| 18 Oct 2022 |
 @adis:blad.is | I just don't understand why the drvs aren't too | 00:13:15 |
 terwiz | We added $DRV_PATH in addition to $OUT_PATHS to copy-closure command in our hydra post-build script to accomplish that. | 07:32:51 |
 ivan | if I run Hydra with store_uri = auto and it puts packages into my local /nix, how do I get my packages to be signed? (without running nix store sign --all -k /var/secrets/nix/secret_key myself later?) | 17:20:32 |
 @linus:schreibt.jetzt | ivan: set secret-key-files = /var/secrets/nix/secret_key in nix.conf to get all paths built by Nix on that machine signed, or in the store_uri setting (?secret-key-files=/var/secrets/nix/secret_key) for hydra if you only want hydra stuff signed | 17:22:01 |
| ivan | I tried the deprecated binary_cache_secret_key_file = /var/secrets/nix/secret_key in Hydra and I'm not sure it did anything because some things still weren't signed | 17:22:14 |
| @linus:schreibt.jetzt | I think hydra needs read access to the file in the latter case | 17:22:18 |
| ivan | ok, will try, thank you | 17:22:20 |
| ivan | the secret-key-files = /var/secrets/nix/secret_key on Nix I already had, but I also have Hydra build on two other machines with different keys | 17:29:27 |
| ivan | store_uri = auto?secret-key-files=/var/secrets/nix/secret_key on Hydra shows hydra-queue-runner[1656728]: warning: unknown setting 'secret-key-files' | 17:30:03 |
| ivan | maybe secret-key | 17:30:42 |
