Unable to use fetchgit on private git repo

witkamp · December 28, 2022, 10:18pm

I am using nix v2.7 on macOS. I am trying to build a package from a private git repository. I am a bit confused by the following error message from nix build when building my flake.

I have added my ssh key with ssh-add. It’s my understanding this should fetch the source using my ssh key.
Any insights?
Thanks.

Initialized empty Git repository in /nix/store/xaykqlvxw86jn8qka4s6yf4b24hdzv22-python-libs-fcb7e8a/.git/
error: cannot run ssh: No such file or directory
fatal: unable to fork
error: cannot run ssh: No such file or directory
fatal: unable to fork
error: cannot run ssh: No such file or directory
fatal: unable to fork

ElvishJerricco · December 28, 2022, 10:41pm

Can you post the Nix code you’re trying to use?

witkamp · December 29, 2022, 12:56am

I hope this helps

src = pkgs.fetchgit {
  url = "git@gitlab.private.net:foo/python-libs.git";
  rev = "fcb7e8a";
  sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg";
};

ElvishJerricco · December 29, 2022, 1:21am

pkgs.fetchgit doesn’t work with private repos because of the Nix build sandbox, but builtins.fetchGit does because it’s performed by the evaluator as your user. They’re slightly different things.

Sandro · December 29, 2022, 3:34pm

You want to use fetchFromGitLab which should support ssh cloning and you need fetchFromGitLab: support for private repositories by panicgh · Pull Request #176950 · NixOS/nixpkgs · GitHub

witkamp · December 29, 2022, 5:14pm

I changed the code to use builtins.fetchGit and got the following error message.

error: in pure evaluation mode, 'fetchTree' requires a locked input,

My code is an a flake. I am not to sure how to interpret the error message here.
Is there some documentation you can point me to so I can better understand locked input in this context?

witkamp · December 29, 2022, 5:20pm

@Sandro it looks like fetchFromGitLab only supports password auth. Is that true?

Also, what is the trade off between using builtins.fetchGit and fetchFromGitLab?

witkamp · December 29, 2022, 5:35pm

Thanks everyone for your help.
I was able to resolve my issue.

I switched to use builtins.fetchGit and I did not pass in the rev parameter. Not using the rev parameters prevents it from being locked.
I referenced this documentation.
https://nixos.org/manual/nix/stable/language/builtins.html#builtins-fetchGit

jonringer · December 29, 2022, 6:07pm

You may want to look at Enterprise - NixOS Wiki, the nix builtins can add the credentials to http requests.

Sandro · December 29, 2022, 8:07pm

or token auth. You can probably expand it for ssh

fetchFromGitLab has specific options for gitlab which you don’t need to add on top of fetchGit to reduce code duplication.

DevOps-amee · October 4, 2023, 6:09am

My private repo have many python program.I want to build only one python program from my private repo.how can i specify one python program to build in derivation.
please help