| 20 Oct 2025 |
 mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option `signing.keyStorePath' was accessed but has no value defined. Try setting the option. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:45:59 |
| mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option \signing.keyStorePath' was accessed but has no value defined. Try setting the option`. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:46:03 |
| mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option \signing.keyStorePath' was accessed but has no value defined. Try setting the option`. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:46:12 |
| mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option signing.keyStorePath' was accessed but has no value defined. Try setting the option\. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:46:22 |
| mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option signing.keyStorePath' was accessed but has no value defined. Try setting the option. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:46:26 |
| mio | * releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option 'signing.keyStorePath' was accessed but has no value defined. Try setting the option. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist | 02:46:37 |
| mio | my robotnix configurations https://github.com/mio-19/repo/tree/be7233a5b378bd53ef2a1a4c4d1315974d95ac59 | 02:48:35 |
 x10an14 | Have you tried setting absolute path for keys? On phone, can't check code | 06:41:32 |
| x10an14 | People normally tend to use something like age/sops-nix/clan vars for provisioning secrets, where the tooling can supply a ready-made absolute path ready @ system activation | 06:43:18 |
 atemu12 | In reply to @mio:chat.mio19.uk
releaseScript says: evaluation warning: releaseScript should be used only if signing.enable = true; Otherwise, the build might be using incorrect keys / certificate metadata. I set signing.enable = true; then I got an error error: The option `signing.keyStorePath' was accessed but has no value defined. Try setting the option. I set it to /keys and added --impure error: path '/keys/f-droid.x509.pem' does not exist Hmm, that sounds like a bug in the release script. @cyclopentane:aidoskyneen.eu tested it for GOS but I'm not sure about LOS. | 08:45:45 |
| atemu12 | --impure won't make paths available in the sandbox btw. | 08:46:15 |
| atemu12 | That reqires additional setup | 08:46:34 |
| atemu12 | Pretty sure the docs mention it | 08:46:48 |
| mio | Atemu I successfully built los23 with robotnix - https://github.com/nix-community/robotnix/pull/306 | 08:53:47 |
| atemu12 | Very cool! | 09:21:53 |
| 21 Oct 2025 |
| mio | I am worried that malicious software might use the publicly available signing key to gain permission on my system. Is it fine as long as I don't download random apk | 07:25:59 |
| mio | * I am worried that malicious software might use the publicly available default test signing key to gain permission on my system. Is it fine as long as I don't download random apk | 07:26:40 |
| atemu12 | Yup | 07:41:09 |
| atemu12 | And even then it'd need to install itself as an existing system app | 07:41:43 |
| atemu12 | The only thing you really lose is protection against evil maids and I don't think you're sufficiently proteced against those with signing either, so that's why I never bothered | 07:43:13 |
| 23 Oct 2025 |
 pentane ⭔ | btw mio - sorry for not taking care of your PR earlier, had a lot to do these days. I'm currently running a test build for my device (FP4), and another bump today. Is it okay if I cherry-pick your mke2fs commit and add you as a co-author to the version bump I'm currently running? | 11:39:18 |
| pentane ⭔ | (had to rewrite the avbtool patch unfortunately because it breaks GrapheneOS) | 11:39:40 |
 puffnfresh | > ninja: build stopped: subcommand failed.
> 21:30:16 ninja failed with: exit status 1
>
> #### failed to build some targets (10:18:37 (hh:mm:ss)) ####
>
For full logs, run:
nix log /nix/store/2iqphyk1l3q5d0l6wb5cagzal195vaxv-robotnix-shiba-2025100900.drv
failed after 10 hous 😢
| 21:36:22 |
| puffnfresh | ran out of disk space at 99% 🙃 | 21:38:18 |
| atemu12 | been there, done that lol | 21:59:42 |
| 25 Oct 2025 |
| mio | yes | 02:15:57 |
| 27 Oct 2025 |
| puffnfresh | I've got Robotnix built GrapheneOS on my Pixel 8 and despite the README, I'm pretty happy and I'm going to use it as my daily phone | 22:19:53 |
| puffnfresh | I had to hack up the release scripts a bunch to get it signed, so I'll try to turn that into a PR of some sort | 22:20:11 |
| pentane ⭔ | that'd be great! | 22:21:16 |
| pentane ⭔ | I've been wanting to take care of the signing for months now but never got around to | 22:21:36 |
