New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fetchs3: allow to name the derivation output #39823
Conversation
Wow, I'm the worst. I doubt anyone wants it to be |
@copumpkin what do you think of using baseNameOf s3url as the default instead? I want to keep a default to avoid breaking back-compat. IMO it's being used outside of nixpkgs in private repositories. |
Sure, |
lmao. It happens! No worries :). But LOL 😁 |
Nice! TIL that {
fetchS3 = {path, sha256, accessKeyId, secretAccessKey, region}:
previous.runCommand (baseNameOf path) {
inherit path;
AWS_ACCESS_KEY_ID = accessKeyId;
AWS_SECRET_ACCESS_KEY = secretAccessKey;
AWS_DEFAULT_REGION = region;
outputHashMode = "flat";
outputHashAlgo = "sha256";
outputHash = sha256;
} ''${final.awscli}/bin/aws s3 cp "s3://$path" "$out"'';
} I'll be replacing that with
we should probably define let
credentialAttrs = stdenvNoCC.lib.optionalAttrs (credentials != null) (with credentials; {
AWS_ACCESS_KEY_ID = access_key_id;
AWS_SECRET_ACCESS_KEY = secret_access_key;
AWS_SESSION_TOKEN = session_token ? null;
});
in
|
@basvandijk thanks, integrated your feedback. Wanna try it out? |
Change the default from "foo" to the basename of the s3 URL and make it configurable.
The session token should default to null instead of failing
Set it to null if you don't want to use it
Thanks. I successfully executed a command like:
|
Nice, thanks! I only use temporary credentials which is how I missed the accidentally required session token 😄 |
Also, I think the region argument here just dictates which regional endpoint you hit with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anyway, this all looks great, thanks!
One last thing though: in my use case, I don't have a multi-user store so I don't care about the .drvs containing my credentials (and as I said, they're temporary, so it doesn't even matter), but some might find it unexpected that their credentials are in the .drv. Some might prefer |
I don't know about |
sounds good, threw in a preferLocalBuild for the good form as well |
hmm, getting "fatal error: An error occurred (400) when calling the HeadObject operation: Bad Request" when using the impureEnvVars |
I will just get rid of it for now. If you pass them as attributes then it's already in the nix store as build inputs anyways. |
Fetcher-types spend more time on network than CPU
Oh, one thing I noticed with |
yeah that's a weird design decision, I don't expect impureEnvVars to touch the environment :) |
* fetchs3: add configurable name Change the default from "foo" to the basename of the s3 URL and make it configurable. * fetchs3: fix error on missing credentials.session_token The session token should default to null instead of failing * fetchs3: make use of the region argument Set it to null if you don't want to use it * fetchs3: prefer local build Fetcher-types spend more time on network than CPU (cherry picked from commit f7abcb0)
also pushed as 7a37ed5 in release-18.03 |
* fetchs3: add configurable name Change the default from "foo" to the basename of the s3 URL and make it configurable. * fetchs3: fix error on missing credentials.session_token The session token should default to null instead of failing * fetchs3: make use of the region argument Set it to null if you don't want to use it * fetchs3: prefer local build Fetcher-types spend more time on network than CPU
Motivation for this change
The default output name is "foo" which is not very descriptive. To avoid
rebuilds this is kept as the default but one can now pass an optional
name attribute to change it.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)