Arnout Engelen
Arnout Engelen
On the other hand: it seems unlikely we'd ever fetch such an object from the cache, so perhaps it's fine to not record attestations for it?
Such objects are fetched from the cache, for example in case of `--substitute-on-destination`. However, since they're constants, there is nothing to 'attest' about them. A consumer that doesn't trust the...
perhaps we should just settle for getting it from a system property or environment variable then...
> I was thinking we should evaluate nixpkgs revisions that hydra evaluates, or parse hydra evaluation results in order to only accept derivations from nixpkgs. This is also a matter...
Maybe as a first first step we should give the build-hook a 'whitelist' parameter that we can use to only upload builds that are part of a report.
indeed adding: ``` systemd.services.async-nix-post-build-hook = { environment.HOME = "/var/lib/async-nix-post-build-hook"; }; ``` fixed it, let's keep this issue open until upstream fixed this or we documented it.
> In my case, the metadata is the same across all methods of a service Hmm, in that case it sounds fine to do it at the Akka HTTP level...
retriggered by force-pushing
closing in favor of #558
> `packages.aarch64-linux.nix` is not a true cross build. Right > Is this with qemu-user and binfmt_misc Yes, this is on an x86 machine with `boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ];`...