nixpkgs/pkgs/build-support/fetchs3/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

38 lines
1.0 KiB
Nix
Raw Permalink Normal View History

{ lib, runCommand, awscli }:
2024-09-15 22:52:34 +01:00
lib.fetchers.withNormalizedHash { } (
{ s3url
, name ? builtins.baseNameOf s3url
, outputHash
, outputHashAlgo
, region ? "us-east-1"
, credentials ? null # Default to looking at local EC2 metadata service
, recursiveHash ? false
, postFetch ? null
}:
2017-04-26 03:01:18 +01:00
2024-09-15 22:52:34 +01:00
let
mkCredentials = { access_key_id, secret_access_key, session_token ? null }: {
AWS_ACCESS_KEY_ID = access_key_id;
AWS_SECRET_ACCESS_KEY = secret_access_key;
AWS_SESSION_TOKEN = session_token;
};
2017-04-26 03:01:18 +01:00
2024-09-15 22:52:34 +01:00
credentialAttrs = lib.optionalAttrs (credentials != null) (mkCredentials credentials);
in runCommand name ({
nativeBuildInputs = [ awscli ];
2024-09-15 22:52:34 +01:00
inherit outputHash outputHashAlgo;
outputHashMode = if recursiveHash then "recursive" else "flat";
2024-09-15 22:52:34 +01:00
preferLocalBuild = true;
2024-09-15 22:52:34 +01:00
AWS_DEFAULT_REGION = region;
} // credentialAttrs) (if postFetch != null then ''
downloadedFile="$(mktemp)"
aws s3 cp ${s3url} $downloadedFile
${postFetch}
'' else ''
aws s3 cp ${s3url} $out
'')
)