Hi, Yes the difference is that the build user is nixbld[1-9]. Also the SSH agent doesn't allow other users to access to the socket.
Sorry I don't know the solution. You could maybe build a bridge on the socket using `socat` to hide the caller's user. On Wed, 15 Jun 2016, 11:57 Ashely Gillman, <gillman...@gmail.com> wrote: > Hi all, > I have been attempting to use gitFetchPrivate to fetch from a private > bitbucket repo over SSH, on both Ubuntu running Nix and on NixOS. I am able > to get the setup working on Ubuntu. > > - Set up SSH-Agent the usual way. > - Ensure that `git clone > ssh://g...@bitbucket.domain.com:<port>/<user>/<repo>.git` > works, it does > - Use `nix-shell -I ssh-config-file=$HOME/.ssh/config -I > ssh-auth-sock=$SSH_AUTH_SOCK`, with a local shell.nix specifying > requirements > > However, I am unable to repeat the process on a NixOS machine. > > gil@gil-nixos:~/proj/pylx $ git clone ssh://git@bitbucket. > <DOMAIN>:7999/~<USER>/milx-view.git > <This works> > > gil@gil-nixos:~/proj/pylx $ nix-shell -I > ssh-config-file=$HOME/.ssh/config -I ssh-auth-sock=$SSH_AUTH_SOCK > these derivations will be built: > /nix/store/48cz61di3gf6fpkydgri74h5i2s8qh3h-vtk-qvtk-5.10.1.drv > /nix/store/pcj22pnchg10bq63a32jcc53l75cy8z1-boost-1.59.0.drv > /nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv > /nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv > building path(s) > ‘/nix/store/603gs7mcgpf7cnyv3k2bkxk1kbj4smbq-boost-1.59.0’, > ‘/nix/store/q26zzdzy5zngyxyah8fhqmnqwbmz4gl4-boost-1.59.0-lib’, > ‘/nix/store/zggqsmrh9l70yrcdagmgqjmv8i6a9rls-boost-1.59.0-dev’ > building path(s) > ‘/nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819’ > building path(s) > ‘/nix/store/j70pal3svpcip7xv21bxf5xy2c4chl84-vtk-qvtk-5.10.1’ > exporting ssh://git@bitbucket.<DOMAIN>:7999/~<USER>/milx-view.git > (rev 585a8195804) into > /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819 > Initialized empty Git repository in > /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819/.git/ > Can't open user config file /home/gil/.ssh/config: Permission denied > fatal: Could not read from remote repository. > > Please make sure you have the correct access rights > and the repository exists. > unpacking sources > unpacking source archive > /nix/store/cdz3wd9r8vlnp193kv091pal401mg9kc-boost_1_59_0.tar.bz2 > Can't open user config file /home/gil/.ssh/config: Permission denied > fatal: Could not read from remote repository. > > Please make sure you have the correct access rights > and the repository exists. > Unable to checkout 585a8195804 from ssh://git@bitbucket. > <DOMAIN>:7999/~<USER>/milx-view.git. > builder for > ‘/nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv’ failed > with exit code 1 > cannot build derivation > ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’: 1 dependencies > couldn't be built > error: build of > ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’ failed > /run/current-system/sw/bin/nix-shell: failed to build all dependencies > > With the relevant line being: > Can't open user config file /home/gil/.ssh/config: Permission denied > > Probably a nixbld user is trying to access this? I am not actually sure if > my nixpkgs are built by my user or by nixbld. How can I tell? `cat > /etc/passwd` indicates that the nixbld users exist. > > I have attempted to follow instructions for setting up gitFetchPrivate for > multi-user installations (but again, not even sure this is what I have - I > just installed the simplest way), but to no avail (although the > instructions are somewhat unclear). > > Thanks for any help, > Ashley Gillman (Ash) > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev