[Nix-dev] SSH-keys in fetchgit

Andreas Herrmann andreash87 at gmx.ch
Wed Jul 16 17:26:00 CEST 2014


Hi,

Turns out that my ssh config was correct. But, you need to specify the url
for bitbucket in the following form:

    url = "git at bitbucket.org:user/my_project.git";

It works now. Thanks again for your help.

Best, Andreas



On 16 July 2014 00:27, Andreas Herrmann <andreash87 at gmx.ch> wrote:

> Dear Shea,
>
> Thanks for pointing me there. I gave it a shot but cannot get it to work.
>
> I set-up an ssh config directory for nix in `$HOME/.nixpkgs/ssh/`. In
> there is a key file pair without passphrase `id_rsa`, `id_rsa.pub`. The
> public key is configured as a deployment key on the bitbucket repo.
> I changed the derivation to use `fetchgitPrivate` instead of fetchgit. And
> it also showed the expected trace if I do not specify `ssh-config-file`.
> So, it should at least call the right fetcher.
>
> However, if I run the following command-line.
>
>     NIX_PATH="ssh-config-file=$HOME/.nixpkgs/ssh/:$NIX_PATH" nix-build
> --show-trace -A my_package
>
> Then I get connection time-outs to bitbucket
>
>     these derivations will be built:
>     /nix/store/8j2i6a33bfikqbvaz4wg7adaxnpyp9j5-git-export.drv
>     /nix/store/jhc3l1iib93afj2xf9sc2r9y9amv4lb3-my_package-git-619cfcd.drv
>     building path(s)
> `/nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export'
>     exporting git://bitbucket.org/user/my_package.git (rev
> 718dfcd9f6895e9e879aa112c348e4e0d2ba90d4) into
> /nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export
>     Initialized empty Git repository in
> /nix/store/icd6rr1xhk79fl17w24f2c6czqb5nvhz-git-export/.git/
>     fatal: unable to connect to bitbucket.org:
>     bitbucket.org[0: 131.103.20.167]: errno=Connection timed out
>     bitbucket.org[1: 131.103.20.168]: errno=Connection timed out
>
> I also tried explicitely configuring an identity file in a host-block
> inside `$HOME/.nixpkgs/ssh/config`. It didn't help.
>
> Do you know what I'm missing?
>
> Best regards,
>
> Andreas
>
>
>
>
> On 15 July 2014 17:39, Shea Levy <shea at shealevy.com> wrote:
>
>> See the fetchgitPrivate function:
>>
>>
>> https://github.com/NixOS/nixpkgs/blob/a4cf5e903b7782062d62489b23fa5021d1ac0862/pkgs/top-level/all-packages.nix#L308-L326
>>
>> On Tue, Jul 15, 2014 at 12:09:22PM +0200, Andreas Herrmann wrote:
>> > Dear Nix-ers,
>> >
>> > I am using Nix to manage and deploy my own work projects, which do
>> depend
>> > on each other. These projects, however, are not open source, so their
>> > sources are not publicly available on the internet.
>> >
>> > I was wondering if it was possible in some way to configure Nix (or
>> > fetchgit) to use ssh keys when fetching sources from non-public
>> > repositories. (E.g. private repositories on bitbucket with deployment
>> keys)
>> >
>> > Please note, that I am using Nix/Nixpkgs in single-user mode on a host
>> OS
>> > (openSUSE, and CentOS).
>> >
>> > I tried adding my deployment keys to the system-wide ssh config in
>> > `/etc/ssh/`, and the per user config `~/.ssh/`, both to no avail. Also,
>> at
>> > least on the CentOS machine I do not have root access. So, whatever
>> > solution there is will have to work from within my home directory.
>> >
>> > My current (hacky) solution is to hard code the path to the repository
>> in
>> > the `src` attribute of the derivation in the form `url =
>> > file:///home/user/src/project;`. And then ship it to the CentOS machine
>> by
>> > using `nix-store --export`, and `nix-store --import`. However, this is
>> > hardly a satisfactory solution, and as you can imagine it doesn't scale
>> > very well with the number of packages.
>> >
>> > Best,
>> >
>> > Andreas
>>
>> > _______________________________________________
>> > nix-dev mailing list
>> > nix-dev at lists.science.uu.nl
>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20140716/4c6c4118/attachment.html 


More information about the nix-dev mailing list