From b30686269bae3643ce2811a3f7cbf4ecfa614718 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 30 Jul 2025 15:15:57 +0700 Subject: [PATCH] machines update: fix `lacks a signature by a trusted key` Despite using `root` as the ssh user, `ssh-ng` still fails with: `error: cannot add path '/nix/store/...' because it lacks a signature by a trusted key ` This does not happen with `ssh` instead of `ssh-ng` --- pkgs/clan-cli/clan_lib/machines/update.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/clan-cli/clan_lib/machines/update.py b/pkgs/clan-cli/clan_lib/machines/update.py index 1029d6072..2a33d02d2 100644 --- a/pkgs/clan-cli/clan_lib/machines/update.py +++ b/pkgs/clan-cli/clan_lib/machines/update.py @@ -49,7 +49,9 @@ def upload_sources(machine: Machine, ssh: Remote, force_fetch_local: bool) -> st ) # Construct the remote URL with proper parameters for Darwin - remote_url = f"ssh-ng://{ssh.target}" + # Dont use ssh-ng here. It makes `flake archive` fail, despite root@..., with: + # cannot add path '/nix/store/...' because it lacks a signature by a trusted key + remote_url = f"ssh://{ssh.target}" # MacOS doesn't come with a proper login shell for ssh and therefore doesn't have nix in $PATH as it doesn't source /etc/profile if machine._class_ == "darwin": remote_url += "?remote-program=bash -lc 'exec nix-daemon --stdio'"