Commit Graph

48 Commits

Author SHA1 Message Date
Felix Buehler
cdb39a86e0 treewide: use optionalString 2023-02-13 21:52:34 +01:00
Artturi
1121c8fcb7
Merge pull request #185005 from amjoseph-nixpkgs/pr/fetchgit/fix-comment 2023-01-14 19:50:20 +02:00
Nicolas Benes
f6b07f0e2f fetchgit: make sparseCheckout a list of strings
The `sparseCheckout` argument allows the user to specify directories or
patterns of files, which Git uses to filter files it should check-out.

Git expects a multi-line string on stdin ("newline-delimited list", see
`git-sparse-checkout(1)`), but within nixpkgs it is more consistent to
use a list of strings instead. The list elements are joined to a
multi-line string only before passing it to the builder script.

A deprecation warning is emitted if a (multi-line) string is passed to
`sparseCheckout`, but for the time being it is still accepted.
2022-11-15 19:45:33 +01:00
Winter
dbd18a63a7 fetchgit: allow disabling cone mode for sparse checkouts, fix test 2022-08-14 23:03:07 +02:00
Adam Joseph
c8a1838d30 fetchgit: remove "security" from comment about "security risk"
Closes #178410
2022-08-03 05:07:34 -07:00
Adam Joseph
5ed4944130 fetchgit: allow passing allowedRequisites through to stdenv.mkDerivation
When maintainers override stages of `fetchgit' (e.g. `postPatch`) it
is very easy for them to accidentally leak the outpath-hash of their
current `stdenv` into `fetchgit''s output, and therefore into the
value they paste into `sha256`.

This is a problem, because the resulting expression will break
whenever any change is made to `stdenv` or when anybody attempts to
build the expression on a different platform than the one used by the
original maintainer.

Almost as much of a problem is the fact that CI **does not catch**
these problems.  The `fetchgit` is run only once, then its output goes
into cachix, and all future builds (hydra, CI, ofborg) pull from
cachix.

Let's offer maintainers the option to check that they aren't making
this mistake, by passing through `allowedRequisites`.  The default
value is `null`, but it might be worth changing that at some point in
the future.

It is also sometimes difficult to communicate to package maintainers
why their expression is problematic.  Having `allowedRequisites`
passed through makes it easier to do this: "look, when I switch on
`allowedRequisites` your package breaks; are you sure you meant to
hardcode the hash today's `x86_64-linux.stdenv` into your expression?`

For an example use case, see https://github.com/NixOS/nixpkgs/pull/171223

The issue above is part of a larger problem with nixpkgs infra: there
large parts of cachix cannot be reproduced easily if they are lost.
Once something ends goes into cachix, we never ever again reverify the
procedure by which it was placed into cachix.
2022-06-11 12:42:33 -07:00
Jan Tojnar
7aae279ad9 unstableGitUpdater: fix updating fetchzip-based sources
a67950f20b added `url` attribute
from `fetchurl` and therefore also from `fetchzip`.
We previously relied on `url` from fetchgit-based fetchers
to find the repo URL but now it will just return tarballs
in the case of `fetchFrom{GitHub,GitLab}`.

