Support netrc in <nix/fetchurl.nix>

This allows <nix/fetchurl.nix> to fetch private Git/Mercurial repositories, e.g. import <nix/fetchurl.nix> { url = https://edolstra@bitbucket.org/edolstra/my-private-repo/get/80a14018daed.tar.bz2; sha256 = "1mgqzn7biqkq3hf2697b0jc4wabkqhmzq2srdymjfa6sb9zb6qs7"; } where /etc/nix/netrc contains: machine bitbucket.org login edolstra password blabla... This works even when sandboxing is enabled. To do: add unpacking support (i.e. fetchzip functionality).
author: Eelco Dolstra <edolstra@gmail.com> 2017-02-16 15:42:49 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2017-02-16 15:51:50 +0100
commit: 302386f775eea309679654e5ea7c972fb6e7b9af (patch)
tree: 57af26df9b9d0b635aac092d5803e907c0c3741a /src/libstore/build.cc
parent: cde4b609192d11dc299ea3c27d7f92735f161db1 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 1aee150fd..1ce23135f 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -2307,6 +2307,14 @@ void DerivationGoal::runChild()
 
         bool setUser = true;
 
+        /* Make the contents of netrc available to builtin:fetchurl
+           (which may run under a different uid and/or in a sandbox). */
+        std::string netrcData;
+        try {
+            if (drv->isBuiltin() && drv->builder == "builtin:fetchurl")
+                netrcData = readFile(settings.netrcFile);
+        } catch (SysError &) { }
+
 #if __linux__
         if (useChroot) {
 
@@ -2675,7 +2683,7 @@ void DerivationGoal::runChild()
         if (drv->isBuiltin()) {
             try {
                 if (drv->builder == "builtin:fetchurl")
-                    builtinFetchurl(*drv);
+                    builtinFetchurl(*drv, netrcData);
                 else
                     throw Error(format("unsupported builtin function ‘%1%’") % string(drv->builder, 8));
                 _exit(0);
@@ -3072,7 +3080,9 @@ void DerivationGoal::closeLogFile()
 void DerivationGoal::deleteTmpDir(bool force)
 {
     if (tmpDir != "") {
-        if (settings.keepFailed && !force) {
+        /* Don't keep temporary directories for builtins because they
+           might have privileged stuff (like a copy of netrc). */
+        if (settings.keepFailed && !force && !drv->isBuiltin()) {
             printError(
                 format("note: keeping build directory ‘%2%’")
                 % drvPath % tmpDir);
author	Eelco Dolstra <edolstra@gmail.com>	2017-02-16 15:42:49 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2017-02-16 15:51:50 +0100
commit	302386f775eea309679654e5ea7c972fb6e7b9af (patch)
tree	57af26df9b9d0b635aac092d5803e907c0c3741a /src/libstore/build.cc
parent	cde4b609192d11dc299ea3c27d7f92735f161db1 (diff)