| 10 Feb 2024 |
 anthr76 | Hi All! I have a question. I'm trying to build some internal private go projects in nix for my teammates. Is anyone able to point me on how to pass a ~/.netrc to the nix build sandbox? I'm using buildGoModule | 14:34:50 |
 @qbit:tapenet.org | You’d probably need to make it during post patch or similar phase.. but you won’t have network access | 17:12:47 |
| 12 Feb 2024 |
|  lunchtime joined the room. | 02:13:35 |
| lunchtime joined the room. | 10:46:21 |
| 13 Feb 2024 |
| anthr76 | In reply to @qbit:tapenet.org
You’d probably need to make it during post patch or similar phase.. but you won’t have network access Do you have an example or bit of documentation? | 18:54:28 |
| @qbit:tapenet.org | https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#tested-using-sandboxing | 18:56:39 |
| @qbit:tapenet.org | fo rthe sandbox info | 18:56:46 |
| anthr76 | Also an option can be vendoring when it's pulling down the source tarball | 18:58:06 |
| anthr76 | but I'm not sure that's even possible | 18:58:13 |
| @qbit:tapenet.org | for the postPatch you could just do : export HOME=$(mktemp -d); cd $HOME; echo some netrc string > .netrc | 18:58:20 |
| @qbit:tapenet.org | anthr76: is this all go deps? | 18:58:36 |
| anthr76 | Yes it is | 18:58:44 |
| @qbit:tapenet.org | buildGoModule does vendoring of any deps and what not | 18:58:52 |
| @qbit:tapenet.org | vendorHash | 18:59:02 |
| @qbit:tapenet.org | grep -r buildGoModule in nixpkgs and you will find plenty of examples | 19:00:40 |
| anthr76 | { lib, buildGoModule }:
buildGoModule rec {
pname = "foo";
version = "1.13.0";
GOPRIVATE = "github.com/foo/*";
src = builtins.fetchGit {
url = "git@github.com:foo/bar.git";
ref = "refs/tags/v${version}";
rev = "f993f922c88345604fdea284b624a97b9a1ee604";
};
vendorHash = "sha256-/lx2D2sdfeyRMK/097M4SQKRlmqtPTvbFo1dwbThJ5Fs=";
ldflags = [
"-s"
"-w"
"-X"
"github.com/foo/bar/cmd.version=${version}"
];
}
I have this but it doesn't seem to vendor? The vendor has is incorrect as I was hopping to get it out during the build but instead it fails because it can't access the repos
| 19:00:54 |
| anthr76 | let me take another look | 19:01:03 |
| @qbit:tapenet.org | unset the vendorHash and run the build | 19:01:24 |
| @qbit:tapenet.org | it should print the hash for the derivation of the go-modules it generates | 19:01:38 |
| anthr76 | It just bailed out
error: buildGoModule: vendorHash is missing
| 19:02:12 |
| anthr76 | let me try lib.fakeSha256 | 19:02:52 |
| @qbit:tapenet.org | oh, make it empty | 19:03:07 |
| anthr76 | Got it, that did it | 19:04:23 |
| anthr76 | So it then failed
> fatal: could not read Username for 'https://github.com': terminal prompts disabled
> Confirm the import path was entered correctly.
> If this is a private repositor
| 19:04:43 |
| @qbit:tapenet.org | so now put your .netrc and set HOME and see if it works? | 19:05:19 |
| @qbit:tapenet.org | adding your credentials to a .netrc is not ideal though :D | 19:05:32 |
| anthr76 | I'm new to nix package but been doing it in fedora land for a while so really what would be best is if I can vendor in the source phase since these repos don't vendor
~/.netrc is present and works
| 19:05:49 |
| @qbit:tapenet.org | relative to the build? | 19:06:11 |
| @qbit:tapenet.org | or in your own home dir? | 19:06:15 |
| anthr76 | In my own home-dir | 19:06:26 |
