pkgs/build-support/fetchs3/default.nix at python-updates

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / build-support / fetchs3 / default.nix

at python-updates 59 lines 1.2 kB view raw

wrap content

 1{
 2  lib,
 3  runCommand,
 4  awscli,
 5}:
 6lib.fetchers.withNormalizedHash { } (
 7  {
 8    s3url,
 9    name ? builtins.baseNameOf s3url,
10    outputHash,
11    outputHashAlgo,
12    region ? "us-east-1",
13    credentials ? null, # Default to looking at local EC2 metadata service
14    recursiveHash ? false,
15    postFetch ? null,
16  }:
17
18  let
19    mkCredentials =
20      {
21        access_key_id,
22        secret_access_key,
23        session_token ? null,
24      }:
25      {
26        AWS_ACCESS_KEY_ID = access_key_id;
27        AWS_SECRET_ACCESS_KEY = secret_access_key;
28        AWS_SESSION_TOKEN = session_token;
29      };
30
31    credentialAttrs = lib.optionalAttrs (credentials != null) (mkCredentials credentials);
32  in
33  runCommand name
34    (
35      {
36        nativeBuildInputs = [ awscli ];
37
38        inherit outputHash outputHashAlgo;
39        outputHashMode = if recursiveHash then "recursive" else "flat";
40
41        preferLocalBuild = true;
42
43        AWS_DEFAULT_REGION = region;
44      }
45      // credentialAttrs
46    )
47    (
48      if postFetch != null then
49        ''
50          downloadedFile="$(mktemp)"
51          aws s3 cp ${s3url} $downloadedFile
52          ${postFetch}
53        ''
54      else
55        ''
56          aws s3 cp ${s3url} $out
57        ''
58    )
59)