git: Fix the update.sh script and use HTTPS

The syntax is ${parameter:-word} (i.e. previously this used
"latestTag" instead of the actual value).
(Fixes a regression from #85278.)

Also: Even though getting the latest tag isn't really security critical
(as long as Git itself is secure against untrusted input), I'd prefer to
switch from the Git to the HTTPS protocol (for authentication of the
server and encryption + uses a standard port).
This commit is contained in:
Michael Weiss 2020-04-21 14:02:17 +02:00
parent 77cb7ad618
commit 666042141e
No known key found for this signature in database
GPG Key ID: 5BE487C4D4771D83

View File

@ -4,8 +4,8 @@
set -eu -o pipefail
oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion git" | tr -d '"')"
latestTag="$(git ls-remote --tags --sort="v:refname" git://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
targetVersion="${1:-latestTag}"
latestTag="$(git ls-remote --tags --sort="v:refname" https://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')"
targetVersion="${1:-$latestTag}"
if [ ! "${oldVersion}" = "${targetVersion}" ]; then
update-source-version git "${targetVersion}"