fetchurl file:/// failing

[Mark Gardner]

I have been using the file downloaded from http://someonewhocares.org/hosts/ipv6/hosts for quite some time to improve my browsing experience. The following derivation is how I have been incorporating that file into my configuration.nix. (Note: I originally tried downloading directly from the web site but the file changes frequently without any versioning and rebuilding my configuration always needed fixing because the hash was always different. That is why it is pulled from my repo rather than from the web site.)

  networking.extraHosts =

        let

          blockedHosts = pkgs.fetchurl {

            url    = "file:///etc/nixos/cfg/rsrc/hosts";

            sha256 = "f566ebf583650dcfa1e3370c81654ab18cde3b741e83f183aa8d7938a93f4d03";

          };

        in ''

          ${builtins.readFile blockedHosts}

        '';

It was working for quite a while but has recently broken. Here is a fragment of the output from running nixos-rebuild switch:

trying file:///etc/nixos/cfg/rsrc/hosts

curl: (37) Couldn't open file /etc/nixos/cfg/rsrc/hosts

error: cannot download hosts from any mirror

I verified that the hash is correct for the file and that the file is accessible from that location. I can even use curl on the command line to fetch the file. But it fails under nixos-rebuild switch. Any suggestions how to proceed?

Note: I am not adverse to switching to a different approach or derivation which accomplishes the same thing.

Mark

[Teo Klestrup]

Sounds like you recently got an update that enabled sandboxing. That said, you should probably just use a path literal instead:

networking.extraHosts = builtins.readfile /etc/nixos/cfg/rsrc/hosts;

Alternately you can use builtins.fetchurl, which is evaluated during evaluation rather than the build. That allows you to depend on an external resource without pinning the hash, at the cost that it is redownloaded for every build:

networking.extraHosts = builtins.readfile (builtins.fetchurl "http://someonewhocares.org/hosts/ipv6/hosts");

--
You received this message because you are subscribed to the Google Groups "nix-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nix-devel+...@googlegroups.com.
To post to this group, send email to nix-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nix-devel/CAG%3D_CgDgL7OB4s8z1JnJH8s3V%2B6rLVmVWvGt05%2BXd5t3rqsA0A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.