nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-27 20:51:00 +01:00
Code Activity

Merge pull request #14206 from lovesegfault/curl-based-s3-pieces

Browse source 
feat(libstore): add builtin fetchurl S3 credential pre-resolution
This commit is contained in:
Sergei Zimmerman 2025-10-14 20:10:41 +00:00 committed by GitHub
commit 4041bfdb40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 97 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/libstore/builtins/fetchurl.cc
View file

@ -33,6 +33,7 @@ static void builtinFetchurl(const BuiltinBuilderContext & ctx)
/* Note: have to use a fresh fileTransfer here because we're in
a forked process. */
debug("[pid=%d] builtin:fetchurl creating fresh FileTransfer instance", getpid());
auto fileTransfer = makeFileTransfer();
auto fetch = [&](const std::string & url) {
@ -40,6 +41,18 @@ static void builtinFetchurl(const BuiltinBuilderContext & ctx)
FileTransferRequest request(VerbatimURL{url});
request.decompress = false;
#if NIX_WITH_CURL_S3
// Use pre-resolved credentials if available
if (ctx.awsCredentials && request.uri.scheme() == "s3") {
debug("[pid=%d] Using pre-resolved AWS credentials from parent process", getpid());
request.usernameAuth = UsernameAuth{
.username = ctx.awsCredentials->accessKeyId,
.password = ctx.awsCredentials->secretAccessKey,
};
request.preResolvedAwsSessionToken = ctx.awsCredentials->sessionToken;
}
#endif
auto decompressor = makeDecompressionSink(unpack && hasSuffix(mainUrl, ".xz") ? "xz" : "none", sink);
fileTransfer->download(std::move(request), *decompressor);
decompressor->finish();