Store path interpreted as flake

Suppose that I have a file with store paths that I want to sign, e.g. new-paths. With Nix 2.3 this is easy:

$ nix sign-paths --key-file cache-priv-key.pem $(cat new-paths)

However, I now want to sign paths are built through a flake in GitHub Actions. So, I am installing Nix unstable with nix-command and flake as experimental features and build the flake. However, now using the same approach in Nix unstable leads to:

$ nix sign-paths --key-file cache-priv-key.pem $(cat new-paths)
error: --- Error ------------------------------------------------------------------------------------------------------------------------------- nix
flake 'path:/nix/store/7zj2cs6ka320hplg4ia7rlmgy54z5war-source' does not provide attribute 'packages.x86_64-linux.defaultPackage.x86_64-linux', 'legacyPackages.x86_64-linux.defaultPackage.x86_64-linux' or 'defaultPackage.x86_64-linux'

The problem seems to be that if commands like sign-paths or path-info are used with a Nix store path that contains flake.nix, the store path is treated as a flake rather than a regular store path.

Passing --experimental-features 'nix-command' (thus disabling flake support) does not solve this issue. I am not sure if this is a bug or whether I am overlooking some option or flag.

Ps. I know that I can cheat with something like the following. But I’d prefer just using one version of Nix

$ nix run nixpkgs#nix \
  -- sign-paths --key-file cache-priv-key.pem  $(cat new-paths)
1 Like

Since this is probably a bug, I have opened Store paths are interpreted as flakes · Issue #4131 · NixOS/nix · GitHub