| 24 Aug 2023 |
 @linus:schreibt.jetzt | might work if you pass --store file:///... | 15:13:18 |
| @linus:schreibt.jetzt | (or s3:/// or whatever, as appropriate) | 15:13:27 |
 @brian:bmcgee.ie | That means copying from that store into your local. I'm looking at updating a remote cache after i've signed something again locally | 15:13:55 |
| @linus:schreibt.jetzt | no, --store is the "destination" store | 15:14:19 |
| @brian:bmcgee.ie | Well I don't have a use case, just wanted to confirm that uploading a narinfo is a one and done action. You have to remove it remotely in order to upload again | 15:14:20 |
| @linus:schreibt.jetzt | --substituter is where it's copied from | 15:14:33 |
| @brian:bmcgee.ie | 
Download image.png | 15:14:40 |
| @linus:schreibt.jetzt | to be clear, I'm not sure if it actually works, but using --store should be the right way to express what you want | 15:15:39 |
| @brian:bmcgee.ie | just playing around with it to see | 15:15:52 |
| @brian:bmcgee.ie | nix store copy-sigs -s http://localhost:3000 nixpkgs#hello --refresh --debug is showing the following | 15:17:23 |
| @brian:bmcgee.ie | downloading 'http://localhost:3000/ibpsas4imhv84qmdk5ffh51y0ayrqa94.narinfo'...
starting download of http://localhost:3000/ibpsas4imhv84qmdk5ffh51y0ayrqa94.narinfo
finished download of 'http://localhost:3000/ibpsas4imhv84qmdk5ffh51y0ayrqa94.narinfo'; curl status = 0, HTTP status = 200, body = 1344 bytes
imported 0 signatures
download thread shutting down
| 15:17:35 |
| @linus:schreibt.jetzt | --store, not --substituter | 15:17:42 |
| @linus:schreibt.jetzt | -s is --substituter | 15:17:50 |
| @brian:bmcgee.ie | ah ... fuck me | 15:17:51 |
| @brian:bmcgee.ie | nix sign-paths --store <store> -k <private key> <path> from the first issue was the one that worked. Copy didn't seem to | 15:22:11 |
| @linus:schreibt.jetzt | yeah, I'm not surprised at nix copy not changing the narinfo | 15:23:53 |
| @brian:bmcgee.ie | It seems to be fetching the narinfo from the remote, adding the signature and doing a PUT back. Slight window for issues there but I imagine it's a small one | 15:24:02 |
| @brian:bmcgee.ie | unlikely to be adding 2 signatures at once from different sources | 15:24:22 |
| @linus:schreibt.jetzt | yeah I'm not sure it's possible to improve that, at least with the HTTP API | 15:24:53 |
| @linus:schreibt.jetzt | wait no | 15:24:58 |
| @linus:schreibt.jetzt | there are headers for conditional update, aren't there? | 15:25:10 |
| @brian:bmcgee.ie | i was just about to check for that :) | 15:25:18 |
| @brian:bmcgee.ie | I remember e-tags but it's been a while since i looked into this | 15:25:42 |
| @brian:bmcgee.ie | Gonna capture what nix is doing to see if it's setting anything | 15:25:52 |
| @linus:schreibt.jetzt | at the same time, I think it's fair enough to just not implement it | 15:25:55 |
| @brian:bmcgee.ie | Can confirm, Nix isn't setting anything special on the request | 15:26:58 |
| @brian:bmcgee.ie | A PATCH would technically be the 'correct' way to do this I guess | 15:27:29 |
| @brian:bmcgee.ie | Or it looks like ETag and If-Match is how you can prevent this https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#avoiding_mid-air_collisions | 15:28:56 |
| @brian:bmcgee.ie | Nix client would refresh and try again | 15:29:34 |
| @linus:schreibt.jetzt | I think generally something like attic is a better approach to a binary cache anyway | 15:29:51 |
