Open expipiplus1 opened 3 years ago
Perhaps when the s3 url contains a non aws endpoint
it shouldn't look for credentials at 169.254.169.254.
I'm surprised this works at all. Apparently aws-sdk-cpp has some fallback for making unauthenticated S3 requests (which it will only use after trying to get credentials). If you don't have credentials, you probably should use the HTTP binary cache interface (e.g. --store https://nix-cache.s3.us-east-1.amazonaws.com
).
Probably we should just make this a fatal error.
ah! that makes a lot of sense. Thanks for explaining @edolstra!
Or in the case of a minio bucket: https://minio.example.com/nix-cache
I marked this as stale due to inactivity. → More info
Describe the bug
~/.aws/credentials
nix copy --from 's3://blah' /nix/store/foo
nix copy
command againLooking at the
tcpdump
trace for my minio bucket, I can see that minio itself responds promptly to the http request, hence it's nix which takes a long time to even query the bucket.The first thing I thought of was that nix is taking a long time looking for credentials past~/.aws/credentials
in the chain, but nothing there looks too expensive...strace
reports that nix is spending quite some time trying to talk to169.254.169.254
. After a quick googleSo I suppose this is quite fast on AWS, but elsewhere it's waiting for it to time out.
Expected behavior
Nix is speedy in both authenticated and anonymous cases.
nix-env --version
outputnix-env (Nix) 2.3.11