Merge pull request #138809 from SuperSandro2000/fetchgithub-private

2021-10-01 17:09:44 +02:00 · 2021-10-01 17:09:44 +02:00 · 6952befcb3
parent 78f5523aae 00dc3dcf8b
commit 6952befcb3
3 changed files with 22 additions and 8 deletions
--- a/pkgs/build-support/fetchgit/default.nix
+++ b/pkgs/build-support/fetchgit/default.nix
@ -21,6 +21,11 @@ in
  postFetch ? ""
 , preferLocalBuild ? true
 , fetchLFS ? false
+, # Shell code to build a netrc file for BASIC auth
+  netrcPhase ? null
+, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
+  # needed for netrcPhase
+  netrcImpureEnvVars ? []
 }:

 /* NOTE:
@ -64,10 +69,17 @@ stdenvNoCC.mkDerivation {

  inherit url rev leaveDotGit fetchLFS fetchSubmodules deepClone branchName postFetch;

+  postHook = if netrcPhase == null then null else ''
+    ${netrcPhase}
+    # required that git uses the netrc file
+    mv {,.}netrc
+    export HOME=$PWD
+  '';
+
  GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";

-  impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [
-    "GIT_PROXY_COMMAND" "SOCKS_SERVER"
+  impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ netrcImpureEnvVars ++ [
+    "GIT_PROXY_COMMAND" "NIX_GIT_SSL_CAINFO" "SOCKS_SERVER"
  ];

  inherit preferLocalBuild;
--- a/pkgs/build-support/fetchgit/nix-prefetch-git
+++ b/pkgs/build-support/fetchgit/nix-prefetch-git
@ -17,6 +17,10 @@ branchName=$NIX_PREFETCH_GIT_BRANCH_NAME
 out=${out:-}
 http_proxy=${http_proxy:-}

+# allow overwritting cacert's ca-bundle.crt with a custom one
+# this can be done by setting NIX_GIT_SSL_CAINFO and NIX_SSL_CERT_FILE enviroment variables for the nix-daemon
+GIT_SSL_CAINFO=${NIX_GIT_SSL_CAINFO:-$GIT_SSL_CAINFO}
+
 # populated by clone_user_rev()
 fullRev=
 humanReadableRev=
--- a/pkgs/build-support/fetchgithub/default.nix
+++ b/pkgs/build-support/fetchgithub/default.nix
@ -2,7 +2,7 @@

 { owner, repo, rev, name ? "source"
 , fetchSubmodules ? false, leaveDotGit ? null
-, deepClone ? false, private ? false
+, deepClone ? false, private ? false, forceFetchGit ? false
 , githubBase ? "github.com", varPrefix ? null
 , ... # For hash agility
 }@args:
@ -10,7 +10,7 @@ let
  baseUrl = "https://${githubBase}/${owner}/${repo}";
  passthruAttrs = removeAttrs args [ "owner" "repo" "rev" "fetchSubmodules" "private" "githubBase" "varPrefix" ];
  varBase = "NIX${if varPrefix == null then "" else "_${varPrefix}"}_GITHUB_PRIVATE_";
-  useFetchGit = fetchSubmodules || (leaveDotGit == true) || deepClone;
+  useFetchGit = fetchSubmodules || (leaveDotGit == true) || deepClone || forceFetchGit;
  # We prefer fetchzip in cases we don't need submodules as the hash
  # is more stable in that case.
  fetcher = if useFetchGit then fetchgit else fetchzip;
@ -32,10 +32,8 @@ let
    then {
      inherit rev deepClone fetchSubmodules; url = "${baseUrl}.git";
    } // lib.optionalAttrs (leaveDotGit != null) { inherit leaveDotGit; }
-    else ({ url = "${baseUrl}/archive/${rev}.tar.gz"; } // privateAttrs)
-  ) // passthruAttrs // { inherit name; };
+    else { url = "${baseUrl}/archive/${rev}.tar.gz"; }
+  ) // privateAttrs // passthruAttrs // { inherit name; };
 in

-assert private -> !useFetchGit;
-
 fetcher fetcherArgs // { meta.homepage = baseUrl; inherit rev; }