| 23 Oct 2024 |
 commiterate | That openssl dgst line was definitely what I was missing. Each public key block has a bunch of metadata comments (think of this as a header), the public key line, and a base64-encoded SHA-256 + RSA-PSS signature. This signature is for the metadata comments + public key line.
Since that's signed by an EIC signer cert which rolls all the way up to an Amazon CA, it's protected from spoofing.
| 05:09:02 |
| commiterate | * That openssl dgst line was definitely what I was missing. Each public key block has a bunch of metadata comments (think of this as a header), the public key line, and a base64-encoded SHA-256 + RSA-PSS signature. This signature is for the metadata comments + public key line.
Since that's signed by an EIC signer cert which rolls all the way up to an Amazon root cert, it's protected from spoofing.
| 05:09:37 |
|  @luna-null:matrix.org changed their display name from Autumn to luna-null. | 09:49:18 |
| 25 Oct 2024 |
|  lholh joined the room. | 03:54:55 |
|  shift joined the room. | 12:51:26 |
|  xenos76 joined the room. | 13:58:52 |
|  @niclasoverby:beeper.com joined the room. | 13:59:32 |
| 26 Oct 2024 |
|  dbalan joined the room. | 09:49:21 |
| 27 Oct 2024 |
 Arian | there is EIC support for MacOS? | 13:25:01 |
| dbalan | Arian: 👋 Is your nixcon slidedeck up somewhere? | 13:36:29 |
| Arian | https://arianvp.github.io/nixcon2024/slides/reveal.js-master/ | 13:43:10 |
| Arian | added the link to pretalx as well | 13:44:42 |
| dbalan | In reply to @arianvp:matrix.org
https://arianvp.github.io/nixcon2024/slides/reveal.js-master/ thx! | 13:50:55 |
| dbalan | Do you have any strategy for rolling back stateful services, if the activation fails for a new config? | 13:55:30 |
| Arian | Currently not. We manually rollback the instances through grub. But I want to look at automatic boot assessement features that were added to NixOS recently to automate this | 14:32:02 |
| Arian | e.g. reboot into previous boot entry if health check fails | 14:32:10 |
|  Ilan Joselevich (Kranzes) joined the room. | 16:24:21 |
| commiterate | There is apparently. | 17:40:23 |
| commiterate | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html
If you launched your instance using a later version of Amazon Linux, macOS Sonoma, macOS Ventura, macOS Monterey, or Ubuntu, it comes pre-installed with EC2 Instance Connect, and therefore you do not need to install it yourself.
| 17:41:15 |
| commiterate | There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation should support it (can generate the AuthorizedKeysCommand exec as a .exe) | 18:55:37 |
| commiterate | * There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation should support it (can generate the AuthorizedKeysCommand exec as a .exe and I'm only using the Go crypto library) | 18:55:47 |
| commiterate | * There should be nothing stopping them for Windows as well since OpenSSH supports Windows. My re-implementation supports it (can generate the AuthorizedKeysCommand exec as a .exe and I'm only using the Go crypto library) | 18:56:02 |
| 28 Oct 2024 |
|  @karstenpedersen:matrix.org joined the room. | 09:52:06 |
| Arian | https://www.youtube.com/watch?v=0yb05mq9lLM is basically my whole talk in 2 minutes . | 10:18:28 |
| Arian | * https://www.youtube.com/watch?v=0yb05mq9lLM is basically my whole talk in 2 minutes . Very similar deploy process but using FH instead of S3 for caching | 10:18:42 |
| 29 Oct 2024 |
| shift changed their profile picture. | 15:09:01 |
| 30 Oct 2024 |
| @karstenpedersen:matrix.org set a profile picture. | 19:03:44 |
| @karstenpedersen:matrix.org changed their profile picture. | 19:07:58 |
| 5 Nov 2024 |
|  tuxiqae joined the room. | 16:14:29 |
| 6 Nov 2024 |
| tuxiqae | Heyo, I'm trying to create an AWS AMI using an image I've created using Disko
But now that I've uploaded the image onto S3 and tried importing it using aws ec2 import-image I get the following error (when describe-import-image-tasksing the task)
ClientError: Unable to find an etc directory with fstab.
Any idea what's the cause?
| 12:08:32 |
