nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-09 12:06:01 +01:00
Code Activity

feat(libstore): add builtin fetchurl S3 credential pre-resolution

Browse source 
Add support for pre-resolving AWS credentials in the parent process
before forking for builtin:fetchurl. This avoids recreating credential
providers in the forked child process.
This commit is contained in:
Bernardo Meurer Costa 2025-10-10 14:45:06 +00:00
parent f77094715f
commit 000e6f6282
No known key found for this signature in database
4 changed files with 97 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/unix/build/linux-derivation-builder.cc
View file

@ -276,6 +276,12 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu
void startChild() override
{
RunChildArgs args{
# if NIX_WITH_CURL_S3
.awsCredentials = preResolveAwsCredentials(),
# endif
};
/* Set up private namespaces for the build:
- The PID namespace causes the build to start as PID 1.
@ -343,7 +349,7 @@ struct ChrootLinuxDerivationBuilder : ChrootDerivationBuilder, LinuxDerivationBu
if (usingUserNamespace)
options.cloneFlags |= CLONE_NEWUSER;
pid_t child = startProcess([&]() { runChild(); }, options);
pid_t child = startProcess([this, args = std::move(args)]() { runChild(std::move(args)); }, options);
writeFull(sendPid.writeSide.get(), fmt("%d\n", child));
_exit(0);