Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos-rebuild with remote target fails due to lack of valid signature #159082

Closed
felschr opened this issue Feb 10, 2022 · 4 comments
Closed

nixos-rebuild with remote target fails due to lack of valid signature #159082

felschr opened this issue Feb 10, 2022 · 4 comments
Labels
0.kind: bug

Comments

@felschr
Copy link
Member

felschr commented Feb 10, 2022

Describe the bug

Trying to upgrade a remote machine fails with the following output:

$ sudo nixos-rebuild switch --flake '/etc/nixos/#felix-rpi4' --target-host user@host --use-remote-sudo
building the system configuration...
warning: Git tree '/etc/nixos' is dirty
copying 141 paths...
copying path '/nix/store/05rrbmrxpfmb4pj5i9wj2h6q5kbklw3z-system-shutdown' to 'ssh://user@host'...
error: cannot add path '/nix/store/05rrbmrxpfmb4pj5i9wj2h6q5kbklw3z-system-shutdown' because it lacks a valid signature
error: unexpected end-of-file

Steps To Reproduce

See sample code above.

Expected behavior

Remote deployment should succeed.

Additional context

My build system is x86_64 and the target is aarch64. Both systems use flakes.
I've enabled cross-compilation on the build system via boot.binfmt.emulatedSystems = [ "aarch64-linux" ];.
Thus far I've updated the remote machine by itself, but the rebuilds are sometimes quite slow on it (raspberry pi 4). That's why I'd like to build it on my desktop computer which is much faster.

Metadata

build system:

 - system: `"x86_64-linux"`
 - host os: `Linux 5.16.7, NixOS, 22.05 (Quokka)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.7.0pre20220127_558c4ee`
 - nixpkgs: `/nix/store/zwbw7dknw89ai257hicmwv8lhid3qb62-source`

target system:

 - system: `"aarch64-linux"`
 - host os: `Linux 5.10.52, NixOS, 22.05 (Quokka)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.7.0pre20220127_558c4ee`
 - channels(root): `"nixos-21.05pre275232.29b0d4d0b60"`
 - nixpkgs: `/nix/store/pi099gbqmvjaqk6d77c9r9g08mm70w8b-source`
@felschr felschr changed the title nixos-rebuild with remote target fails due to lack of valid signature when using flakes nixos-rebuild with remote target fails due to lack of valid signature Feb 10, 2022
@jkozak
Copy link

jkozak commented Apr 1, 2022

I had the same problem which I worked around by using --target-host root@host rather than --use-remote-sudo.

Unfortunately that revealed another problem which I'll report in a separate issue.

@jkozak jkozak mentioned this issue Apr 1, 2022
Closed
@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/way-to-build-nixos-on-x86-64-machine-and-serve-to-aarch64-over-local-network/18660/1

@felschr
Copy link
Member Author

felschr commented May 3, 2022

I'd really like to see this working with --use-remote-sudo as well, as I've disabled ssh for root.

@felschr
Copy link
Member Author

felschr commented May 5, 2022

While setting up deploy-rs I encountered the same issue again. Turns out, one has to add the user to nix.trustedUsers on the remote, e.g.:

{ nix.trustedUsers = [ "@wheel" ]; } # or specific user

@felschr felschr closed this as completed May 5, 2022
@PedroRegisPOAR PedroRegisPOAR mentioned this issue Jul 6, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkozak @felschr @nixos-discourse