From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38489) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fByXz-0006XU-Rx for guix-patches@gnu.org; Fri, 27 Apr 2018 04:16:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fByXy-0003tx-OR for guix-patches@gnu.org; Fri, 27 Apr 2018 04:16:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:33016) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fByXy-0003tk-Kl for guix-patches@gnu.org; Fri, 27 Apr 2018 04:16:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fByXy-0008EK-FK for guix-patches@gnu.org; Fri, 27 Apr 2018 04:16:02 -0400 Subject: [bug#31285] [PATCH 0/1] guix: Add git-fetch/impure. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:38410) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fByXe-0006NE-CX for guix-patches@gnu.org; Fri, 27 Apr 2018 04:15:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fByXd-0003pI-C9 for guix-patches@gnu.org; Fri, 27 Apr 2018 04:15:42 -0400 Received: from mail-pg0-x22d.google.com ([2607:f8b0:400e:c05::22d]:36734) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fByXd-0003p7-6y for guix-patches@gnu.org; Fri, 27 Apr 2018 04:15:41 -0400 Received: by mail-pg0-x22d.google.com with SMTP id i6-v6so996810pgv.3 for ; Fri, 27 Apr 2018 01:15:41 -0700 (PDT) From: Chris Marusich Date: Fri, 27 Apr 2018 01:15:20 -0700 Message-Id: <20180427081520.28645-1-cmmarusich@gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 31285@debbugs.gnu.org Cc: Chris Marusich Hi Guix! Sometimes, a Git repository may only be available via an authenticated SSH connection. Even in the case of repositories that only contain free software, this situation can arise for administrative or compliance-related reasons. How can one define a package in such a situation? This patch adds a new origin method, git-fetch/impure, which solves that problem. Specifically, git-fetch/impure creates a fixed-output derivation that fetches the Git repository outside of a derivation, in the environment of the invoking user. In particular, this enables SSH to communicate with the user's SSH agent, which in turn allows Git to fetch the repository over an authenticated SSH connection. In addition, because it is a fixed-output derivation, the output of a successful git-fetch/impure is guaranteed to be identical to the output of a pure git-fetch for any given commit. Here's a simple example: (define-public guix-over-ssh (package (inherit guix) (name "guix-over-ssh") (source (origin (inherit (package-source guix)) (method git-fetch/impure) (uri (git-reference (inherit (origin-uri (package-source guix))) (url "ssh://marusich@git.sv.gnu.org:/srv/git/guix.git"))))))) In this particular example, my username appears in the package definition, but there is no reason why that has to be so. In many systems, it is possible to grant access to multiple users with different SSH keys under a single shared user name. And in other systems, an automated build system might need to fetch sources using its own unique system user name and SSH key. All in all, I think this is pretty useful. It enables developers to define packages in environments where authenticated access to Git repositories is required. Please let me know what you think! Chris Marusich (1): guix: Add git-fetch/impure. doc/guix.texi | 24 +++++++ guix/git-download.scm | 150 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+) -- 2.17.0