| 2 Dec 2022 |
 @ask-yourself:matrix.org | Could anybody clarify why this is happening? | 12:44:21 |
| @ask-yourself:matrix.org | In the NixOS server the had me run nix store verify --all, which outputted:
.dotfiles on main [!?] ⊥ nix store verify --all
path '/nix/store/4nhcx0ndfa374cgvi6x9sg73prmxmc04-publicsuffix-list-2021-09-03' is untrusted
path '/nix/store/y1hybm8h1kln0hg06c42m4g1wsblc0ig-freefont-ttf-20120503' is untrusted
path '/nix/store/ah9gyp7rxak9ig2q829myn6172jn302f-hack-font-3.003' is untrusted
path '/nix/store/dbn507rrsmgmdxwknhb3554nmkl0kvgi-gyre-fonts-2.005' is untrusted
path '/nix/store/jcqky5xbknabz7wn5p90qk0g9s031yzb-nixos-22.05.2764.0ba2543f8c8' is untrusted
| 12:44:46 |
| @ask-yourself:matrix.org | But after that they were not sure where to go. They said it wasn't an eval issue, so I thought maybe it's Colmena? Not sure. | 12:45:13 |
| @ask-yourself:matrix.org | * inherit (config.lib.formats.rasi) mkLiteral;
| 12:45:29 |
 Wanja Hentze | In reply to @zhaofeng:zhaofeng.li
Have you tried `--evaluator streaming`? It makes evaluation actually parallel using nix-eval-jobs. It's not the default yet but may be soon yes, actually that's what made us move from morph to colmena | 13:42:23 |
| Wanja Hentze | brought down eval time from several minutes to a little over one minute, so that's great :) | 13:42:43 |
| Wanja Hentze | what also helped: using disabledModules extensively to blacklist things that we never use | 13:44:44 |
| Wanja Hentze | the streaming evaluator also brought down RAM usage from ~40GB to a little under 10 | 13:45:17 |
 Linux Hackerman | In reply to @ask-yourself:matrix.org
In the NixOS server the had me run nix store verify --all, which outputted:
.dotfiles on main [!?] ⊥ nix store verify --all
path '/nix/store/4nhcx0ndfa374cgvi6x9sg73prmxmc04-publicsuffix-list-2021-09-03' is untrusted
path '/nix/store/y1hybm8h1kln0hg06c42m4g1wsblc0ig-freefont-ttf-20120503' is untrusted
path '/nix/store/ah9gyp7rxak9ig2q829myn6172jn302f-hack-font-3.003' is untrusted
path '/nix/store/dbn507rrsmgmdxwknhb3554nmkl0kvgi-gyre-fonts-2.005' is untrusted
path '/nix/store/jcqky5xbknabz7wn5p90qk0g9s031yzb-nixos-22.05.2764.0ba2543f8c8' is untrusted
That means the path isn't signed by a key listed in trusted-public-keys | 13:52:19 |
| Linux Hackerman | if you deploy as root, you won't have this problem | 13:52:31 |
| Linux Hackerman | as is, you either need to make sure the machine you build on signs its paths (I wrote a little nixos module that does that https://github.com/NixOS/nix/issues/3023#issuecomment-781131502) and that the targets trust the key | 13:53:44 |
| Linux Hackerman | or add your deploy user to trusted-users, which is root-equivalent access | 13:54:03 |
| Linux Hackerman | Why don't you just deploy as root? | 13:54:26 |
| @ask-yourself:matrix.org | Thank you! | 14:00:02 |
| @ask-yourself:matrix.org | Yeah I accidentally removed this line while refactoring: trustedUsers = ["${user}"]; | 14:00:19 |
| @ask-yourself:matrix.org | What does it mean for a path to be untrusted? | 14:00:44 |
| @ask-yourself:matrix.org | * Thank you! Works now. | 14:01:03 |
| Linux Hackerman | In reply to @linus:schreibt.jetzt
That means the path isn't signed by a key listed in trusted-public-keys ^ this | 14:01:06 |
