| 18 Nov 2025 |
 raitobezarius | you are not going through the daemon, it works | 18:28:32 |
| raitobezarius | when you do your second command, you are going via the daemon which cannot make use of your private key material due to SSH permissions checks | 18:28:46 |
| raitobezarius | your SSH key material needs to live owned by root | 18:28:56 |
 Grimmauld (any/all) | but sk keys should work? | 18:29:34 |
| raitobezarius | it's independent to sk or not sk | 18:29:43 |
| raitobezarius | your private key material is considered insecure by SSH | 18:29:49 |
| raitobezarius | leading it not to use it for ssh connections | 18:29:54 |
| raitobezarius | cp id_ed25519_sk_nix_build in /etc/nix/id_ed25519_sk_nix_build, chown root:root on it, point your nix builder config to there and it should work | 18:30:52 |
| Grimmauld (any/all) | (thats dumb, the key is on the yubikey, unix permissions/ownership shouldn't matter at all... but oh well, not a lix issue) | 18:30:59 |
| raitobezarius | ssh is a bit dumb about this | 18:31:13 |
| raitobezarius | patches welcome to openssh | 18:31:21 |
| raitobezarius | but uhm | 18:31:23 |
| raitobezarius | we should have a doctor command for such things | 18:31:27 |
| raitobezarius | it's number 1 biggest UX cut in my nix life | 18:31:35 |
| Grimmauld (any/all) | ro /etc via overlayfs, i'll need to send it through the nix store (but thats alright, the private key isn't really private anyways) | 18:31:43 |
| raitobezarius | if you are willing to open an issue for this, that'd be great :) | 18:31:47 |
| raitobezarius | you don't have to put it in etc | 18:31:56 |
 Sofie 🏳️⚧️ (she/her) | how would one patch libreoffice?
do I patch libreoffice or libreoffice-qt6 or libreoffice-qt6-fresh?
It's just an simple regression patch
| 18:31:57 |
| raitobezarius | you can put it in var, in run, in whatever you want | 18:32:04 |
| raitobezarius | that's a K900 shaped question | 18:32:10 |
| Grimmauld (any/all) | nah it goes to etc, sounds about right | 18:32:34 |
| Sofie 🏳️⚧️ (she/her) | @k900 shaped creature is neededd | 18:32:35 |
| Sofie 🏳️⚧️ (she/her) | * K900 shaped creature is neededd | 18:32:41 |
| raitobezarius | hot take | 18:32:52 |
| raitobezarius | this is wrong | 18:32:53 |
| raitobezarius | this is state | 18:32:57 |
| raitobezarius | it should have been in /var/lib/sshd | 18:33:01 |
| raitobezarius | but this ship has sailed | 18:33:09 |
| Grimmauld (any/all) | not really? I am defining the key in my nix config and throwing the sk handle into the git repo, i don't see why this'd be considered state | 18:35:23 |
| raitobezarius | sk handles that lives in the private file is a special case, indeed | 18:35:54 |
