mirror of
https://github.com/NixOS/nix.git
synced 2025-11-24 11:19:35 +01:00
c1ecf0bee9
This patch has been manually adapted from
14dc84ed03
Tested with:
$ NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 16:57:50 after 1s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> error:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> … writing file '/nix/store/0zynn4n8yx59bczy1mgh1lq2rnprvvrc-google.com'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> error: unable to download 'https://google.com': Problem with the SSL CA cert (path? access rights?) (77) error setting certificate file: /nix/store/nlgbippbbgn38hynjkp1ghiybcq1dqhx-nss-cacert-3.101.1/etc/ssl/certs/ca-bundle.crt
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: builder for '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv' failed with exit code 1
Now returns:
nix-env % NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 17:05:48 after 0s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: hash mismatch in fixed-output derivation '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
82 lines
2.7 KiB
C++
82 lines
2.7 KiB
C++
#include "builtins.hh"
|
|
#include "filetransfer.hh"
|
|
#include "store-api.hh"
|
|
#include "archive.hh"
|
|
#include "compression.hh"
|
|
|
|
namespace nix {
|
|
|
|
void builtinFetchurl(
|
|
const BasicDerivation & drv,
|
|
const std::map<std::string, Path> & outputs,
|
|
const std::string & netrcData,
|
|
const std::string & caFileData)
|
|
{
|
|
/* Make the host's netrc data available. Too bad curl requires
|
|
this to be stored in a file. It would be nice if we could just
|
|
pass a pointer to the data. */
|
|
if (netrcData != "") {
|
|
settings.netrcFile = "netrc";
|
|
writeFile(settings.netrcFile, netrcData, 0600);
|
|
}
|
|
|
|
settings.caFile = "ca-certificates.crt";
|
|
writeFile(settings.caFile, caFileData, 0600);
|
|
|
|
auto out = get(drv.outputs, "out");
|
|
if (!out)
|
|
throw Error("'builtin:fetchurl' requires an 'out' output");
|
|
|
|
if (!(drv.type().isFixed() || drv.type().isImpure()))
|
|
throw Error("'builtin:fetchurl' must be a fixed-output or impure derivation");
|
|
|
|
auto storePath = outputs.at("out");
|
|
auto mainUrl = drv.env.at("url");
|
|
bool unpack = getOr(drv.env, "unpack", "") == "1";
|
|
|
|
/* Note: have to use a fresh fileTransfer here because we're in
|
|
a forked process. */
|
|
auto fileTransfer = makeFileTransfer();
|
|
|
|
auto fetch = [&](const std::string & url) {
|
|
|
|
auto source = sinkToSource([&](Sink & sink) {
|
|
|
|
FileTransferRequest request(url);
|
|
request.decompress = false;
|
|
|
|
auto decompressor = makeDecompressionSink(
|
|
unpack && hasSuffix(mainUrl, ".xz") ? "xz" : "none", sink);
|
|
fileTransfer->download(std::move(request), *decompressor);
|
|
decompressor->finish();
|
|
});
|
|
|
|
if (unpack)
|
|
restorePath(storePath, *source);
|
|
else
|
|
writeFile(storePath, *source);
|
|
|
|
auto executable = drv.env.find("executable");
|
|
if (executable != drv.env.end() && executable->second == "1") {
|
|
if (chmod(storePath.c_str(), 0755) == -1)
|
|
throw SysError("making '%1%' executable", storePath);
|
|
}
|
|
};
|
|
|
|
/* Try the hashed mirrors first. */
|
|
auto dof = std::get_if<DerivationOutput::CAFixed>(&out->raw);
|
|
if (dof && dof->ca.method.getFileIngestionMethod() == FileIngestionMethod::Flat)
|
|
for (auto hashedMirror : settings.hashedMirrors.get())
|
|
try {
|
|
if (!hasSuffix(hashedMirror, "/")) hashedMirror += '/';
|
|
fetch(hashedMirror + printHashAlgo(dof->ca.hash.algo) + "/" + dof->ca.hash.to_string(HashFormat::Base16, false));
|
|
return;
|
|
} catch (Error & e) {
|
|
debug(e.what());
|
|
}
|
|
|
|
/* Otherwise try the specified URL. */
|
|
fetch(mainUrl);
|
|
}
|
|
|
|
}
|