2021-01-27 05:50:30 +00:00
|
|
|
{lib, stdenvNoCC, git, git-lfs, cacert}: let
|
2015-01-01 13:34:56 +00:00
|
|
|
urlToName = url: rev: let
|
2021-01-27 05:50:30 +00:00
|
|
|
inherit (lib) removeSuffix splitString last;
|
2017-06-18 12:42:39 +01:00
|
|
|
base = last (splitString ":" (baseNameOf (removeSuffix "/" url)));
|
2015-01-01 13:34:56 +00:00
|
|
|
|
2021-02-03 17:35:42 +00:00
|
|
|
matched = builtins.match "(.*)\\.git" base;
|
2015-01-01 13:34:56 +00:00
|
|
|
|
|
|
|
short = builtins.substring 0 7 rev;
|
|
|
|
|
|
|
|
appendShort = if (builtins.match "[a-f0-9]*" rev) != null
|
|
|
|
then "-${short}"
|
|
|
|
else "";
|
|
|
|
in "${if matched == null then base else builtins.head matched}${appendShort}";
|
2015-01-13 18:43:08 +00:00
|
|
|
in
|
2021-11-05 03:03:05 +00:00
|
|
|
{ url, rev ? "HEAD", md5 ? "", sha256 ? "", hash ? "", leaveDotGit ? deepClone
|
2015-03-10 11:40:19 +00:00
|
|
|
, fetchSubmodules ? true, deepClone ? false
|
2015-04-20 13:25:14 +01:00
|
|
|
, branchName ? null
|
2021-08-27 09:25:20 +01:00
|
|
|
, sparseCheckout ? ""
|
2015-01-01 13:34:56 +00:00
|
|
|
, name ? urlToName url rev
|
2017-06-03 19:45:51 +01:00
|
|
|
, # Shell code executed after the file has been fetched
|
|
|
|
# successfully. This can do things like check or transform the file.
|
|
|
|
postFetch ? ""
|
2018-12-31 07:10:28 +00:00
|
|
|
, preferLocalBuild ? true
|
2020-12-05 07:32:48 +00:00
|
|
|
, fetchLFS ? false
|
2021-09-15 15:17:05 +01:00
|
|
|
, # Shell code to build a netrc file for BASIC auth
|
|
|
|
netrcPhase ? null
|
|
|
|
, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
|
|
|
|
# needed for netrcPhase
|
|
|
|
netrcImpureEnvVars ? []
|
2022-04-18 02:06:02 +01:00
|
|
|
, meta ? {}
|
2014-09-03 18:48:15 +01:00
|
|
|
}:
|
2009-06-24 13:48:01 +01:00
|
|
|
|
2009-11-08 03:02:10 +00:00
|
|
|
/* NOTE:
|
|
|
|
fetchgit has one problem: git fetch only works for refs.
|
|
|
|
This is because fetching arbitrary (maybe dangling) commits may be a security risk
|
|
|
|
and checking whether a commit belongs to a ref is expensive. This may
|
|
|
|
change in the future when some caching is added to git (?)
|
|
|
|
Usually refs are either tags (refs/tags/*) or branches (refs/heads/*)
|
|
|
|
Cloning branches will make the hash check fail when there is an update.
|
|
|
|
But not all patches we want can be accessed by tags.
|
|
|
|
|
2016-11-18 10:56:08 +00:00
|
|
|
The workaround is getting the last n commits so that it's likely that they
|
2009-11-08 03:02:10 +00:00
|
|
|
still contain the hash we want.
|
|
|
|
|
|
|
|
for now : increase depth iteratively (TODO)
|
|
|
|
|
|
|
|
real fix: ask git folks to add a
|
|
|
|
git fetch $HASH contained in $BRANCH
|
|
|
|
facility because checking that $HASH is contained in $BRANCH is less
|
|
|
|
expensive than fetching --depth $N.
|
|
|
|
Even if git folks implemented this feature soon it may take years until
|
|
|
|
server admins start using the new version?
|
|
|
|
*/
|
|
|
|
|
2015-03-10 11:40:19 +00:00
|
|
|
assert deepClone -> leaveDotGit;
|
2014-02-18 18:11:57 +00:00
|
|
|
|
2017-03-13 12:31:44 +00:00
|
|
|
if md5 != "" then
|
|
|
|
throw "fetchgit does not support md5 anymore, please use sha256"
|
2021-11-05 03:03:05 +00:00
|
|
|
else if hash != "" && sha256 != "" then
|
|
|
|
throw "Only one of sha256 or hash can be set"
|
2017-03-13 12:31:44 +00:00
|
|
|
else
|
2018-01-09 23:38:19 +00:00
|
|
|
stdenvNoCC.mkDerivation {
|
2014-09-03 18:48:15 +01:00
|
|
|
inherit name;
|
2009-06-24 13:48:01 +01:00
|
|
|
builder = ./builder.sh;
|
2019-09-09 00:38:31 +01:00
|
|
|
fetcher = ./nix-prefetch-git; # This must be a string to ensure it's called with bash.
|
2020-12-05 07:32:48 +00:00
|
|
|
|
|
|
|
nativeBuildInputs = [ git ]
|
2021-01-27 05:50:30 +00:00
|
|
|
++ lib.optionals fetchLFS [ git-lfs ];
|
2009-06-24 13:48:01 +01:00
|
|
|
|
2021-11-05 03:03:05 +00:00
|
|
|
outputHashAlgo = if hash != "" then null else "sha256";
|
2009-06-24 13:48:01 +01:00
|
|
|
outputHashMode = "recursive";
|
2021-11-05 03:03:05 +00:00
|
|
|
outputHash = if hash != "" then
|
|
|
|
hash
|
|
|
|
else if sha256 != "" then
|
|
|
|
sha256
|
|
|
|
else
|
|
|
|
lib.fakeSha256;
|
2009-06-24 13:48:01 +01:00
|
|
|
|
2021-08-27 09:25:20 +01:00
|
|
|
inherit url rev leaveDotGit fetchLFS fetchSubmodules deepClone branchName sparseCheckout postFetch;
|
2009-06-24 13:48:01 +01:00
|
|
|
|
2021-09-15 15:17:05 +01:00
|
|
|
postHook = if netrcPhase == null then null else ''
|
|
|
|
${netrcPhase}
|
|
|
|
# required that git uses the netrc file
|
|
|
|
mv {,.}netrc
|
|
|
|
export HOME=$PWD
|
|
|
|
'';
|
|
|
|
|
2015-06-05 21:00:52 +01:00
|
|
|
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
2011-08-28 17:03:14 +01:00
|
|
|
|
2021-09-15 15:17:05 +01:00
|
|
|
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ netrcImpureEnvVars ++ [
|
|
|
|
"GIT_PROXY_COMMAND" "NIX_GIT_SSL_CAINFO" "SOCKS_SERVER"
|
2016-09-17 20:50:01 +01:00
|
|
|
];
|
2014-02-10 20:03:17 +00:00
|
|
|
|
2022-04-18 02:06:02 +01:00
|
|
|
inherit preferLocalBuild meta;
|
2022-05-24 17:03:46 +01:00
|
|
|
|
|
|
|
passthru = {
|
|
|
|
gitRepoUrl = url;
|
|
|
|
};
|
2009-06-24 13:48:01 +01:00
|
|
|
}
|