ssh agent forwarding

[cleverca22]

this is an old idea i forgot to open issue for a while back: https://github.com/NixOS/nixpkgs/issues/2427#issuecomment-226934879

basically, when enabled the "nix-store -r" process will connect to $SSH_AUTH_SOCK, and nix-daemon will create a socket within $NIX_BUILD_TOP, with SSH_AUTH_SOCK set to it, and arrange to relay the requests back&forth

this can allow "git clone" inside a fixed-output derivation to connect (thru nix-daemon and nix-store) to the original ssh-agent running on the user that requested the build

it could potentially also be extended to work with build slaves, so the remote nix-daemon will relay the request over to the local nix-daemon, and the local nix-store that asked for the build

[cleverca22]

now that we have builtins.fetchGit, the git clone can be done at eval time as the current user, and forwarding the agent to the remote build slave isnt really required

so we could probably close this issue?

[dingxiangfei2009]

@cleverca22 Does builtins.fetchGit optionally preserve .git folder or fetch submodules recursively?

[cleverca22]

builtins.fetchGit currently lacks the ability to keep .git and lacks the ability to do submodules

i can also see value in using fetchgitPrivate still, to defer the download until later, and based on sha256, it may never download, and use the binary cache

[stale[bot]]

I marked this as stale due to inactivity. → More info