From e6e74f987f0fa284d220432d426eb965269a97d6 Mon Sep 17 00:00:00 2001 From: Renzo Carbonara Date: Wed, 1 Feb 2017 13:37:34 +0100 Subject: [PATCH 1/2] Add netrc-file support --- doc/manual/command-ref/conf-file.xml | 15 +++++++++++++++ src/libstore/download.cc | 5 +++++ 2 files changed, 20 insertions(+) diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index 6c0af39ec..a7d60538c 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -430,6 +430,21 @@ flag, e.g. --option gc-keep-outputs false. + netrc-file + + If set to an absolute path to a netrc + file, Nix will use the HTTP authentication credentials in this file when + trying to download from a remote host through HTTP or HTTPS. Defaults to + $NIX_CONF_DIR/netrc. + + The netrc file consists of zero or more lines + like: machine my-machine login + my-username password + my-password. + + + + system This option specifies the canonical Nix system diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 074e0ca66..8f2387b63 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -230,6 +230,11 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); } + Path netrcFile = settings.get("netrc-file", + (format("%1%/%2%") % settings.nixConfDir % "netrc").str()); + curl_easy_setopt(req, CURLOPT_NETRC_FILE, netrcFile.c_str()); + curl_easy_setopt(req, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); + result.data = std::make_shared(); } From e2257d4eeb3f75bac57d9cb77c9ce06b702de050 Mon Sep 17 00:00:00 2001 From: Renzo Carbonara Date: Thu, 9 Feb 2017 18:16:09 +0100 Subject: [PATCH 2/2] Documentation. --- src/libstore/download.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 8f2387b63..b2adc1548 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -230,8 +230,11 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); } + /* If no file exist in the specified path, curl continues to work + * anyway as if netrc support was disabled. */ Path netrcFile = settings.get("netrc-file", (format("%1%/%2%") % settings.nixConfDir % "netrc").str()); + /* Curl copies the given C string, so the following call is safe. */ curl_easy_setopt(req, CURLOPT_NETRC_FILE, netrcFile.c_str()); curl_easy_setopt(req, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);