| 13 Feb 2024 |
 anthr76 | let me take another look | 19:01:03 |
 @qbit:tapenet.org | unset the vendorHash and run the build | 19:01:24 |
| @qbit:tapenet.org | it should print the hash for the derivation of the go-modules it generates | 19:01:38 |
| anthr76 | It just bailed out
error: buildGoModule: vendorHash is missing
| 19:02:12 |
| anthr76 | let me try lib.fakeSha256 | 19:02:52 |
| @qbit:tapenet.org | oh, make it empty | 19:03:07 |
| anthr76 | Got it, that did it | 19:04:23 |
| anthr76 | So it then failed
> fatal: could not read Username for 'https://github.com': terminal prompts disabled
> Confirm the import path was entered correctly.
> If this is a private repositor
| 19:04:43 |
| @qbit:tapenet.org | so now put your .netrc and set HOME and see if it works? | 19:05:19 |
| @qbit:tapenet.org | adding your credentials to a .netrc is not ideal though :D | 19:05:32 |
| anthr76 | I'm new to nix package but been doing it in fedora land for a while so really what would be best is if I can vendor in the source phase since these repos don't vendor
~/.netrc is present and works
| 19:05:49 |
| @qbit:tapenet.org | relative to the build? | 19:06:11 |
| @qbit:tapenet.org | or in your own home dir? | 19:06:15 |
| anthr76 | In my own home-dir | 19:06:26 |
| anthr76 | it seems like nix uses access-token to pull the source tarbal but I've tried to pull git https on my shell (which uses netrc) and that does work should it be relative to the build? | 19:07:13 |
| @qbit:tapenet.org | nix builds are isolated from all that (to prevent other dependencies from leaking in) | 19:07:15 |
| anthr76 | yeah that makes sense | 19:07:28 |
| anthr76 | i guess I'm looking for the right hole to punch to solve a problem like this | 19:07:42 |
| anthr76 | to me having nix run go mod vendor while it has access to my token seems to make the most sense and repeatable for CI | 19:08:03 |
| @qbit:tapenet.org | so, it's basically running go mod vendor and storing that as a separate derivation in the nix store | 19:09:11 |
| @qbit:tapenet.org | the vendorHash is the hash of that derivation | 19:09:19 |
| anthr76 | So is it possibly a bug? | 19:09:37 |
| @qbit:tapenet.org | it just doesn't have the ability to pull down the deps since they are private | 19:09:38 |
| anthr76 | Because nix can access the private repo in src | 19:09:47 |
| anthr76 | This
src = builtins.fetchGit {
url = "git@github.com:foo/bar.git";
ref = "refs/tags/v${version}";
rev = "f993f922c88345604fdea284b624a97b9a1ee604";
};
Is private but nix knows to use my access-token
| 19:10:11 |
| @qbit:tapenet.org | https://nixos.wiki/wiki/Enterprise | 19:10:48 |
| @qbit:tapenet.org | seems that's what you want | 19:10:53 |
| @qbit:tapenet.org | it's not ideal though - since other people will have to configure all that themselves | 19:11:27 |
| anthr76 | yes that is setup (.netrc) and works for
src = builtins.fetchGit {
url = "git@github.com:foo/bar.git";
ref = "refs/tags/v${version}";
rev = "f993f922c88345604fdea284b624a97b9a1ee604";
};
but not for the go modules themselves
| 19:12:18 |
| @qbit:tapenet.org | your ~/.netrc won't have any impact on nix's build | 19:15:04 |
