Fetching from a s3 bucket without credentials is slower than with credentials #4857
Description
Describe the bug
- Have a s3 bucket serving a store
- Have suitable credentials in
~/.aws/credentials - Run
nix copy --from 's3://blah' /nix/store/foo - Observe that it succeeds/fails promptly
- Remove the credentials file
- Run a
nix copycommand again - Observe that it takes several seconds to complete
Looking at the tcpdump trace for my minio bucket, I can see that minio itself responds promptly to the http request, hence it's nix which takes a long time to even query the bucket.
The first thing I thought of was that nix is taking a long time looking for credentials past ~/.aws/credentials in the chain, but nothing there looks too expensive...
strace reports that nix is spending quite some time trying to talk to 169.254.169.254. After a quick google
169.254.169.254 is used in Amazon EC2 and other cloud computing platforms to distribute metadata to cloud instances.
So I suppose this is quite fast on AWS, but elsewhere it's waiting for it to time out.
Expected behavior
Nix is speedy in both authenticated and anonymous cases.
nix-env --version output
nix-env (Nix) 2.3.11