[Nix-dev] Passing credentials in NIX_PATH

Tomasz Czyż tomasz.czyz at gmail.com
Thu Aug 11 17:01:32 CEST 2016


I figure out, that if I use:

toString <ssh-key-path>

result is persistant and resolves to a path given not to nix store content
in both cases.

2016-08-11 14:36 GMT+01:00 Tomasz Czyż <tomasz.czyz at gmail.com>:

> Hi,
>
> I wanted to use fetchgitPrivate, but instead of using agent, I thought I
> can pass ssh-key-path as nix path.
>
> I'm using it like
>
> { ssh-key-path ? <ssh-key-path> }:
> {
>   ...
>     ssh -i ${ssh-key-path}
>  ...
> }
>
> I build with: ``nix-build my.nix -I ssh-key-path=/home/my/.ssh/key`` (key
> group is changed to nixbld so nix builder can access it).
>
> This is working fine on nixos (16.09). ssh-key-path is resolved to
> /home/my/.ssh/key as expected.
>
> But when I run this on ubuntu with nix installed in userland (no nix
> daemon) when I run build command I've got error that permissions to key are
> too wide. What happened is, the content of the file was copied to nix
> store, I wouldn't expect that. I new that attributes or derivations can end
> up written in nix store, but why the file which variable is pointing to
> ended up in nix store?
>
> I'm obviously missing something, anybody could point me to some
> explanation?
>
> Tom
>



-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160811/f9d8b15b/attachment.html>


More information about the nix-dev mailing list