{
nixpkgs ? import <nixpkgs> {}
}:nixpkgs.pkgs.fetchgitPrivate {
url = "ssh://[email protected]/trycatchchris/blog.git";
rev = "0f5fe7ebf0724eb17aea4141e0cf3f1758a6d716";
sha256 = "02951e82c1183aaf1ce4b9669bf9ae32e50c4c641550797eed37739cd4528b58";
}
我有上面的 nix 表达式,其中 repo 是一个私有 git 存储库。
我确实可以通过我的用户的公钥访问此存储库。
如果我尝试常规nix-build:
nix-build
trace: Please set your nix-path such that ssh-config-file points to a file that will allow ssh to access private repositories. The builder will not be able to see any running ssh agent sessions unless ssh-auth-sock is also set in the nix-path.
Note that the config file and any keys it points to must be readable by the build user, which depending on your nix configuration means making it readable by the build-users-group, the user of the running nix-daemon, or the user calling the nix command which started the build. Similarly, if using an ssh agent ssh-auth-sock must point to a socket the build user can access.
You may need StrictHostKeyChecking=no in the config file. Since ssh will refuse to use a group-readable private key, if using build-users you will likely want to use something like IdentityFile /some/directory/%u/key and have a directory for each build user accessible to that user.
these derivations will be built:
/nix/store/hlnshdb0ckckih46cv66xj8pyqds6w7y-blog-0f5fe7e.drv
building '/nix/store/hlnshdb0ckckih46cv66xj8pyqds6w7y-blog-0f5fe7e.drv'...
exporting ssh://[email protected]/trycatchchris/blog.git (rev 0f5fe7ebf0724eb17aea4141e0cf3f1758a6d716) into /nix/store/mkinydhkdyg6dyw7fp399m90qw5bsbqd-blog-0f5fe7e
Initialized empty Git repository in /nix/store/mkinydhkdyg6dyw7fp399m90qw5bsbqd-blog-0f5fe7e/.git/
Can't open user config file /var/lib/empty/config: No such file or directory
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Can't open user config file /var/lib/empty/config: No such file or directory
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Unable to checkout 0f5fe7ebf0724eb17aea4141e0cf3f1758a6d716 from ssh://[email protected]/trycatchchris/blog.git.
builder for '/nix/store/hlnshdb0ckckih46cv66xj8pyqds6w7y-blog-0f5fe7e.drv' failed with exit code 1
error: build of '/nix/store/hlnshdb0ckckih46cv66xj8pyqds6w7y-blog-0f5fe7e.drv' failed
我尝试过使用 ssh 代理以及(来自https://github.com/NixOS/nixpkgs/issues/4004#issuecomment-236434045):
创建一个ssh包含以下内容的文件:
Host gitlab.com
StrictHostKeyChecking No
UserKnownHostsFile /dev/null
IdentityFile /home/chris/.ssh/id_rsa
并运行:
nix-build -I ssh-config-file=$PWD/ssh
these derivations will be built:
/nix/store/ng4qdayni3a69b57kfmrvf4ba03ryfv9-blog-0f5fe7e.drv
building '/nix/store/ng4qdayni3a69b57kfmrvf4ba03ryfv9-blog-0f5fe7e.drv'...
exporting ssh://[email protected]/trycatchchris/blog.git (rev 0f5fe7ebf0724eb17aea4141e0cf3f1758a6d716) into /nix/store/mkinydhkdyg6dyw7fp399m90qw5bsbqd-blog-0f5fe7e
Initialized empty Git repository in /nix/store/mkinydhkdyg6dyw7fp399m90qw5bsbqd-blog-0f5fe7e/.git/
Can't open user config file /home/chris/temp/wiptemp/11/ssh: No such file or directory
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Can't open user config file /home/chris/temp/wiptemp/11/ssh: No such file or directory
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Unable to checkout 0f5fe7ebf0724eb17aea4141e0cf3f1758a6d716 from ssh://[email protected]/trycatchchris/blog.git.
builder for '/nix/store/ng4qdayni3a69b57kfmrvf4ba03ryfv9-blog-0f5fe7e.drv' failed with exit code 1
error: build of '/nix/store/ng4qdayni3a69b57kfmrvf4ba03ryfv9-blog-0f5fe7e.drv' failed
然而这也失败了......我如何使用上述方法或其他方法克隆私人仓库?
上面的 (
builtins.fetchGit) 似乎可以完美地工作,而无需设置沙箱等(使用默认的 ~/.ssh/id_rsa 键)。如果使用 Nix < v2.4 并获取不在
master分支上的提交,则需要添加ref带有分支名称的附加属性,例如:https://github.com/nix-community/naersk/pull/211