I believe you could run nix-prefetch-git to pre-populate the store but I don't know if it's still possible, the derivation might not match exactly anymore. Also it's only really useful for developer machines, on a CI you still want it to have access to the repo isn't it?
On Wed, 15 Jun 2016 at 13:42 Ashley Gillman <[email protected]> wrote: > Thanks Zimbatm, > > Actually I don't think the issue is the socket (yet). For example, I get > exactly the same error when just calling `nix-shell -I > ssh-config-file=$HOME/.ssh/config`. The current "wall" I think is either > that config file or the referenced id_rsa file, but the error indicates its > the config file itself. I have tried `chmod o+rw` on the file, and with > group (`chmod g+rw` and `chgrp`ing to nixbld), but to no avail. > > I should mention also, I do not have my heart set on gitFetchPrivate. If > there is another way to access a remote (BitBucket) server requiring > credentials, that would be great. Although pulling each manually and using > a local file path is not preferred. > > Cheers, > Ash > > On Wed, Jun 15, 2016 at 10:07 PM, zimbatm <[email protected]> wrote: > >> Hi, >> >> Yes the difference is that the build user is nixbld[1-9]. Also the SSH >> agent doesn't allow other users to access to the socket. >> >> Sorry I don't know the solution. You could maybe build a bridge on the >> socket using `socat` to hide the caller's user. >> >> On Wed, 15 Jun 2016, 11:57 Ashely Gillman, <[email protected]> wrote: >> >>> Hi all, >>> I have been attempting to use gitFetchPrivate to fetch from a private >>> bitbucket repo over SSH, on both Ubuntu running Nix and on NixOS. I am able >>> to get the setup working on Ubuntu. >>> >>> - Set up SSH-Agent the usual way. >>> - Ensure that `git clone >>> ssh://[email protected]:<port>/<user>/<repo>.git` >>> works, it does >>> - Use `nix-shell -I ssh-config-file=$HOME/.ssh/config -I >>> ssh-auth-sock=$SSH_AUTH_SOCK`, with a local shell.nix specifying >>> requirements >>> >>> However, I am unable to repeat the process on a NixOS machine. >>> >>> gil@gil-nixos:~/proj/pylx $ git clone ssh://git@bitbucket. >>> <DOMAIN>:7999/~<USER>/milx-view.git >>> <This works> >>> >>> gil@gil-nixos:~/proj/pylx $ nix-shell -I >>> ssh-config-file=$HOME/.ssh/config -I ssh-auth-sock=$SSH_AUTH_SOCK >>> these derivations will be built: >>> /nix/store/48cz61di3gf6fpkydgri74h5i2s8qh3h-vtk-qvtk-5.10.1.drv >>> /nix/store/pcj22pnchg10bq63a32jcc53l75cy8z1-boost-1.59.0.drv >>> /nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv >>> /nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv >>> building path(s) >>> ‘/nix/store/603gs7mcgpf7cnyv3k2bkxk1kbj4smbq-boost-1.59.0’, >>> ‘/nix/store/q26zzdzy5zngyxyah8fhqmnqwbmz4gl4-boost-1.59.0-lib’, >>> ‘/nix/store/zggqsmrh9l70yrcdagmgqjmv8i6a9rls-boost-1.59.0-dev’ >>> building path(s) >>> ‘/nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819’ >>> building path(s) >>> ‘/nix/store/j70pal3svpcip7xv21bxf5xy2c4chl84-vtk-qvtk-5.10.1’ >>> exporting ssh://git@bitbucket.<DOMAIN>:7999/~<USER>/milx-view.git >>> (rev 585a8195804) into >>> /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819 >>> Initialized empty Git repository in >>> /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819/.git/ >>> Can't open user config file /home/gil/.ssh/config: Permission denied >>> fatal: Could not read from remote repository. >>> >>> Please make sure you have the correct access rights >>> and the repository exists. >>> unpacking sources >>> unpacking source archive >>> /nix/store/cdz3wd9r8vlnp193kv091pal401mg9kc-boost_1_59_0.tar.bz2 >>> Can't open user config file /home/gil/.ssh/config: Permission denied >>> fatal: Could not read from remote repository. >>> >>> Please make sure you have the correct access rights >>> and the repository exists. >>> Unable to checkout 585a8195804 from ssh://git@bitbucket. >>> <DOMAIN>:7999/~<USER>/milx-view.git. >>> builder for >>> ‘/nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv’ failed >>> with exit code 1 >>> cannot build derivation >>> ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’: 1 dependencies >>> couldn't be built >>> error: build of >>> ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’ failed >>> /run/current-system/sw/bin/nix-shell: failed to build all >>> dependencies >>> >>> With the relevant line being: >>> Can't open user config file /home/gil/.ssh/config: Permission denied >>> >>> Probably a nixbld user is trying to access this? I am not actually sure >>> if my nixpkgs are built by my user or by nixbld. How can I tell? `cat >>> /etc/passwd` indicates that the nixbld users exist. >>> >>> I have attempted to follow instructions for setting up gitFetchPrivate >>> for multi-user installations (but again, not even sure this is what I have >>> - I just installed the simplest way), but to no avail (although the >>> instructions are somewhat unclear). >>> >>> Thanks for any help, >>> Ashley Gillman (Ash) >>> _______________________________________________ >>> nix-dev mailing list >>> [email protected] >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev >>> >>
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
