Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"You're not a trusted user of the Nix store. You have the following options: ..." #1653

Closed
nalzok opened this issue Dec 29, 2024 · 2 comments
Closed

"You're not a trusted user of the Nix store. You have the following options: ..." #1653

nalzok opened this issue Dec 29, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@nalzok
Copy link

nalzok commented Dec 29, 2024

Describe the bug
I got "You're not a trusted user of the Nix store. You have the following options: ..." despite having the relevant configuration on nix-darwin.

To reproduce

On a standard nix-darwin installation, add the following lines to ~/.config/nix-darwin/flake.nix (see the full configuration in the following gist).

nix.settings.extra-substituters = [
  "https://nixpkgs-python.cachix.org"
];
nix.settings.extra-trusted-public-keys = [
  "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
  "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
];
nix.settings.substituters = [
];
nix.settings.trusted-public-keys = [
];

Next, run darwin-rebuild switch --flake ~/.config/nix-darwin, and then verify that the changes are applied

$ cat /etc/nix/nix.conf
# WARNING: this file is generated from the nix.* options in
# your nix-darwin configuration. Do not edit it!
allowed-users = *
auto-optimise-store = false
build-users-group = nixbld
builders =
cores = 0
experimental-features = nix-command flakes
extra-sandbox-paths =
extra-substituters = https://nixpkgs-python.cachix.org
extra-trusted-public-keys = nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=
max-jobs = auto
require-sigs = true
sandbox = false
sandbox-fallback = false
substituters = https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
trusted-substituters =
trusted-users = root

After that, create a devenv project with the following files: https://gist.github.com/nalzok/95b8612d50c92a400c9e86b37db6b3d8

Finally, run devenv shell. It will successfully create a shell, but there are many error messages

$ devenv shell
• Building shell ...
• Using Cachix: nixpkgs-python
✖ You're not a trusted user of the Nix store. You have the following options:

a) Add yourself to the trusted-users list in /etc/nix/nix.conf for devenv to manage caches for you.

trusted-users = root qys

Restart nix-daemon with:

  $ sudo launchctl kickstart -k system/org.nixos.nix-daemon

b) Add binary caches to /etc/nix/nix.conf yourself:

extra-substituters = https://nixpkgs-python.cachix.org
extra-trusted-public-keys = devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw= nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=

And disable automatic cache configuration in `devenv.nix`:

{
    cachix.enable = false;
}

• Failed to get cachix caches due to evaluation error
✔ Building shell in 0.1s.
• Entering shell
• Using Cachix: nixpkgs-python
✖ You're not a trusted user of the Nix store. You have the following options:

a) Add yourself to the trusted-users list in /etc/nix/nix.conf for devenv to manage caches for you.

trusted-users = root qys

Restart nix-daemon with:

  $ sudo launchctl kickstart -k system/org.nixos.nix-daemon

b) Add binary caches to /etc/nix/nix.conf yourself:

extra-substituters = https://nixpkgs-python.cachix.org
extra-trusted-public-keys = nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU= devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=

And disable automatic cache configuration in `devenv.nix`:

{
    cachix.enable = false;
}

• Failed to get cachix caches due to evaluation error
Running tasks     devenv:enterShell
Succeeded         devenv:python:virtualenv 16ms
Succeeded         devenv:enterShell        6ms
2 Succeeded                                22.99ms

(devenv) bash-5.2$

Version

I'm not sure if I'm using flakes. How do I find out?

$ devenv version
devenv 1.3.1 (aarch64-darwin)

Additional questions

  1. If I set cachix.enable = false;, does devenv build everything on my local machine, or does it still rely on the binary cache provided by cachix via extra-substituters?
  2. What's the difference between adding myself to the trusted-users and adding binary caches to /etc/nix/nix.conf myself?
@nalzok nalzok added the bug Something isn't working label Dec 29, 2024
@sandydoo
Copy link
Member

This has been fixed on main: #1610

Until that's released, set cachix.enable = false; to silence the warning. This only disables the automatic cache configuration feature (cachix.pull in devenv.nix). devenv (and nix) will continue to use all configured substituters.

@nalzok
Copy link
Author

nalzok commented Dec 30, 2024

In fact, I have already set cachix.enable = false; here. Does that imply another bug?

As an additional question: how do I bypass the binary cache by cachix entirely and build everything on my local machine?

@nalzok nalzok mentioned this issue Jan 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sandydoo @nalzok