internal R packages on Gitlab

[InkaSpy]

Hello, in the great rladies talk you gave where you introduced rix, you also mentioned that we can also install internal packages. Our company is working via Gitlab instead of GitHub and we manage access to repositories via ssh. Until now, I was unable to install the internal packages with rix() by using the

git_pks= list(list(package_name = "ownpackage", repo_url = "https://gitlab.roqs.COMPANYname.net/data-science/data-analytics/data-analytics-biology/products/statistitox" , commit = "blablablabla"))... command. The error message is: "repo_url argument is wrong. Please provide an url to a Github repoto install a package from Github, or to the CRAN Archive to install apackage from the CRAN archive."

I can of course install the tarball, but I would rather install the respective packages directly.

[b-rodrigues]

Thanks for reporting this, I think I know what the issue is: we have a test on the url to check for the "github" string but should also allow for the "gitlab" string (and perhaps others): https://github.com/b-rodrigues/rix/blob/c64ccaa34eb48ae4dcd78148ace211f72eebcb16/R/nix_hash.R#L11

I’ll try to fix this asap

[b-rodrigues]

Can you try with the latest rix from this branch: https://github.com/b-rodrigues/rix/tree/gitlab

[InkaSpy]

Hello Bruno, the update you made worked until I build the container, which is an improvement because before I received the error directly in response to the rix() command. Now when I call nix-build in the terminal it runs for quite a while until I get the following error when trying to access the package from the company internal gitlab page: SSL certificate problem: unable to get local issuer certificate. Is there maybe a way to provide rix the location of the certificate files? There are a couple of issues on a similar problem with nix: https://discourse.nixos.org/t/nix-cannot-find-my-custom-ssl-certificate/27361/4 Maybe I would simply have to add the location of my ssh files in the default.nix file that is created by rix()?

Thank you very much for your swift responses! I appreciate your effort.

[b-rodrigues]

Maybe try to run

export NIX_SSL_CERT_FILE = path/to/cert

and then nix-build

[InkaSpy]

export NIX_SSL_CERT_FILE = /home/UserName/.ssh/id_rsa.pub -bash: export: =': not a valid identifier -bash: export:/home/ispy/.ssh/id_rsa.pub': not a valid identifier

Maybe I am doing something ignorant here, but this does not work.

In the nix.conf file stands the following under access tokens:

access-tokens

      Access tokens used to access protected GitHub, GitLab, or other locations requiring token-based authentication.

      Access  tokens  are specified as a string made up of space-separated host=token values.  The specific token used is selected by matching the host portion against the “host” specification of the
      input. The actual use of the token value is determined by the type of resource being accessed:

      •  Github: the token value is the OAUTH-TOKEN string obtained as the Personal Access Token from the Github server  (see  https://docs.github.com/en/developers/apps/building-oauth-apps/authoriz‐
         ing-oauth-apps).

      •  Gitlab: the token value is either the OAuth2 token or the Personal Access Token (these are different types tokens for gitlab, see https://docs.gitlab.com/12.10/ee/api/README.html#authentica‐
         tion).  The token value should be type:tokenstring where type is either OAuth2 or PAT to indicate which type of token is being specified.

      Example ~/.config/nix/nix.conf:

   access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk

          Example ~/code/flake.nix:

   input.foo = {
   type = "gitlab";
   host = "gitlab.mycompany.com";
   owner = "mycompany";
   repo = "pro";
   };

          This example specifies three tokens, one each for accessing github.com, gitlab.mycompany.com, and gitlab.com.

          The input.foo uses the “gitlab” fetcher, which might requires specifying the token type along with the token value.

          Default: empty

[b-rodrigues]

You’re trying to provide your public ssh key, but you should provide your SSL certificate. Usually it’s in the .pem or .crt format. You’ll probably need to connect to your corporate gitlab and generate the certificate from the url bar (depends on the browser): https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2

I’m not quite sure this is going to work though, you might need to ask your IT dep for a certificate instead.

[InkaSpy]

I also have a cacert.pem file but I still get the following error when trying to specify: export NIX_SSL_CERT_FILE = ~/cacert.pem -bash: export: =': not a valid identifier -bash: export:/home/username/cacert.pem': not a valid identifier

I also tried it with our company specific .crt file but I get the same error. Maybe the terminal command is not the right one... I wanted to see whether I can change certificates in the nix configurations but I call: nix config error: experimental Nix feature 'nix-command' is disabled; add '--extra-experimental-features nix-command' to enable it

and nix --extra-experimental-features config warning: unknown experimental feature 'config' error: no subcommand specified Try 'nix --help' for more information.

[b-rodrigues]

Hi @InkaSpy were you able to solve this issue? The latest rix now should be able to install packages from Gitlab as well, but I'm not sure if it would help solve the certificate issue in any way?