[Nix-dev] impureEnvVars, the second
Ben Franksen
ben.franksen at online.de
Thu Apr 17 18:13:35 CEST 2014
Eelco Dolstra wrote:
> On 17/04/14 17:04, Ben Franksen wrote:
>
>> sorry to bother you again regarding impureEnvVars. I still can't get my
>> fetchdarcs over ssh to work, even though I am now using constant-output
>> derivations and have
>>
>> impureEnvVars = [ "SSH_AGENT_PID" "SSH_AUTH_SOCK" ];
>>
>> in my fetchdarcs/default.nix.
>>
>> The environment variables are now defined in the builder. However, they
>> are empty :(
>>
>> Could this be because I am using the Nix multi-user setup where building
>> is delegated to a number of nixbld users?
>
> Right, environment variables from the client are not passed to the
> builder. Even if they were, the builder probably would not have file
> system access to the socket identifier by $SSH_AUTH_SOCK.
The latter could, I guess, be worked-around (using build-chroot-dirs) but
the former seems... hopeless :(
I wonder what other options I have to achieve my goal. ATM I can see two:
(1) Make the repositories available via http. That means I'll have to
convince the sysadmin to set up a web server on the repo server and let it
offer the directory that contains our repos. Or I can setup the web werver
on another machine that can NFS mount the repo directory; yes, that sounds
more practical ;-)
(2) Use my self-written nix-prefetch-darcs. That works because it does not
delegate the downloading to a nixbld user. The problem is that this breaks
automatic dependency resolution during nix-build, if the source derivation
is not yet in the Nix store. Developers will have to use nix-prefetch-darcs
at least once for every new dependency an application acquires. I could
modify the source derivations to display a message to users like
Builder cannot proceed: please call
nix-prefetch-darcs <user>@<host>:<path> <tag>
from the command line and try again.
where the placeholders <user>, <host>, <path> and <tag> are automatically
filled in by the builder, so the user can cut and paste this line into their
shell.
The main question with regard to (2) is: how do I prevent the source
derivations from being garbage collected (for instance in case the final
build did not succeed and no result link gets created) so that users at
least have to do this only once for each dependency?
Cheers
Ben
--
"Make it so they have to reboot after every typo." -- Scott Adams
More information about the nix-dev
mailing list