Re: [Nix-dev] Passing credentials in NIX_PATH

2016-08-11 Thread Tomasz Czyż 
I figure out, that if I use:

toString 

result is persistant and resolves to a path given not to nix store content
in both cases.

2016-08-11 14:36 GMT+01:00 Tomasz Czyż :

> Hi,
>
> I wanted to use fetchgitPrivate, but instead of using agent, I thought I
> can pass ssh-key-path as nix path.
>
> I'm using it like
>
> { ssh-key-path ?  }:
> {
>   ...
> ssh -i ${ssh-key-path}
>  ...
> }
>
> I build with: ``nix-build my.nix -I ssh-key-path=/home/my/.ssh/key`` (key
> group is changed to nixbld so nix builder can access it).
>
> This is working fine on nixos (16.09). ssh-key-path is resolved to
> /home/my/.ssh/key as expected.
>
> But when I run this on ubuntu with nix installed in userland (no nix
> daemon) when I run build command I've got error that permissions to key are
> too wide. What happened is, the content of the file was copied to nix
> store, I wouldn't expect that. I new that attributes or derivations can end
> up written in nix store, but why the file which variable is pointing to
> ended up in nix store?
>
> I'm obviously missing something, anybody could point me to some
> explanation?
>
> Tom
>



-- 
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Passing credentials in NIX_PATH

2016-08-11 Thread Tomasz Czyż 
Hi,

I wanted to use fetchgitPrivate, but instead of using agent, I thought I
can pass ssh-key-path as nix path.

I'm using it like

{ ssh-key-path ?  }:
{
  ...
ssh -i ${ssh-key-path}
 ...
}

I build with: ``nix-build my.nix -I ssh-key-path=/home/my/.ssh/key`` (key
group is changed to nixbld so nix builder can access it).

This is working fine on nixos (16.09). ssh-key-path is resolved to
/home/my/.ssh/key as expected.

But when I run this on ubuntu with nix installed in userland (no nix
daemon) when I run build command I've got error that permissions to key are
too wide. What happened is, the content of the file was copied to nix
store, I wouldn't expect that. I new that attributes or derivations can end
up written in nix store, but why the file which variable is pointing to
ended up in nix store?

I'm obviously missing something, anybody could point me to some
explanation?

Tom
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev