[Nix-dev] gitFetchPrivate on NixOS

Ashely Gillman gillmanash at gmail.com
Tue Jun 14 23:51:59 CEST 2016


Hi all,
I have been attempting to use gitFetchPrivate to fetch from a private bitbucket repo over SSH, on both Ubuntu running Nix and on NixOS. I am able to get the setup working on Ubuntu.

- Set up SSH-Agent the usual way.
- Ensure that `git clone ssh://git@bitbucket.domain.com:<port>/<user>/<repo>.git` works, it does
- Use `nix-shell -I ssh-config-file=$HOME/.ssh/config -I ssh-auth-sock=$SSH_AUTH_SOCK`, with a local shell.nix specifying requirements

However, I am unable to repeat the process on a NixOS machine.

    gil at gil-nixos:~/proj/pylx $ git clone ssh://git@bitbucket.<DOMAIN>:7999/~<USER>/milx-view.git
    <This works>

    gil at gil-nixos:~/proj/pylx $ nix-shell -I ssh-config-file=$HOME/.ssh/config -I ssh-auth-sock=$SSH_AUTH_SOCK
    these derivations will be built:
      /nix/store/48cz61di3gf6fpkydgri74h5i2s8qh3h-vtk-qvtk-5.10.1.drv
      /nix/store/pcj22pnchg10bq63a32jcc53l75cy8z1-boost-1.59.0.drv
      /nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv
      /nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv
    building path(s) ‘/nix/store/603gs7mcgpf7cnyv3k2bkxk1kbj4smbq-boost-1.59.0’, ‘/nix/store/q26zzdzy5zngyxyah8fhqmnqwbmz4gl4-boost-1.59.0-lib’, ‘/nix/store/zggqsmrh9l70yrcdagmgqjmv8i6a9rls-boost-1.59.0-dev’
    building path(s) ‘/nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819’
    building path(s) ‘/nix/store/j70pal3svpcip7xv21bxf5xy2c4chl84-vtk-qvtk-5.10.1’
    exporting ssh://git@bitbucket.<DOMAIN>:7999/~<USER>/milx-view.git (rev 585a8195804) into /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819
    Initialized empty Git repository in /nix/store/ra27851hlszq1k0n9zfa14xwhxqvn8zs-milx-view-585a819/.git/
    Can't open user config file /home/gil/.ssh/config: Permission denied
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
    unpacking sources
    unpacking source archive /nix/store/cdz3wd9r8vlnp193kv091pal401mg9kc-boost_1_59_0.tar.bz2
    Can't open user config file /home/gil/.ssh/config: Permission denied
    fatal: Could not read from remote repository.

    Please make sure you have the correct access rights
    and the repository exists.
    Unable to checkout 585a8195804 from ssh://git@bitbucket.<DOMAIN>:7999/~<USER>/milx-view.git.
    builder for ‘/nix/store/sb7xc3pan2h7n1qdh94ynblb9cv12a3p-milx-view-585a819.drv’ failed with exit code 1
    cannot build derivation ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’: 1 dependencies couldn't be built
    error: build of ‘/nix/store/dzh8jzl90ghsl0l71p9v2zqzh9wn2ngb-milx-view.drv’ failed
    /run/current-system/sw/bin/nix-shell: failed to build all dependencies

With the relevant line being:
    Can't open user config file /home/gil/.ssh/config: Permission denied

Probably a nixbld user is trying to access this? I am not actually sure if my nixpkgs are built by my user or by nixbld. How can I tell? `cat /etc/passwd` indicates that the nixbld users exist.

I have attempted to follow instructions for setting up gitFetchPrivate for multi-user installations (but again, not even sure this is what I have - I just installed the simplest way), but to no avail (although the instructions are somewhat unclear).

Thanks for any help,
Ashley Gillman (Ash)


More information about the nix-dev mailing list