[Nix-dev] Passing credentials in NIX_PATH

Tomasz Czyż tomasz.czyz at gmail.com
Thu Aug 11 15:36:37 CEST 2016


Hi,

I wanted to use fetchgitPrivate, but instead of using agent, I thought I
can pass ssh-key-path as nix path.

I'm using it like

{ ssh-key-path ? <ssh-key-path> }:
{
  ...
    ssh -i ${ssh-key-path}
 ...
}

I build with: ``nix-build my.nix -I ssh-key-path=/home/my/.ssh/key`` (key
group is changed to nixbld so nix builder can access it).

This is working fine on nixos (16.09). ssh-key-path is resolved to
/home/my/.ssh/key as expected.

But when I run this on ubuntu with nix installed in userland (no nix
daemon) when I run build command I've got error that permissions to key are
too wide. What happened is, the content of the file was copied to nix
store, I wouldn't expect that. I new that attributes or derivations can end
up written in nix store, but why the file which variable is pointing to
ended up in nix store?

I'm obviously missing something, anybody could point me to some
explanation?

Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160811/8a1771cf/attachment.html>


More information about the nix-dev mailing list