| 26 Feb 2024 |
 martiert | think I found it out. Needs to be store_uri = daemon?secret_key=... And without quoting the URI like I did | 18:29:33 |
 tomberek | There we go. Possible that "auto" can work. | 18:36:44 |
| tomberek | The idea is that that store setting should ensure the packages are all signed as they are created. | 18:37:17 |
| martiert | yeah, so packages already created would not be signed then? And I would potentially need to manually sign them? | 18:37:56 |
| martiert | hmmm... for some reason it's still failing to verify. I tried manually signing a package, and I see it is signed, but not with a key in the trusted-public-keys, though my key is in there. | 18:39:57 |
| martiert | I made the key with nix key generate-secret --key-name hydra.localdomain > secret_keyfile, and the public key using cat secret_keyfile | nix key convert-secret-to-public | 18:44:31 |
| martiert | though I generated them on another machine, and put them on the hydra server using agenix, but that shouldn't matter I think | 18:45:07 |
| martiert | hmmm... I do see it's signed if I query the path directly on the hydra server, but there is no signature if I do curl http://hydra.localdomain/<somehash>.narinfo Can I do anything to retroactively sign a store path? | 18:58:24 |
| tomberek | Yes, nix store sign can help you here. There are some UX issues with signing. I wrote some of that down here: https://github.com/NixOS/nix/issues/6960#issuecomment-1383352182 | 19:01:17 |
| martiert | I did try nix store sign --recursive --key-file /run/agenix/my_keyfile /nix/store/<hash>-linux-6.7.3, which is signed if I check it locally, but not if I try to query it from remote. So I guess I should use nix copy --to "daemon?secret-key=/run/agenix/my_keyfile"(?) but that looks for a flake.nix | 19:09:56 |
| martiert | which fails due to the secret-key option not being recognized. | 19:36:45 |
| martiert | Guess the easiest is to just wait for the next update that runs the builds again and just let hydra fix it for me :) | 19:47:52 |
 K900 | https://github.com/NixOS/hydra/pull/1364 should be good to merge now | 19:49:32 |
 raitobezarius | I mentioned to the governance channel that I'd like to discuss sunsetting/archiving the Hydra repository of nixos/ in https://matrix.to/#/!VyoUhyWvlhSpFWWxHL:matrix.org/$u9xOox5KLllPqyj72dwxUniBCoB5ejRSj0IqeSYSsPI?via=nixos.org&via=matrix.org&via=hufschmitt.net which is of interest to this channel | 20:19:31 |
| 28 Feb 2024 |
| martiert | I'm still not getting the hydra built packages signed. My definition for the hydra worker can be found in: https://github.com/martiert/nixos-config/blob/main/hosts/mattrim/default.nix are anyone able to see why it's not getting signed? | 08:11:09 |
| martiert | I see nothing is signed regardless if I run nix path-info --json or curl https://hydra.localdomain/outputhash.narinfo | 08:13:45 |
|  @/yvan:matrix.org left the room. | 15:45:47 |
| 29 Feb 2024 |
| tomberek | Would people be interested in a "Hydra Users call"? A chance to give voice to people using Hydra and to collaborate with each other? | 00:31:09 |
 Rick (Mindavi) | I would like to join such a call | 17:40:27 |
| K900 | In reply to@k900:0upti.me
https://github.com/NixOS/hydra/pull/1364 should be good to merge now Bump, btwq | 17:57:43 |
| K900 | * Bump, btw | 17:57:44 |
| K900 | Three line change that's already live on hydra.n.o | 17:57:53 |
| K900 | Someone please press the button | 17:57:57 |
| 1 Mar 2024 |
| tomberek set a profile picture. | 15:21:04 |
| 2 Mar 2024 |
 void | fyi, this needs a rebase https://github.com/NixOS/nix/blob/master/dep-patches/boehmgc-coroutine-sp-fallback.diff, hydra uses nix flake that fails. | 09:50:47 |
| void | nix v20.01 i believe. | 09:51:10 |
| void | ping Robert Hensing (roberth) | 09:51:29 |
|  @dooy:matrix.org left the room. | 11:27:46 |
| 3 Mar 2024 |
|  @c3r5b8:matrix.org joined the room. | 06:06:18 |
 Robert Hensing (roberth) | with the latest bdwgc release we should get rid of the patch https://github.com/NixOS/nix/pull/9900 | 14:45:24 |
