| 4 Dec 2023 |
 Ilan Joselevich (Kranzes) | so many different issues saying different things | 15:19:37 |
 Lily Foster | that was removed in https://github.com/Yubico/libfido2/commit/2ba6c6afe5f2d1717bf366da043ccb515fbed8de | 15:19:48 |
| Lily Foster | so ssh-sk-helper is the equivalent to that lib now | 15:20:08 |
| Lily Foster | and is what we build | 15:20:10 |
| Lily Foster | we just don't have a way currently to use nixpkgs openssh's sshd instead of macOS's | 15:20:28 |
| Ilan Joselevich (Kranzes) | can we just use SK_PROVIDER thing for now? | 15:21:41 |
| Ilan Joselevich (Kranzes) | to test it out | 15:21:43 |
| Lily Foster | what, with apple's openssh? | 15:21:54 |
| Ilan Joselevich (Kranzes) | yeah | 15:22:07 |
| Ilan Joselevich (Kranzes) | I don't think I can't do that from my Linux system | 15:24:32 |
| Ilan Joselevich (Kranzes) | and not even sure if it works on Ventura | 15:24:43 |
| Lily Foster | that might work? it looks like you can set SSH_SK_PROVIDER in the env even if it was not compiled with support and have it dlopen the provider | 15:27:05 |
| Ilan Joselevich (Kranzes) | In reply to @lily:lily.flowers
lily@darwin03> sw_vers
ProductName: macOS
ProductVersion: 13.6.1
BuildVersion: 22G313
someone says it's fixed in macOS 13.2 RC (22D49) | 15:27:05 |
| Lily Foster | if it's a recent enough openssh version | 15:27:14 |
| Ilan Joselevich (Kranzes) | In reply to @kranzes:matrix.org
someone says it's fixed in macOS 13.2 RC (22D49) clearly not then, because we're on 13.6 | 15:27:26 |
| Lily Foster | idk if dlopen'ing the nixpkgs provider might work, but i support we could try it | 15:27:31 |
| Ilan Joselevich (Kranzes) | Is there anything I can do to help with this from a Linux system? | 15:27:54 |
| Lily Foster | not sure. it looks like sk-usbhid.c is the file that would need to be built as a standalone shared lib (with ENABLE_SK_INTERNAL defined and SK_STANDALONE defined), but the openssh build system doesn't seem to support that? | 15:38:25 |
| Ilan Joselevich (Kranzes) | Maybe I should just generate a key just for this? | 15:47:12 |
| Ilan Joselevich (Kranzes) | Im wondering if some tpm2 protected key will work | 15:47:34 |
| Ilan Joselevich (Kranzes) | Does MacOS support pkcs11 ssh stuff? | 15:48:39 |
| Lily Foster | probably? | 15:48:59 |
| Ilan Joselevich (Kranzes) | Honestly at this point I don't assume MacOS supports anything | 15:55:35 |
| 5 Dec 2023 |
|  @federicodschonborn:matrix.org changed their profile picture. | 00:38:09 |
 zowoq | In reply to @kranzes:matrix.org
Maybe I should just generate a key just for this? I think this is easiest option at the moment and I'll look into options for supporting fido keys on darwin. For now I've opened an issue to track this in the infra repo and I'll add a note to community builder docs that these keys aren't currently supported on darwin. | 07:00:32 |
| 6 Dec 2023 |
 matthewcroughan | is there a disko channel anywhere? matrix search is really really slow | 02:27:40 |
| Ilan Joselevich (Kranzes) | #disko:nixos.org | 02:29:46 |
| 7 Dec 2023 |
 raitobezarius | Mic92: I am shopping for bors alternatives, did you mention mergify last time? | 14:25:25 |
| raitobezarius | Is there something better in town? | 14:25:29 |
| raitobezarius | It seems mergify is very SaaS oriented | 14:25:35 |
