Hello Nixers*: I want to be able to do the following steps:
## On the build server 1. build nix closures in a non-hydra build system 2. export the closure, somehow contained into a single file 3. upload this file to an artifact store ## On another server 1. download the file from the artifact store 2. import the closure into the nix store 3. be able to use the software installed in that closure # Potential solution I found (with the help of many Nixers*) that I can run: # Build nix-build . -A hello nix-store --export $(nix-store -qR $(realpath ./result)) > hello.nar # Remove from the system rm ./result nix-collect-garbage # Install the closure cat hello.nar | nix-store --import and that as long as the root user (or another trusted user as defined by /etc/nix/nix.conf) is running `nix-store --import` it will work fine. However, I would prefer to be able to sign these `.nar`s with a binary cache key and trusting it in the nix.conf. I found `nix-store --export --sign`, however it appears to be using a different mechanism which is totally unrelated. # Specific Questions 1. Is the `nix-store --export --sign` mechanism outdated, and should the `--sign` support be removed? 2. In this research, I found `nix-install-package` which similarly seems helpful. Is this supported? I'm not finding information about making a nixpkg and it appears it hasn't been updated for over a year. 2. Is there another way which would allow these similar steps to be taken, like building a binary cache of the closure with `nix-push --key-file <mykey> --dest ./my-package-closure`, and zipping for upload / unzipping for install? # General Question Has anyone implemented a similar system and have advice to share? How would you implement such a system? Thank you very much, Graham Christensen * is that what we are? Nixers? _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev