about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/manual/command-ref/conf-file.xml15
-rw-r--r--src/libstore/download.cc8
2 files changed, 23 insertions, 0 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 6c0af39ecda9..a7d60538c215 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -430,6 +430,21 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
   </varlistentry>
 
 
+  <varlistentry><term><literal>netrc-file</literal></term>
+
+    <listitem><para>If set to an absolute path to a <filename>netrc</filename>
+    file, Nix will use the HTTP authentication credentials in this file when
+    trying to download from a remote host through HTTP or HTTPS. Defaults to
+    <filename>$NIX_CONF_DIR/netrc</filename>.</para>
+
+    <para>The <filename>netrc</filename> file consists of zero or more lines
+    like: <literal>machine <replaceable>my-machine</replaceable> login
+    <replaceable>my-username</replaceable> password
+    <replaceable>my-password</replaceable></literal>.</para></listitem>
+
+  </varlistentry>
+
+
   <varlistentry><term><literal>system</literal></term>
 
     <listitem><para>This option specifies the canonical Nix system
diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 85215439a0fa..f93fb1e968a9 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -231,6 +231,14 @@ struct CurlDownloader : public Downloader
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
             }
 
+            /* If no file exist in the specified path, curl continues to work
+             * anyway as if netrc support was disabled. */
+            Path netrcFile = settings.get("netrc-file",
+               (format("%1%/%2%") % settings.nixConfDir % "netrc").str());
+            /* Curl copies the given C string, so the following call is safe. */
+            curl_easy_setopt(req, CURLOPT_NETRC_FILE, netrcFile.c_str());
+            curl_easy_setopt(req, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
+
             result.data = std::make_shared<std::string>();
         }