already mentioned in `meta.platforms`?
s33se has joined #nixos-dev
s33se has quit [Quit: s33se]
orivej has joined #nixos-dev
s33se has joined #nixos-dev
<LnL>
yes, platforms shouldn't be asserted like that
<Dezgeg>
IIRC there used to be reasons why that was necessary
<Dezgeg>
maybe it's fixed now though, but if the package referenced something linux-specific, say stdenv.glibc, darwin users would get an `undefined attribute 'stdenv.glibc'` error
phreedom has quit [Ping timeout: 255 seconds]
Willi_Butz_ has joined #nixos-dev
niksnut_ has joined #nixos-dev
infinisil_ has joined #nixos-dev
<domenkozar>
niksnut_: is key name part of secret/public key used for sigs? or does nix strip key name off when signing/verifying?
Willi_Butz has quit [*.net *.split]
obadz has quit [*.net *.split]
infinisil has quit [*.net *.split]
primeos has quit [*.net *.split]
niksnut has quit [*.net *.split]
disasm has joined #nixos-dev
<clever>
domenkozar: from store-api.cc: sigs.insert(secretKey.signDetached(fingerprint()));, with fingerprint being the path, narhash, narsize, and list of references
<niksnut_>
yes, it's used
<niksnut_>
to look up the public key
<domenkozar>
clever: yeah but is secretKey there
<domenkozar>
random bits
<niksnut_>
see verifyDetached
<niksnut_>
auto ss = split(sig);
<domenkozar>
or cache.nixos.org:bits
<niksnut_>
auto key = publicKeys.find(ss.first);
<domenkozar>
ah
<clever>
i believe the name is only used to tell nix which public it should lookup in nix.conf
<clever>
and you could rename it in both the signatures and nix.conf, and the signature would remain valid
<niksnut_>
that's right
<niksnut_>
I thought about trying all configured public keys
<niksnut_>
but that would be slower
niksnut_ is now known as niksnut
<domenkozar>
weird
<domenkozar>
something is off, need to debug this :)
<clever>
and it also acts as a hint about which key you should search for if you wish to trust a given binary cache
<domenkozar>
I generate correct fingerprint
<domenkozar>
and encode secret/public keys with base64
<domenkozar>
which I think is standard one
<domenkozar>
and signature still fails
<clever>
domenkozar: nix-serve and perl?
primeos has joined #nixos-dev
<domenkozar>
no, custom haskell :)
<clever>
ah
<domenkozar>
niksnut: oh another thing, user nix.conf and system nix.conf don't merge
obadz has joined #nixos-dev
<domenkozar>
at least for substituters and trusted keys
<domenkozar>
I assume user config should merge rather than override?
<clever>
is that hercules i'm guessing?
<niksnut>
domenkozar: ideally yes, but it doesn't at the moment
* aminechikhaoui
thinks there should be a `nix configure` like `aws configure` :)
<domenkozar>
ok so I'll need to read system config and add it to user config
<domenkozar>
fun times :)
<domenkozar>
niksnut: thanks!
<niksnut>
domenkozar: you should check whether the string you're signing is the same as what fingerprint() generates
<domenkozar>
yeah that's my next thing to check
<domenkozar>
I guess I'll need to use C++ to check what Nix does
<domenkozar>
s/does/returns/
<domenkozar>
or perl
<domenkozar>
+ narHash.to_string(Base32) + ";"
<domenkozar>
so that uses nix custom base32?
<vcunat>
at least the fixed-output hashes seem to use the standard one
<domenkozar>
nah it's the custom one
<domenkozar>
damn, I hoped I could escape that one
<domenkozar>
so even if narinfo hashes are flexible, fingerprint always uses base32
<domenkozar>
kind of makes sense, so you can switch narinfo hashing, but signatures don't fall apart
<domenkozar>
although they could be recalculated
<domenkozar>
ok gonna try some shelling
genesis has quit [Ping timeout: 276 seconds]
genesis has joined #nixos-dev
infinisil_ has quit [Quit: Configuring ZNC, sorry for the join/quits!]
infinisil has joined #nixos-dev
phreedom has joined #nixos-dev
drakonis has joined #nixos-dev
__Sander__ has quit [Quit: Konversation terminated!]
primeos has quit [Ping timeout: 260 seconds]
primeos has joined #nixos-dev
phreedom_ has joined #nixos-dev
vcunat has quit [Quit: Leaving.]
phreedom has quit [Ping timeout: 255 seconds]
drakonis has quit [Remote host closed the connection]
Cale has joined #nixos-dev
Sonarpulse has joined #nixos-dev
obadz- has joined #nixos-dev
obadz has quit [Ping timeout: 256 seconds]
obadz- is now known as obadz
<niksnut>
wtf is pkgs/top-level/unix-tools.nix?
<Synthetica>
niksnut: it says at the top right?
<Synthetica>
It repackages binaries that are often assumed to be available, but are in different packages in linux and darwin
<niksnut>
okay, at first glance I thought it was a misguided attempt to abstract over coreutils
<niksnut>
but if it's system-specific tools like mount I guess it's okay
<Synthetica>
I'm just looking at it and wondering why it isn't using lib.mapAttrsToList instead of `foo = singleBinary "foo"`
lopsided98 has quit [Ping timeout: 260 seconds]
lopsided98 has joined #nixos-dev
lopsided98_ has joined #nixos-dev
lopsided98 has quit [Ping timeout: 265 seconds]
orivej has quit [Ping timeout: 264 seconds]
MichaelRaskin has joined #nixos-dev
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
lopsided98_ has quit [Quit: Disconnected]
orivej has joined #nixos-dev
lopsided98 has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
zybell has quit [Ping timeout: 256 seconds]
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
orivej has quit [Remote host closed the connection]
orivej has joined #nixos-dev
<Sonarpulse>
niksnut: it's stuff like unix-tools that allows us to avoid the "conditional soup" when supporting weird platforms