Error: secret key is corrupt when building flake

aditya · February 28, 2024, 8:18am

A little bit of back story if it matters

I started playing around with Nix 2-3 weeks ago. I’ve been able to get it up and running fine on a virtual box vm . I’ve managed to install few packages and make some config changes as well.

Then, I tried flakes as that’s what every nix user recommends. And I was able migrate to it successfully.

Issue

Now I want to have a more “permanent” vm and so I setup a vm on Proxmox. I followed this repo GitHub - mitchellh/nixos-config: My NixOS configurations. as guideline to structure my nix config. (i.e. having a machines folder for each machine and so and so). The base NixOS installation goes through fine but I’m just not able to build the flake. This is the error I got

root@nixos:/nix-config]# nixos-rebuild switch --flake .#vm-intel
building the system configuration...
error: secret key is corrupt

I have no clue which secret it’s referring to. The “only” change I made was a bit of refactoring.

nix store verify throws this error but I also see this error on my VirtualBox VM and there the flake builds with no problem. So I’m not really sure if this is an issue.

[root@nixos:/nix-config]# nix store verify
error: flake 'path:/nix-config' does not provide attribute 'packages.x86_64-linux.default' or 'defaultPackage.x86_64-linux'

How I’ve structured my new configs

The hardware-configuration.nix file is coming from the new proxmox vm installation. But the flake.nix flake.lock and nix configuration file (nixos-config/machines/vm-intel.nix ) is coming from my previous installation in VirtualBox.

Maybe this mismatch is causing the issue … I’m not sure.

My Nix Config

willbush · February 28, 2024, 8:43am

I was able to build it.

❯ nixos-rebuild build --flake .#vm-intel
building the system configuration...
warning: updating lock file '/home/will/code/external/nixos-config/flake.lock':
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26)
warning: Git tree '/home/will/code/external/nixos-config' is dirty

For some reason it updated the lock file.

nix store verify I think is a red herring. I get the same issue on my flake system config.

Do you only get that error when switching?

Perhaps related to: Getting "secret key is corrupt" on most commands · Issue #45339 · NixOS/nixpkgs · GitHub

Perhaps try deleting your lock file and rebuilding.

aditya · February 28, 2024, 8:58am

Thanks. Interesting that you were able to build it!

fails with the same error on build as well

[root@nixos:/nix-config]# nixos-rebuild build --flake .#vm-intel
building the system configuration...
error: secret key is corrupt

removing the lock file also didn’t help

[root@nixos:/nix-config]# nixos-rebuild build --flake .#vm-intel
building the system configuration...
warning: creating lock file '/nix-config/flake.lock'
error: secret key is corrupt

I had seen this issue before. I doubt that’s a similar issue to mine though. Specially since you were able to build my config.

willbush · February 28, 2024, 9:08am

wonder if error is coming from https://github.com/NixOS/nix/blob/f489a6e42d2ad3e7b8a8c28f2c3f52452c8b081a/src/libutil/signature/local-keys.cc#L25

Sorry still digging.

willbush · February 28, 2024, 9:25am

What all do you have going on under:

ls -lah /etc/nixos/

perhaps something related to binary cache?

Anything changes if you change the nix.settings at the end of vm-intel.nix?

  nix.settings = {
    experimental-features = "nix-command flakes repl-flake";
    substituters = [
      "https://nix-community.cachix.org"
    ];
    trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
  };

aditya · February 28, 2024, 9:36am

[root@nixos:/nix-config]# ls -lah /etc/nixos
total 20K
drwxr-xr-x  2 root root 4.0K Feb 26 11:41 .
drwxr-xr-x 20 root root 4.0K Feb 28 07:05 ..
-rw-r--r--  1 root root 4.4K Feb 26 11:41 configuration.nix
-rw-r--r--  1 root root 1.3K Feb 26 11:41 hardware-configuration.nix

[root@nixos:/nix-config]# nixos-rebuild build --flake .#vm-intel
building the system configuration...
warning: updating lock file '/nix-config/flake.lock':
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/c68a9fc85c2cb3a313be6ff40511635544dde8da' (2024-02-15)
  → 'github:nixos/nixpkgs/b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a' (2024-02-26)
error: secret key is corrupt

perhaps something related to binary cache?

I’ve tried reinstalling this flake on fresh installation a couple of times. So I’m not sure if it’s cache.

I moved all the files inside /etc/nixos to a different directory and ran the build command and it’s still the same error.

willbush · February 28, 2024, 9:47am

Probably someone smarter than me will come along lol. I’ll try this in a VM tomorrow if not.

aditya · February 28, 2024, 9:49am

Thanks @willbush.
Appreciate your help.

I should probably try this newly structured config on virtual box as well. Maybe this has to do with Proxmox somehow.

aditya · March 2, 2024, 2:01pm

It was in fact related to the ssh keys !!