[Nix-dev] impureEnvVars, the second

Ben Franksen ben.franksen at online.de
Thu Apr 17 18:13:35 CEST 2014


Eelco Dolstra wrote:
> On 17/04/14 17:04, Ben Franksen wrote:
> 
>> sorry to bother you again regarding impureEnvVars. I still can't get my
>> fetchdarcs over ssh to work, even though I am now using constant-output
>> derivations and have
>> 
>>   impureEnvVars = [ "SSH_AGENT_PID" "SSH_AUTH_SOCK" ];
>> 
>> in my fetchdarcs/default.nix.
>> 
>> The environment variables are now defined in the builder. However, they
>> are empty :(
>> 
>> Could this be because I am using the Nix multi-user setup where building
>> is delegated to a number of nixbld users?
> 
> Right, environment variables from the client are not passed to the
> builder. Even if they were, the builder probably would not have file
> system access to the socket identifier by $SSH_AUTH_SOCK.

The latter could, I guess, be worked-around (using build-chroot-dirs) but 
the former seems... hopeless :(

I wonder what other options I have to achieve my goal. ATM I can see two:

(1) Make the repositories available via http. That means I'll have to 
convince the sysadmin to set up a web server on the repo server and let it 
offer the directory that contains our repos. Or I can setup the web werver 
on another machine that can NFS mount the repo directory; yes, that sounds 
more practical ;-)

(2) Use my self-written nix-prefetch-darcs. That works because it does not 
delegate the downloading to a nixbld user. The problem is that this breaks 
automatic dependency resolution during nix-build, if the source derivation 
is not yet in the Nix store. Developers will have to use nix-prefetch-darcs 
at least once for every new dependency an application acquires. I could 
modify the source derivations to display a message to users like

  Builder cannot proceed: please call
    nix-prefetch-darcs <user>@<host>:<path> <tag>
  from the command line and try again.

where the placeholders <user>, <host>, <path> and <tag> are automatically 
filled in by the builder, so the user can cut and paste this line into their 
shell.

The main question with regard to (2) is: how do I prevent the source 
derivations from being garbage collected (for instance in case the final 
build did not succeed and no result link gets created) so that users at 
least have to do this only once for each dependency?

Cheers
Ben
-- 
"Make it so they have to reboot after every typo." -- Scott Adams




More information about the nix-dev mailing list