tjh.dev
1{lib, stdenvNoCC, git, git-lfs, cacert}: let
2 urlToName = url: rev: let
3 inherit (lib) removeSuffix splitString last;
4 base = last (splitString ":" (baseNameOf (removeSuffix "/" url)));
5
6 matched = builtins.match "(.*)\\.git" base;
7
8 short = builtins.substring 0 7 rev;
9
10 appendShort = lib.optionalString ((builtins.match "[a-f0-9]*" rev) != null) "-${short}";
11 in "${if matched == null then base else builtins.head matched}${appendShort}";
12in
13lib.makeOverridable (lib.fetchers.withNormalizedHash { } (
14# NOTE Please document parameter additions or changes in
15# doc/build-helpers/fetchers.chapter.md
16{ url
17, tag ? null
18, rev ? null
19, leaveDotGit ? deepClone
20, outputHash ? lib.fakeHash, outputHashAlgo ? null
21, fetchSubmodules ? true, deepClone ? false
22, branchName ? null
23, sparseCheckout ? []
24, nonConeMode ? false
25, name ? null
26, # Shell code executed after the file has been fetched
27 # successfully. This can do things like check or transform the file.
28 postFetch ? ""
29, preferLocalBuild ? true
30, fetchLFS ? false
31, # Shell code to build a netrc file for BASIC auth
32 netrcPhase ? null
33, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
34 # needed for netrcPhase
35 netrcImpureEnvVars ? []
36, meta ? {}
37, allowedRequisites ? null
38}:
39
40/* NOTE:
41 fetchgit has one problem: git fetch only works for refs.
42 This is because fetching arbitrary (maybe dangling) commits creates garbage collection risks
43 and checking whether a commit belongs to a ref is expensive. This may
44 change in the future when some caching is added to git (?)
45 Usually refs are either tags (refs/tags/*) or branches (refs/heads/*)
46 Cloning branches will make the hash check fail when there is an update.
47 But not all patches we want can be accessed by tags.
48
49 The workaround is getting the last n commits so that it's likely that they
50 still contain the hash we want.
51
52 for now : increase depth iteratively (TODO)
53
54 real fix: ask git folks to add a
55 git fetch $HASH contained in $BRANCH
56 facility because checking that $HASH is contained in $BRANCH is less
57 expensive than fetching --depth $N.
58 Even if git folks implemented this feature soon it may take years until
59 server admins start using the new version?
60*/
61
62assert deepClone -> leaveDotGit;
63assert nonConeMode -> (sparseCheckout != []);
64
65let
66 revWithTag =
67 let
68 warningMsg = "fetchgit requires one of either `rev` or `tag` to be provided (not both).";
69 otherIsNull = other: lib.assertMsg (other == null) warningMsg;
70 in
71 if tag != null then
72 assert (otherIsNull rev);
73 "refs/tags/${tag}"
74 else if rev != null then
75 assert (otherIsNull tag);
76 rev
77 else
78 # FIXME fetching HEAD if no rev or tag is provided is problematic at best
79 "HEAD";
80in
81
82if builtins.isString sparseCheckout then
83 # Changed to throw on 2023-06-04
84 throw "Please provide directories/patterns for sparse checkout as a list of strings. Passing a (multi-line) string is not supported any more."
85else
86stdenvNoCC.mkDerivation {
87 name = if name != null then name else urlToName url revWithTag;
88
89 builder = ./builder.sh;
90 fetcher = ./nix-prefetch-git;
91
92 nativeBuildInputs = [ git cacert ]
93 ++ lib.optionals fetchLFS [ git-lfs ];
94
95 inherit outputHash outputHashAlgo;
96 outputHashMode = "recursive";
97
98 # git-sparse-checkout(1) says:
99 # > When the --stdin option is provided, the directories or patterns are read
100 # > from standard in as a newline-delimited list instead of from the arguments.
101 sparseCheckout = builtins.concatStringsSep "\n" sparseCheckout;
102
103 inherit url leaveDotGit fetchLFS fetchSubmodules deepClone branchName nonConeMode postFetch;
104 rev = revWithTag;
105
106 postHook = if netrcPhase == null then null else ''
107 ${netrcPhase}
108 # required that git uses the netrc file
109 mv {,.}netrc
110 export NETRC=$PWD/.netrc
111 export HOME=$PWD
112 '';
113
114 impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ netrcImpureEnvVars ++ [
115 "GIT_PROXY_COMMAND" "NIX_GIT_SSL_CAINFO" "SOCKS_SERVER"
116 ];
117
118
119 inherit preferLocalBuild meta allowedRequisites;
120
121 passthru = {
122 gitRepoUrl = url;
123 };
124}
125))