Let’s add an attribute to `fetch{git,FromGitHub,FromGitLab}`
to expose a repo URL consistently.
2022-05-24 19:12:12 +02:00
Sandro Jäckel
538a5a28b7
fetchgit: allow passing thru meta 2022-04-18 03:06:02 +02:00
Zhong Jianxin
d03a07d5a7 fetchgit: Support sparse checkout
This allow git checkout small parts of a large repo, and avoid fetching
unnecessary blobs from server.
2022-01-24 11:23:56 +08:00
Maciej Krüger
5c2b1b6a29
fetchgit: support hash parameter alongside sha256
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-11-09 07:40:20 +01:00
Sandro Jäckel
6f53c06748 fetchgit: add support for netrc file through impure NIX_GIT_SSL_CAINFO env 2021-09-28 15:00:11 +02:00
Luflosi
e238ff073f
fetchgit: escape dot in regex
This regex should match files ending in `.git`, not any character and `git` after that.
2021-02-03 18:41:50 +01:00
Ben Siraphob
02ee14b9d5 treewide: stdenvNoCC.lib -> lib 2021-01-27 13:01:51 +07:00
Jonathan Ringer
741285611f fetchgit: add lfs support 2021-01-11 09:41:06 -08:00
Benjamin Hipple
259f3b3b68
Revert "fetchzip, fetchgit: cleanup handling of optional features and whitespace" 2020-03-26 00:35:40 -04:00
Benjamin Hipple
caff183402 fetchzip, fetchgit: cleanup handling of optional features and whitespace
No intended functional difference, just trying to polish to make this easier to
extend and more aligned with other nix conventions.
2020-02-08 21:51:46 -05:00
volth
7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Jörg Thalheim
eac6797380
prefer-fetch-remote: an overlay to fetch on remote builders
This is useful when running tools like NixOps or nix-review
on workstations where the upload to the builder is significantly
slower then downloading the source on the builder itself.
2019-01-18 14:41:10 +00:00
John Ericson
940c4fa3f5 treewide: Fetchers should use stdenvNoCC. 2018-01-10 11:18:44 -05:00
John Ericson
3d59b4d285 treewide: Fixed output fetch* derivations should use nativeBuildInputs 2018-01-09 20:14:46 -05:00
Bjørn Forsman
b8658f629b fetchgit: support "git@server:repo" URLs
Update the code that extracts the base name from a git repo URL so that
it can deal with URLs like "git@server:repo".
2017-06-24 14:34:08 +02:00
Daiderd Jordan
7567c5c1ee
fetchgit: add postFetch argument 2017-06-03 20:51:01 +02:00
Robin Gloster
f57185db95
fetch-*: remove md5 support
fixes #4491
2017-03-20 22:23:41 +01:00
Eelco Dolstra
e3a873479e
Remove fetchMD5warn
Deprecation warnings should not be used in Nixpkgs because they spam
innocent "nix-env -qa" users with (in this case) dozens of messages
that they can't do anything about.

This also reverts commit 2ca8833383.
2016-11-30 15:14:30 +01:00
Alexey Shmalko
a80cacd3ec
fetchFromGitHub: add fetchSubmodules option
This commit extends fetchFromGitHub with ability to fetch GitHub
repositories with submodules, so we can use the function consistently
with all GitHub repositories.

Note it doesn't change the previous behavior.
2016-11-18 13:04:26 +02:00
Michael Raskin
f603dc11a6 fetch*: print a trace warning about md5 deprecation 2016-10-09 16:19:04 +02:00
Profpatsch
61462c94e6 lib/fetchers.nix: factor out impure proxy vars (#18702)
Apparently everyone just copied those variables, instead of creating a
library constant for them. Some even removed the comment. -.-
2016-09-17 21:50:01 +02:00
Rok Garbas
36fc03edb6 fetchgit: import impure GIT_PROXY_COMMAND and SOCKS_SERVER, fixes #8605
These environment variables allow using fetchgit with git:// URLs using
the SOCKS proxy technique described in 'Using Git with a SOCKS proxy':

  http://www.patthoyts.tk/blog/using-git-with-socks-proxy.html

Briefly, GIT_PROXY_COMMAND is set to a script which invokes connect[1],
which reads SOCKS_PROXY, which might be pointing to a local instance of
'ssh -D'.

[1] pkgs/tools/networking/connect
2016-01-20 02:18:22 +01:00
Peter Simons
b89514eced fetchgit: follow up to 2cf7069b7d
If "fetcher" is a string, then Nix will execute it with bash already, so
the additional bash argument in that string was redundant and apparently
causes trouble on non-Linux platforms.

