talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nix-prefetch-git: ignore global and user git config

Browse Source 
nix-prefetch-git is either run as part of a build, usually sandboxed,
or outside a build, unsandboxed, to prefetch something that will later
be used in a build.  It's important that the latter use produces
hashes that can be reproduced by the former.

One way that they can differ is if the user's git config does
something that changes the result of git clone.  I ran into this,
because my global git config automatically enables git-lfs, whereas
nix-prefetch-git otherwise only uses git-lfs if specifically
requested.  This led to very confusing hash mismatches.
This commit is contained in:
Alyssa Ross
2023-09-22 06:59:40 +00:00
parent c9a667043f
commit 7d40fbbc04
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2311.section.md
View File

@@ -124,6 +124,8 @@
- `himalaya` has been updated to `0.8.0`, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the [release note](https://github.com/soywod/himalaya/releases/tag/v0.8.0) for more details.
- `nix-prefetch-git` now ignores global and user git config, to improve reproducibility.
- The [services.caddy.acmeCA](#opt-services.caddy.acmeCA) option now defaults to `null` instead of `"https://acme-v02.api.letsencrypt.org/directory"`, to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream.
- The default priorities of [`services.nextcloud.phpOptions`](#opt-services.nextcloud.phpOptions) have changed. This means that e.g.

9
pkgs/build-support/fetchgit/nix-prefetch-git
View File

@@ -293,9 +293,6 @@ clone_user_rev() {
local rev="${3:-HEAD}"
if [ -n "$fetchLFS" ]; then
tmpHomePath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-git-tmp-home-XXXXXXXXXX")"
exit_handlers+=(remove_tmpHomePath)
HOME="$tmpHomePath"
clean_git lfs install
fi
@@ -417,6 +414,12 @@ if test -z "$branchName"; then
branchName=fetchgit
fi
tmpHomePath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-git-tmp-home-XXXXXXXXXX")"
exit_handlers+=(remove_tmpHomePath)
HOME="$tmpHomePath"
unset XDG_CONFIG_HOME
export GIT_CONFIG_NOSYSTEM=1
if test -n "$builder"; then
test -n "$out" -a -n "$url" -a -n "$rev" || usage
mkdir -p "$out"