| 18 Feb 2024 |
 bri | i'm honestly not even sure if this is how i should define my hydraJobs in the first place. i just did myJobName = self.whatever to build the thing that i'd get from nix build ./myFlake#whatever | 21:02:29 |
| bri | * i'm honestly not even sure if this is how i should define my hydraJobs in the first place. i just did myJobName = self.whatever to build the thing that i'd get from nix build ./thisSameFlake#whatever | 21:02:36 |
| 22 Feb 2024 |
|  @ygt:matrix.org joined the room. | 00:13:34 |
 @delroth:delroth.net | can someone with merge rights review/merge https://github.com/NixOS/hydra/pull/1363 and cherry-pick it to the 2.19 branch we use on hydra.nixos.org? :) | 12:45:13 |
| 23 Feb 2024 |
|  @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de changed their profile picture. | 03:28:34 |
 K900 | Oh yeah probably should post it here too https://github.com/NixOS/hydra/pull/1364 | 15:50:25 |
| K900 | I'm pretty sure I got it right | 15:50:35 |
| K900 | But I don't have a Hydra to test on | 15:50:43 |
| K900 | But I did copy the urlencode incantation | 15:51:01 |
| K900 | * But I did copy the urlencode incantation from another place in Hydra where it presumably works | 15:51:09 |
|  fedx left the room. | 16:46:46 |
| 26 Feb 2024 |
|  martiert joined the room. | 06:53:11 |
| martiert | I have a hydra server running. It's building packages correctly, and I can reach it. But for some reason I can't verify the signature of the packages on it. I have added the public key to the nix.settings.trusted-public-keys and set nix.extraOptions = "secret-key-files = /path/to/my/secret/key"; Is there a way to manually check the signature on the packages served by hydra? It's using a local store to serve the packages, not a BinaryCacheStore. | 06:59:36 |
 tomberek | "nix path-info --json" can show you the signatures. How are you signing the packages right now in Hydra? | 11:32:49 |
| martiert | I just set nix.extraOptions = "secret-key-files ...";, which as far as I understood should be what hydra uses when we just the the local store? | 12:07:45 |
| martiert | or am I completely misunderstanding this part? | 12:21:59 |
| martiert | hmmm.. Guess I have missunderstood, as stuff is not signed | 12:23:22 |
| tomberek | That would apply only for built paths (not substituted) and local (not remote builders). You may be looking for the hydra store_uri option with a query parameter to specify the key. | 12:33:44 |
| martiert | ack, thanks. I'll look at that | 13:04:03 |
| martiert | is it valid to say store_uri = file:///nix/store?secret-key=/my/secret/key? | 13:07:10 |
| tomberek | Yes, but if memory serves, you may want "local?secret-key..." so that it talks to the daemon. | 18:04:49 |
| martiert | store_uri = "local?secret-key=..." gives me error: don't know how to open Nix store | 18:15:38 |
| martiert | should it be localhost, or maybe s3://localhost ? | 18:15:56 |
| martiert | think I found it out. Needs to be store_uri = daemon?secret_key=... And without quoting the URI like I did | 18:29:33 |
| tomberek | There we go. Possible that "auto" can work. | 18:36:44 |
| tomberek | The idea is that that store setting should ensure the packages are all signed as they are created. | 18:37:17 |
