[Nix-dev] SSH-keys in fetchgit
Andreas Herrmann
andreash87 at gmx.ch
Wed Jul 16 00:27:59 CEST 2014
Dear Shea,
Thanks for pointing me there. I gave it a shot but cannot get it to work.
I set-up an ssh config directory for nix in `$HOME/.nixpkgs/ssh/`. In there
is a key file pair without passphrase `id_rsa`, `id_rsa.pub`. The public
key is configured as a deployment key on the bitbucket repo.
I changed the derivation to use `fetchgitPrivate` instead of fetchgit. And
it also showed the expected trace if I do not specify `ssh-config-file`.
So, it should at least call the right fetcher.
However, if I run the following command-line.
NIX_PATH="ssh-config-file=$HOME/.nixpkgs/ssh/:$NIX_PATH" nix-build
--show-trace -A my_package
Then I get connection time-outs to bitbucket
these derivations will be built:
/nix/store/8j2i6a33bfikqbvaz4wg7adaxnpyp9j5-git-export.drv
/nix/store/jhc3l1iib93afj2xf9sc2r9y9amv4lb3-my_package-git-619cfcd.drv
building path(s)
`/nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export'
exporting git://bitbucket.org/user/my_package.git (rev
718dfcd9f6895e9e879aa112c348e4e0d2ba90d4) into
/nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export
Initialized empty Git repository in
/nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export/.git/
fatal: unable to connect to bitbucket.org:
bitbucket.org[0: 131.103.20.167]: errno=Connection timed out
bitbucket.org[1: 131.103.20.168]: errno=Connection timed out
I also tried explicitely configuring an identity file in a host-block
inside `$HOME/.nixpkgs/ssh/config`. It didn't help.
Do you know what I'm missing?
Best regards,
Andreas
On 15 July 2014 17:39, Shea Levy <shea at shealevy.com> wrote:
> See the fetchgitPrivate function:
>
>
> https://github.com/NixOS/nixpkgs/blob/a4cf5e903b7782062d62489b23fa5021d1ac0862/pkgs/top-level/all-packages.nix#L308-L326
>
> On Tue, Jul 15, 2014 at 12:09:22PM +0200, Andreas Herrmann wrote:
> > Dear Nix-ers,
> >
> > I am using Nix to manage and deploy my own work projects, which do depend
> > on each other. These projects, however, are not open source, so their
> > sources are not publicly available on the internet.
> >
> > I was wondering if it was possible in some way to configure Nix (or
> > fetchgit) to use ssh keys when fetching sources from non-public
> > repositories. (E.g. private repositories on bitbucket with deployment
> keys)
> >
> > Please note, that I am using Nix/Nixpkgs in single-user mode on a host OS
> > (openSUSE, and CentOS).
> >
> > I tried adding my deployment keys to the system-wide ssh config in
> > `/etc/ssh/`, and the per user config `~/.ssh/`, both to no avail. Also,
> at
> > least on the CentOS machine I do not have root access. So, whatever
> > solution there is will have to work from within my home directory.
> >
> > My current (hacky) solution is to hard code the path to the repository in
> > the `src` attribute of the derivation in the form `url =
> > file:///home/user/src/project;`. And then ship it to the CentOS machine
> by
> > using `nix-store --export`, and `nix-store --import`. However, this is
> > hardly a satisfactory solution, and as you can imagine it doesn't scale
> > very well with the number of packages.
> >
> > Best,
> >
> > Andreas
>
> > _______________________________________________
> > nix-dev mailing list
> > nix-dev at lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140716/7f85b274/attachment.html
More information about the nix-dev
mailing list