fetchFromGitHub: Allow private repos, hosted githubs

2017-05-19 15:38:01 -04:00 · 2017-05-19 15:38:01 -04:00 · b71b7ee622
commit b71b7ee622
parent 06767b81e0
2 changed files with 34 additions and 5 deletions
--- a/pkgs/build-support/fetchurl/default.nix
+++ b/pkgs/build-support/fetchurl/default.nix
@ -59,6 +59,13 @@ in

 , recursiveHash ? false

+, # Shell code to build a netrc file for BASIC auth
+  netrcPhase ? null
+
+, # Impure env vars (http://nixos.org/nix/manual/#sec-advanced-attributes)
+  # needed for netrcPhase
+  netrcImpureEnvVars ? []
+
 , # Shell code executed after the file has been fetched
  # successfully. This can do things like check or transform the file.
  postFetch ? ""
@ -118,11 +125,18 @@ else stdenv.mkDerivation {

  outputHashMode = if (recursiveHash || executable) then "recursive" else "flat";

-  inherit curlOpts showURLs mirrorsFile impureEnvVars postFetch downloadToTemp executable;
+  inherit curlOpts showURLs mirrorsFile postFetch downloadToTemp executable;
+
+  impureEnvVars = impureEnvVars ++ netrcImpureEnvVars;

  # Doing the download on a remote machine just duplicates network
  # traffic, so don't do that.
  preferLocalBuild = true;

+  postHook = if netrcPhase == null then null else ''
+    ${netrcPhase}
+    curlOpts="$curlOpts --netrc-file $PWD/netrc"
+  '';
+
  inherit meta;
 }
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -185,12 +185,14 @@ with pkgs;

  fetchFromGitHub = {
    owner, repo, rev, name ? "${repo}-${rev}-src",
-    fetchSubmodules ? false,
+    fetchSubmodules ? false, private ? false,
+    githubBase ? "github.com", varPrefix ? null,
    ... # For hash agility
-  }@args:
+  }@args: assert private -> !fetchSubmodules;
  let
-    baseUrl = "https://github.com/${owner}/${repo}";
-    passthruAttrs = removeAttrs args [ "owner" "repo" "rev" "fetchSubmodules" ];
+    baseUrl = "https://${githubBase}/${owner}/${repo}";
+    passthruAttrs = removeAttrs args [ "owner" "repo" "rev" "fetchSubmodules" "private" "githubBase" "varPrefix" ];
+    varBase = "NIX${if varPrefix == null then "" else "_${varPrefix}"}_GITHUB_PRIVATE_";
  in if fetchSubmodules then
    fetchgit ({
      inherit name rev fetchSubmodules;
@ -203,6 +205,19 @@ with pkgs;
      inherit name;
      url = "${baseUrl}/archive/${rev}.tar.gz";
      meta.homepage = "${baseUrl}/";
+    } // lib.optionalAttrs private {
+      netrcPhase = ''
+        if [ -z "''$${varBase}USERNAME" -o -z "''$${varBase}PASSWORD" ]; then
+          echo "Error: Private fetchFromGitHub requires the nix building process (nix-daemon in multi user mode) to have the ${varBase}USERNAME and ${varBase}PASSWORD env vars set." >&2
+          exit 1
+        fi
+        cat > netrc <<EOF
+        machine ${githubBase}
+                login ''$${varBase}USERNAME
+                password ''$${varBase}PASSWORD
+        EOF
+      '';
+      netrcImpureEnvVars = [ "${varBase}USERNAME" "${varBase}PASSWORD" ];
    } // passthruAttrs) // { inherit rev; };

  fetchFromBitbucket = {