From 33e94fe19fdedca5dd89fdc0b292938ac58dc81a Mon Sep 17 00:00:00 2001
From: Sergei Zimmerman <sergei@zimmerman.foo>
Date: Thu, 16 Oct 2025 21:48:13 +0300
Subject: [PATCH] libstore: Make AwsAuthError more legible

Instead of the cryptic:

> error: Failed to resolve AWS credentials: error code 6153`

We now get more legible:

> error: AWS authentication error: 'Valid credentials could not be sourced by the IMDS provider' (6153)
---
 src/libstore/aws-creds.cc                   |  9 +++++++--
 src/libstore/include/nix/store/aws-creds.hh | 17 +++++++++++++----
 src/libstore/meson.build                    |  2 ++
 3 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/libstore/aws-creds.cc b/src/libstore/aws-creds.cc
index 4ba5b7dee..6c9bc99b2 100644
--- a/src/libstore/aws-creds.cc
+++ b/src/libstore/aws-creds.cc
@@ -22,6 +22,12 @@
 
 namespace nix {
 
+AwsAuthError::AwsAuthError(int errorCode)
+    : Error("AWS authentication error: '%s' (%d)", aws_error_str(errorCode), errorCode)
+    , errorCode(errorCode)
+{
+}
+
 namespace {
 
 static AwsCredentials getCredentialsFromProvider(std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> provider)
@@ -35,8 +41,7 @@ static AwsCredentials getCredentialsFromProvider(std::shared_ptr<Aws::Crt::Auth:
 
     provider->GetCredentials([prom](std::shared_ptr<Aws::Crt::Auth::Credentials> credentials, int errorCode) {
         if (errorCode != 0 || !credentials) {
-            prom->set_exception(
-                std::make_exception_ptr(AwsAuthError("Failed to resolve AWS credentials: error code %d", errorCode)));
+            prom->set_exception(std::make_exception_ptr(AwsAuthError(errorCode)));
         } else {
             auto accessKeyId = Aws::Crt::ByteCursorToStringView(credentials->GetAccessKeyId());
             auto secretAccessKey = Aws::Crt::ByteCursorToStringView(credentials->GetSecretAccessKey());
diff --git a/src/libstore/include/nix/store/aws-creds.hh b/src/libstore/include/nix/store/aws-creds.hh
index d72290ced..30f6592a0 100644
--- a/src/libstore/include/nix/store/aws-creds.hh
+++ b/src/libstore/include/nix/store/aws-creds.hh
@@ -34,10 +34,19 @@ struct AwsCredentials
     }
 };
 
-/**
- * Exception thrown when AWS authentication fails
- */
-MakeError(AwsAuthError, Error);
+class AwsAuthError : public Error
+{
+    std::optional<int> errorCode;
+
+public:
+    using Error::Error;
+    AwsAuthError(int errorCode);
+
+    std::optional<int> getErrorCode() const
+    {
+        return errorCode;
+    }
+};
 
 class AwsCredentialProvider
 {
diff --git a/src/libstore/meson.build b/src/libstore/meson.build
index 78a3dd9b3..40da06e6b 100644
--- a/src/libstore/meson.build
+++ b/src/libstore/meson.build
@@ -158,6 +158,8 @@ curl_s3_store_opt = get_option('curl-s3-store').require(
 
 if curl_s3_store_opt.enabled()
   deps_other += aws_crt_cpp
+  aws_c_common = cxx.find_library('aws-c-common', required : true)
+  deps_other += aws_c_common
 endif
 
 configdata_pub.set('NIX_WITH_AWS_AUTH', curl_s3_store_opt.enabled().to_int())