Eelco Dolstra wrote: > On 17/04/14 17:04, Ben Franksen wrote: > >> sorry to bother you again regarding impureEnvVars. I still can't get my >> fetchdarcs over ssh to work, even though I am now using constant-output >> derivations and have >> >> impureEnvVars = [ "SSH_AGENT_PID" "SSH_AUTH_SOCK" ]; >> >> in my fetchdarcs/default.nix. >> >> The environment variables are now defined in the builder. However, they >> are empty :( >> >> Could this be because I am using the Nix multi-user setup where building >> is delegated to a number of nixbld users? > > Right, environment variables from the client are not passed to the > builder. Even if they were, the builder probably would not have file > system access to the socket identifier by $SSH_AUTH_SOCK.
The latter could, I guess, be worked-around (using build-chroot-dirs) but the former seems... hopeless :( I wonder what other options I have to achieve my goal. ATM I can see two: (1) Make the repositories available via http. That means I'll have to convince the sysadmin to set up a web server on the repo server and let it offer the directory that contains our repos. Or I can setup the web werver on another machine that can NFS mount the repo directory; yes, that sounds more practical ;-) (2) Use my self-written nix-prefetch-darcs. That works because it does not delegate the downloading to a nixbld user. The problem is that this breaks automatic dependency resolution during nix-build, if the source derivation is not yet in the Nix store. Developers will have to use nix-prefetch-darcs at least once for every new dependency an application acquires. I could modify the source derivations to display a message to users like Builder cannot proceed: please call nix-prefetch-darcs <user>@<host>:<path> <tag> from the command line and try again. where the placeholders <user>, <host>, <path> and <tag> are automatically filled in by the builder, so the user can cut and paste this line into their shell. The main question with regard to (2) is: how do I prevent the source derivations from being garbage collected (for instance in case the final build did not succeed and no result link gets created) so that users at least have to do this only once for each dependency? Cheers Ben -- "Make it so they have to reboot after every typo." -- Scott Adams _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev