diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 6c0af39ec..a7d60538c 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -430,6 +430,21 @@ flag, e.g. --option gc-keep-outputs false.
+ netrc-file
+
+ If set to an absolute path to a netrc
+ file, Nix will use the HTTP authentication credentials in this file when
+ trying to download from a remote host through HTTP or HTTPS. Defaults to
+ $NIX_CONF_DIR/netrc.
+
+ The netrc file consists of zero or more lines
+ like: machine my-machine login
+ my-username password
+ my-password.
+
+
+
+
system
This option specifies the canonical Nix system
diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 85215439a..f93fb1e96 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -231,6 +231,14 @@ struct CurlDownloader : public Downloader
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
}
+ /* If no file exist in the specified path, curl continues to work
+ * anyway as if netrc support was disabled. */
+ Path netrcFile = settings.get("netrc-file",
+ (format("%1%/%2%") % settings.nixConfDir % "netrc").str());
+ /* Curl copies the given C string, so the following call is safe. */
+ curl_easy_setopt(req, CURLOPT_NETRC_FILE, netrcFile.c_str());
+ curl_easy_setopt(req, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
+
result.data = std::make_shared();
}