forked from lix-project/lix
Support netrc in <nix/fetchurl.nix>
This allows <nix/fetchurl.nix> to fetch private Git/Mercurial repositories, e.g. import <nix/fetchurl.nix> { url = https://edolstra@bitbucket.org/edolstra/my-private-repo/get/80a14018daed.tar.bz2; sha256 = "1mgqzn7biqkq3hf2697b0jc4wabkqhmzq2srdymjfa6sb9zb6qs7"; } where /etc/nix/netrc contains: machine bitbucket.org login edolstra password blabla... This works even when sandboxing is enabled. To do: add unpacking support (i.e. fetchzip functionality).
This commit is contained in:
parent
cde4b60919
commit
302386f775
5 changed files with 25 additions and 7 deletions
|
@ -2307,6 +2307,14 @@ void DerivationGoal::runChild()
|
||||||
|
|
||||||
bool setUser = true;
|
bool setUser = true;
|
||||||
|
|
||||||
|
/* Make the contents of netrc available to builtin:fetchurl
|
||||||
|
(which may run under a different uid and/or in a sandbox). */
|
||||||
|
std::string netrcData;
|
||||||
|
try {
|
||||||
|
if (drv->isBuiltin() && drv->builder == "builtin:fetchurl")
|
||||||
|
netrcData = readFile(settings.netrcFile);
|
||||||
|
} catch (SysError &) { }
|
||||||
|
|
||||||
#if __linux__
|
#if __linux__
|
||||||
if (useChroot) {
|
if (useChroot) {
|
||||||
|
|
||||||
|
@ -2675,7 +2683,7 @@ void DerivationGoal::runChild()
|
||||||
if (drv->isBuiltin()) {
|
if (drv->isBuiltin()) {
|
||||||
try {
|
try {
|
||||||
if (drv->builder == "builtin:fetchurl")
|
if (drv->builder == "builtin:fetchurl")
|
||||||
builtinFetchurl(*drv);
|
builtinFetchurl(*drv, netrcData);
|
||||||
else
|
else
|
||||||
throw Error(format("unsupported builtin function ‘%1%’") % string(drv->builder, 8));
|
throw Error(format("unsupported builtin function ‘%1%’") % string(drv->builder, 8));
|
||||||
_exit(0);
|
_exit(0);
|
||||||
|
@ -3072,7 +3080,9 @@ void DerivationGoal::closeLogFile()
|
||||||
void DerivationGoal::deleteTmpDir(bool force)
|
void DerivationGoal::deleteTmpDir(bool force)
|
||||||
{
|
{
|
||||||
if (tmpDir != "") {
|
if (tmpDir != "") {
|
||||||
if (settings.keepFailed && !force) {
|
/* Don't keep temporary directories for builtins because they
|
||||||
|
might have privileged stuff (like a copy of netrc). */
|
||||||
|
if (settings.keepFailed && !force && !drv->isBuiltin()) {
|
||||||
printError(
|
printError(
|
||||||
format("note: keeping build directory ‘%2%’")
|
format("note: keeping build directory ‘%2%’")
|
||||||
% drvPath % tmpDir);
|
% drvPath % tmpDir);
|
||||||
|
|
|
@ -6,8 +6,16 @@
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
void builtinFetchurl(const BasicDerivation & drv)
|
void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData)
|
||||||
{
|
{
|
||||||
|
/* Make the host's netrc data available. Too bad curl requires
|
||||||
|
this to be stored in a file. It would be nice if we could just
|
||||||
|
pass a pointer to the data. */
|
||||||
|
if (netrcData != "") {
|
||||||
|
settings.netrcFile = "netrc";
|
||||||
|
writeFile(settings.netrcFile, netrcData, 0600);
|
||||||
|
}
|
||||||
|
|
||||||
auto getAttr = [&](const string & name) {
|
auto getAttr = [&](const string & name) {
|
||||||
auto i = drv.env.find(name);
|
auto i = drv.env.find(name);
|
||||||
if (i == drv.env.end()) throw Error(format("attribute ‘%s’ missing") % name);
|
if (i == drv.env.end()) throw Error(format("attribute ‘%s’ missing") % name);
|
||||||
|
|
|
@ -4,6 +4,6 @@
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
void builtinFetchurl(const BasicDerivation & drv);
|
void builtinFetchurl(const BasicDerivation & drv, const std::string & netrcData);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -288,9 +288,9 @@ string readFile(const Path & path, bool drain)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void writeFile(const Path & path, const string & s)
|
void writeFile(const Path & path, const string & s, mode_t mode)
|
||||||
{
|
{
|
||||||
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
|
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
|
||||||
if (!fd)
|
if (!fd)
|
||||||
throw SysError(format("opening file ‘%1%’") % path);
|
throw SysError(format("opening file ‘%1%’") % path);
|
||||||
writeFull(fd.get(), s);
|
writeFull(fd.get(), s);
|
||||||
|
|
|
@ -89,7 +89,7 @@ string readFile(int fd);
|
||||||
string readFile(const Path & path, bool drain = false);
|
string readFile(const Path & path, bool drain = false);
|
||||||
|
|
||||||
/* Write a string to a file. */
|
/* Write a string to a file. */
|
||||||
void writeFile(const Path & path, const string & s);
|
void writeFile(const Path & path, const string & s, mode_t mode = 0666);
|
||||||
|
|
||||||
/* Read a line from a file descriptor. */
|
/* Read a line from a file descriptor. */
|
||||||
string readLine(int fd);
|
string readLine(int fd);
|
||||||
|
|
Loading…
Reference in a new issue