Unable to use fetchgit on private git repo

I am using nix v2.7 on macOS. I am trying to build a package from a private git repository. I am a bit confused by the following error message from nix build when building my flake.

I have added my ssh key with ssh-add. It’s my understanding this should fetch the source using my ssh key.
Any insights?

Initialized empty Git repository in /nix/store/xaykqlvxw86jn8qka4s6yf4b24hdzv22-python-libs-fcb7e8a/.git/
error: cannot run ssh: No such file or directory
fatal: unable to fork
error: cannot run ssh: No such file or directory
fatal: unable to fork
error: cannot run ssh: No such file or directory
fatal: unable to fork

Can you post the Nix code you’re trying to use?

I hope this helps

src = pkgs.fetchgit {
  url = "git@gitlab.private.net:foo/python-libs.git";
  rev = "fcb7e8a";
  sha256 = "1cw5fszffl5pkpa6s6wjnkiv6lm5k618s32sp60kvmvpy7a2v9kg";

pkgs.fetchgit doesn’t work with private repos because of the Nix build sandbox, but builtins.fetchGit does because it’s performed by the evaluator as your user. They’re slightly different things.

You want to use fetchFromGitLab which should support ssh cloning and you need fetchFromGitLab: support for private repositories by panicgh · Pull Request #176950 · NixOS/nixpkgs · GitHub

I changed the code to use builtins.fetchGit and got the following error message.

error: in pure evaluation mode, 'fetchTree' requires a locked input,

My code is an a flake. I am not to sure how to interpret the error message here.
Is there some documentation you can point me to so I can better understand locked input in this context?

@Sandro it looks like fetchFromGitLab only supports password auth. Is that true?

Also, what is the trade off between using builtins.fetchGit and fetchFromGitLab?

1 Like

Thanks everyone for your help.
I was able to resolve my issue.

I switched to use builtins.fetchGit and I did not pass in the rev parameter. Not using the rev parameters prevents it from being locked.
I referenced this documentation.


You may want to look at Enterprise - NixOS Wiki, the nix builtins can add the credentials to http requests.

1 Like

or token auth. You can probably expand it for ssh

fetchFromGitLab has specific options for gitlab which you don’t need to add on top of fetchGit to reduce code duplication.

My private repo have many python program.I want to build only one python program from my private repo.how can i specify one python program to build in derivation.
please help