Hopefully fixes https://github.com/NixOS/nixpkgs/issues/11496.
2015-12-06 15:06:02 +01:00
Peter Simons
2cf7069b7d fetchgit: call in-repository script with bash explicitly
The script's shebang depends on /usr/bin/env, which we don't have in chroot
environments. This patch remedies the fallout from ade9f7167d, which
fixed https://github.com/NixOS/nixpkgs/issues/11284.
2015-11-29 15:43:56 +01:00
William A. Kennington III
ffd0539eba cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 13:00:52 -07:00
William A. Kennington III
14c1e0fa1f Fix ca-bundle paths 2015-05-29 14:03:34 -07:00
Ricardo M. Correia
c55c7e1c1e fetchgit: Add support for specifying branch name
This is useful when `leaveDotGit = true` and some other derivation
expects some branch name to exist.

Previously, `nix-prefetch-git` always created a branch with a
hard-coded name (`fetchgit`).
2015-04-21 19:46:29 +02:00
Peter Simons
5d02f0e854 fetchgit: add 'deepClone' argument to disable shallow fetching
This patch resolves https://github.com/NixOS/nixpkgs/issues/6395. Deep
cloning is useful in combination with 'leaveDotGit' for builds that want
to run "git describe" to obtain a proper version string, etc., like the
'haskellngPackages.cabal2nix' package does.
2015-03-10 13:14:00 +01:00
Vladimír Čunát
77d66ed834 fetchgit: improve name detection, discard nix-1.8 check
The name detection didn't work for e.g. http://git.suckless.org/sinit/.
I tested the tarball builds now.

@shlevy claimed nixpkgs requires nix-1.8 features anyway,
so the additional check with message were superfluous.
2015-01-13 19:45:31 +01:00
Shea Levy
a8603605aa fetchgit: give output a nicer name
Instead of git-export, we get the basename of the repo, plus the
shortrev if the commit-ish is a rev.
2015-01-01 10:03:45 -05:00
Michael Raskin
46cdc2e017 Allow git checkouts to have custom name 2014-09-03 21:54:25 +04:00
ambrop7@gmail.com
3a765a7309 fetchgit: Implement option to not check out submodules. 2014-03-25 20:03:55 +01:00
Eelco Dolstra
a8ded9d5d3 fetchgit: Require a content hash
Without this, the result will not be a fixed-output derivation and
won't work in general.
2014-02-18 19:13:07 +01:00
Vladimír Čunát
161d029d7d preferLocalBuild: set to true for wrappers and fetchers 2014-02-10 21:04:17 +01:00
Nicolas Pierron
d528cba5b8 fetchgit: Handle https.
svn path=/nixpkgs/trunk/; revision=28857
2011-08-28 16:03:14 +00:00
Nicolas Pierron
9e53a20f50 Replace fetchgit default builder by a wrapper around nix-prefect-git.
svn path=/nixpkgs/trunk/; revision=28709
2011-08-20 14:29:57 +00:00
Rob Vermaas
13417770a3 applying patches provided by griswold
svn path=/nixpkgs/trunk/; revision=19707
2010-01-27 12:12:35 +00:00
Marc Weber
edf78fcb6a some fetchgit documentation
svn path=/nixpkgs/trunk/; revision=18283
2009-11-08 03:02:10 +00:00
Lluís Batlle i Rossell
896dc42662 Forgot some 'depth' regarding fetchgit still.
svn path=/nixpkgs/trunk/; revision=18279
2009-11-08 01:59:50 +00:00
Lluís Batlle i Rossell
f1ee14bfaf Removing fetchgit --depth and its usage. It does not provide much advantages...
I think it takes the recent N commits into the repository, which says very little,
even for wanting master/HEAD.

svn path=/nixpkgs/trunk/; revision=18277
2009-11-08 01:51:20 +00:00
Michael Raskin
cd04c58fe2 Allow not-that-shallow git fetches; enable it for uzbl
svn path=/nixpkgs/trunk/; revision=17980
2009-10-27 19:52:01 +00:00
Rob Vermaas
205fb0c87e * fetchgit and nix-prefetch-git
svn path=/nixpkgs/trunk/; revision=16035
2009-06-24 12:48:01 +00:00