Error: public key is not valid

chrism · May 19, 2025, 7:10am

Hi folks,

I managed to add a malform public binary cache key to my NixOS config via:

nix.settings.trusted-public-keys = [ "nix-store-keithmoon:wnd5de8H4LDppfiIvh3b+BoPlJh+jVprtx/71gcffJck=" ];

That’s one character too long, I just fat-fingered it. But when I ran nixos-rebuild, it dutifully changed /etc/nix/nix.conf and added the malformed public key.

Subsequent invocations of nixos-rebuild error out with error: public key is not valid, because, well, it’s not. But since /etc/nix/nix.conf is actually a symlink that eventually resolves to a path in the nix store, I can’t edit it.

Is there any reasonable way out of this situation without a reinstall?

sokai · May 19, 2025, 7:25am

Quick response:

Move nix.conf to nix.bak (mv /etc/nix/nix.conf /etc/nix/nix.dist)
Copy content from nix.dist to nix.conf (cat /etc/nix/nix.dist > /etc/nix/nix.conf)
Correct key in nix.conf (vim /etc/nix/nix.conf)
Correct key in flake/config
Rebuild

BR

chrism · May 19, 2025, 7:28am

Thanks for the response!

Not quite that easy I fear. Although I can delete or change /etc/nix/nix.conf, that’s apparently not actually the file that NixOS sources. Instead, I think it sources /etc/static/nix/nix.conf (which /etc/nix/nix.conf is a symlilnk to). /etc/static is itself a symlink into the Nix store, so I can’t really do much with any of the files in there.

chrism · May 19, 2025, 7:39am

I somehow managed to also forget that I can just revert to an earlier generation at boot time. Apologies for bringing shame upon this discourse.

sokai · May 19, 2025, 11:36am

@chrism: Good, you remembered that! (I also forgot … ;))

Just a quick addition to my 1st answer: IMHO you always should be able – as root or with sudoprivs – to move all NixOS symlinks. So mv /etc/nix/nix.conf /etc/nix/nix.dist && cat /etc/nix/nix.dist > /etc/nix/nix.conf should work, to let you (temp.) edit nix.conf … KR