On Thu, Apr 17, 2014 at 06:13:35PM +0200, Ben Franksen wrote: > Eelco Dolstra wrote: > > On 17/04/14 17:04, Ben Franksen wrote: > > > >> sorry to bother you again regarding impureEnvVars. I still can't get my > >> fetchdarcs over ssh to work, even though I am now using constant-output > >> derivations and have > >> > >> impureEnvVars = [ "SSH_AGENT_PID" "SSH_AUTH_SOCK" ]; > >> > >> in my fetchdarcs/default.nix. > >> > >> The environment variables are now defined in the builder. However, they > >> are empty :( > >> > >> Could this be because I am using the Nix multi-user setup where building > >> is delegated to a number of nixbld users? > > > > Right, environment variables from the client are not passed to the > > builder. Even if they were, the builder probably would not have file > > system access to the socket identifier by $SSH_AUTH_SOCK. > > The latter could, I guess, be worked-around (using build-chroot-dirs)
Actually, fixed-output derivations are done outside of the chroot, so you just need to ensure the socket is accessible to the build users group. In fact, *not* having it in the chroot is better so that non-fixed-output builds don't have access. > but > the former seems... hopeless :( > Why? Just start the daemon with the right environment settings. > > I wonder what other options I have to achieve my goal. ATM I can see two: > > (1) Make the repositories available via http. That means I'll have to > convince the sysadmin to set up a web server on the repo server and let it > offer the directory that contains our repos. Or I can setup the web werver > on another machine that can NFS mount the repo directory; yes, that sounds > more practical ;-) > > (2) Use my self-written nix-prefetch-darcs. That works because it does not > delegate the downloading to a nixbld user. The problem is that this breaks > automatic dependency resolution during nix-build, if the source derivation > is not yet in the Nix store. Developers will have to use nix-prefetch-darcs > at least once for every new dependency an application acquires. I could > modify the source derivations to display a message to users like > > Builder cannot proceed: please call > nix-prefetch-darcs <user>@<host>:<path> <tag> > from the command line and try again. > > where the placeholders <user>, <host>, <path> and <tag> are automatically > filled in by the builder, so the user can cut and paste this line into their > shell. > > The main question with regard to (2) is: how do I prevent the source > derivations from being garbage collected (for instance in case the final > build did not succeed and no result link gets created) so that users at > least have to do this only once for each dependency? > > Cheers > Ben > -- > "Make it so they have to reboot after every typo." -- Scott Adams > > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
