Determine how a store path was realised

Hey so I recently set up remote builders, and binary cache sharing in the ol’ homelab. I have been pleasantly surprised by the fact that even for projects which aren’t “public” or apart of Nixpkgs, the hashing algorithm does in fact detect when an identical build is requested between boxes. I know this is “exactly what Nix is supposed to do”, but honestly making identical changes on two different boxes and watching the magic happen is… well idk it’s magic! I mean ffs it even works in a dirty tree! echo x >> README.md; ssh foo bash -c 'echo x >> ~/src/proj/README.md && nix build ~/src/proj;'; nix build; blew my mind.

In any case, what I did want to ask about was how to detect “which machine” built a derivation, or which binary cache I pulled from in cases where I skipped a build.
This is mostly “for science”, but in cases where a build doesn’t end up being reproducible ( for example echo $HOST in a log ) it could be a useful bit of info. I did catch that nix log only works on the build machine unless I go out of my way to fetch which seemed like a decent way to tell if you built or not for something small; but aside from that I haven’t been able to find much about how to find a derivations’ history/origin.

I don’t think Nix tracks this sort of information.

1 Like

You could tell each machine to use a different signing key for their store, and add all of them to their trusted keys.
Then you can run nix path-info --sigs /nix/store/whatever-store-path and see from their signature where they came from.

3 Likes

That’s the ticket. Thanks!