Fetching source over the network is the main reason fixed output derivations even exist. When chroot builds are enabled, networking is not allowed for non-fixed output derivations. Why is this case special?
> On Apr 13, 2014, at 16:03, Ben Franksen <[email protected]> wrote: > > Hello > > Is there *any* way (besides hacking the Nix source code) to circumvent the > limitation on impureEnvVars, i.e. that one has to provide the hash up front, > making the derivation fixed-output? What I am asking for is something akin > to unsafePerformIO in Haskell (which exists for similar situations, and > motivated the name unsafeImpureEnvVars in the subject). > > Effectively I want to be able to say to Nix: "I swear these variables are > used in a pure way, just believe me." > > Background: > > I want to use fetchdarcs for remote repositories via ssh; we use darcs to > version control our software internally (even stuff we get from the outside, > to track patches for customisation and bug fixes). We use tags to identify > versions and have lots of darcs repos, all on a single server, accessible to > developers via ssh. > > Unfortunately, fetchdarcs fails in this case because, to avoid being asked > for a passphrase, ssh (in this case called via darcs) needs to know how to > access a runnig ssh agent, and this knowledge is encoded in two environment > variables: SSH_AGENT_PID and SSH_AUTH_SOCK. But of course these are not > defined in the builder, its environment gets cleared before it starts. > > Now, there is the attribute impureEnvVars. But that works only if you pass > the expected hash to the builder (so the derivation becomes fixed-output). > That means either I hard-code the expected hash into the derivation, or pass > it as an argument. In both cases, I need to find out the hash before-hand. > This makes it very inconvenient for users to add new version of packages. > > Note that this is *only* because of the two environment variables. I can use > fetchdarcs just fine with any local path or remote http url without > providing any hash. > > Note also that use of these variables does not imply any impurity, they are > only used for authentication. > > Cheers > Ben > -- > "Make it so they have to reboot after every typo." -- Scott Adams > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
