Support netrc in <nix/fetchurl.nix>

This allows <nix/fetchurl.nix> to fetch private Git/Mercurial
repositories, e.g.

  import <nix/fetchurl.nix> {
    url = https://edolstra@bitbucket.org/edolstra/my-private-repo/get/80a14018daed.tar.bz2;
    sha256 = "1mgqzn7biqkq3hf2697b0jc4wabkqhmzq2srdymjfa6sb9zb6qs7";
  }

where /etc/nix/netrc contains:

  machine bitbucket.org
  login edolstra
  password blabla...

This works even when sandboxing is enabled.

To do: add unpacking support (i.e. fetchzip functionality).
This commit is contained in:
Eelco Dolstra 2017-02-16 15:42:49 +01:00
parent cde4b60919
commit 302386f775
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
5 changed files with 25 additions and 7 deletions

View file

@ -2307,6 +2307,14 @@ void DerivationGoal::runChild()
bool setUser = true; bool setUser = true;
/* Make the contents of netrc available to builtin:fetchurl
(which may run under a different uid and/or in a sandbox). */
std::string netrcData;
try {
if (drv->isBuiltin() && drv->builder == "builtin:fetchurl")
netrcData = readFile(settings.netrcFile);
} catch (SysError &) { }
#if __linux__ #if __linux__
if (useChroot) { if (useChroot) {
@ -2675,7 +2683,7 @@ void DerivationGoal::runChild()
if (drv->isBuiltin()) { if (drv->isBuiltin()) {
try { try {
if (drv->builder == "builtin:fetchurl") if (drv->builder == "builtin:fetchurl")
builtinFetchurl(*drv); builtinFetchurl(*drv, netrcData);
else else
throw Error(format("unsupported builtin function %1%") % string(drv->builder, 8)); throw Error(format("unsupported builtin function %1%") % string(drv->builder, 8));
_exit(0); _exit(0);
@ -3072,7 +3080,9 @@ void DerivationGoal::closeLogFile()
void DerivationGoal::deleteTmpDir(bool force) void DerivationGoal::deleteTmpDir(bool force)
{ {
if (tmpDir != "") { if (tmpDir != "") {
if (settings.keepFailed && !force) { /* Don't keep temporary directories for builtins because they
might have privileged stuff (like a copy of netrc). */
if (settings.keepFailed && !force && !drv->isBuiltin()) {
printError( printError(
format("note: keeping build directory %2%") format("note: keeping build directory %2%")
% drvPath % tmpDir); % drvPath % tmpDir);

View file

@ -6,8 +6,16 @@
namespace nix { namespace nix {
void builtinFetchurl(const BasicDerivation & drv) void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
{ {
/* Make the host's netrc data available. Too bad curl requires
this to be stored in a file. It would be nice if we could just
pass a pointer to the data. */
if (netrcData != "") {
settings.netrcFile = "netrc";
writeFile(settings.netrcFile, netrcData, 0600);
}
auto getAttr = [&](const string & name) { auto getAttr = [&](const string & name) {
auto i = drv.env.find(name); auto i = drv.env.find(name);
if (i == drv.env.end()) throw Error(format("attribute %s missing") % name); if (i == drv.env.end()) throw Error(format("attribute %s missing") % name);

View file

@ -4,6 +4,6 @@
namespace nix { namespace nix {
void builtinFetchurl(const BasicDerivation & drv); void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData);
} }

View file

@ -288,9 +288,9 @@ string readFile(const Path & path, bool drain)
} }
void writeFile(const Path & path, const string & s) void writeFile(const Path & path, const string & s, mode_t mode)
{ {
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666); AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
if (!fd) if (!fd)
throw SysError(format("opening file %1%") % path); throw SysError(format("opening file %1%") % path);
writeFull(fd.get(), s); writeFull(fd.get(), s);

View file

@ -89,7 +89,7 @@ string readFile(int fd);
string readFile(const Path & path, bool drain = false); string readFile(const Path & path, bool drain = false);
/* Write a string to a file. */ /* Write a string to a file. */
void writeFile(const Path & path, const string & s); void writeFile(const Path & path, const string & s, mode_t mode = 0666);
/* Read a line from a file descriptor. */ /* Read a line from a file descriptor. */
string readLine(int fd); string readLine(int fd);