Can I verify that the NixOS on running a PC matches the one I built remotely?
Seems like a nice safety check if required… Probably doesn’t say anything much about devious programs, viruses etc. that might end up running on the system, but nevertheless…
Thanks!
John
Simply compare their hashes:
❯ nix build ~/nixos-conf#nixosConfigurations.alpha.config.system.build.toplevel
❯ readlink -f /run/current-system
/nix/store/3ra9b1m5m5gc5h6h2mywr97ppnyw7mma-nixos-system-alpha-21.11.20220405.ccb90fb
❯ readlink -f result
/nix/store/3ra9b1m5m5gc5h6h2mywr97ppnyw7mma-nixos-system-alpha-21.11.20220405.ccb90fb
Nothing stopping someone from changing the hash on the link. I suppose if in doubt you could redeploy and double check…
Thanks!
When in doubt, you can also run nix store verify -r /run/current-system
OK this command doesn’t work…
Perhaps I need a futrther setup step or something.
Thanks for the help!
John
Depend on how you installed nix, it might need sudo.
