fetchpatch: Allow using base64-encoded hash

Nix now returns base64-encoded SRI hashes on hash mismatch. Usually,
people copy the returned hashes in TOFU fashion but since base64-encoded
strings can contain slashes, they often broke our use of them for temporary file name.

Escaping them should prevent the failures.
This commit is contained in:
Jan Tojnar 2020-02-14 12:56:51 +01:00
parent ac75010d33
commit 01e352ac44
No known key found for this signature in database
GPG Key ID: 7FAB2A15F7A607A4

View File

@ -11,9 +11,13 @@ let
in
{ stripLen ? 0, extraPrefix ? null, excludes ? [], includes ? [], revert ? false, ... }@args:
let
# Make base-64 encoded SRI hash filename-safe using RFC 4648 §5
tmpname = lib.replaceStrings [ "+" "/" "=" ] [ "-" "_" "" ] args.sha256;
in
fetchurl ({
postFetch = ''
tmpfile="$TMPDIR/${args.sha256}"
tmpfile="$TMPDIR/${tmpname}"
if [ ! -s "$out" ]; then
echo "error: Fetched patch file '$out' is empty!" 1>&2
exit 1