nixpkgs/pkgs/build-support/fetchgit/default.nix

{stdenv, git, cacert}: let
  urlToName = url: rev: let
    base = baseNameOf (stdenv.lib.removeSuffix "/" url);

    matched = builtins.match "(.*).git" base;

    short = builtins.substring 0 7 rev;

    appendShort = if (builtins.match "[a-f0-9]*" rev) != null
      then "-${short}"
      else "";
  in "${if matched == null then base else builtins.head matched}${appendShort}";
in
{ url, rev ? "HEAD", md5 ? "", sha256 ? "", leaveDotGit ? deepClone
, fetchSubmodules ? true, deepClone ? false
, branchName ? null
, name ? urlToName url rev
}:

/* NOTE:
   fetchgit has one problem: git fetch only works for refs.
   This is because fetching arbitrary (maybe dangling) commits may be a security risk
   and checking whether a commit belongs to a ref is expensive. This may
   change in the future when some caching is added to git (?)
   Usually refs are either tags (refs/tags/*) or branches (refs/heads/*)
   Cloning branches will make the hash check fail when there is an update.
   But not all patches we want can be accessed by tags.

   The workaround is getting the last n commits so that it's likly that they
   still contain the hash we want.

   for now : increase depth iteratively (TODO)

   real fix: ask git folks to add a
   git fetch $HASH contained in $BRANCH
   facility because checking that $HASH is contained in $BRANCH is less
   expensive than fetching --depth $N.
   Even if git folks implemented this feature soon it may take years until
   server admins start using the new version?
*/

assert md5 != "" || sha256 != "";
assert deepClone -> leaveDotGit;

stdenv.mkDerivation {
  inherit name;
  builder = ./builder.sh;
  fetcher = "${./nix-prefetch-git}";  # This must be a string to ensure it's called with bash.
  buildInputs = [git];

  outputHashAlgo = if sha256 == "" then "md5" else "sha256";
  outputHashMode = "recursive";
  outputHash = if sha256 == "" then md5 else sha256;

  inherit url rev leaveDotGit fetchSubmodules deepClone branchName;

  GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";

  impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars ++ [
    "GIT_PROXY_COMMAND" "SOCKS_SERVER"
  ];

  preferLocalBuild = true;
}
fetchgit: give output a nicer name Instead of git-export, we get the basename of the repo, plus the shortrev if the commit-ish is a rev. 2015-01-01 14:34:56 +01:00			`{stdenv, git, cacert}: let`
			`urlToName = url: rev: let`
fetchgit: improve name detection, discard nix-1.8 check The name detection didn't work for e.g. http://git.suckless.org/sinit/. I tested the tarball builds now. @shlevy claimed nixpkgs requires nix-1.8 features anyway, so the additional check with message were superfluous. 2015-01-13 19:43:08 +01:00			`base = baseNameOf (stdenv.lib.removeSuffix "/" url);`
fetchgit: give output a nicer name Instead of git-export, we get the basename of the repo, plus the shortrev if the commit-ish is a rev. 2015-01-01 14:34:56 +01:00
fetchgit: improve name detection, discard nix-1.8 check The name detection didn't work for e.g. http://git.suckless.org/sinit/. I tested the tarball builds now. @shlevy claimed nixpkgs requires nix-1.8 features anyway, so the additional check with message were superfluous. 2015-01-13 19:43:08 +01:00			`matched = builtins.match "(.*).git" base;`
fetchgit: give output a nicer name Instead of git-export, we get the basename of the repo, plus the shortrev if the commit-ish is a rev. 2015-01-01 14:34:56 +01:00
			`short = builtins.substring 0 7 rev;`

			`appendShort = if (builtins.match "[a-f0-9]*" rev) != null`
			`then "-${short}"`
			`else "";`
			`in "${if matched == null then base else builtins.head matched}${appendShort}";`
fetchgit: improve name detection, discard nix-1.8 check The name detection didn't work for e.g. http://git.suckless.org/sinit/. I tested the tarball builds now. @shlevy claimed nixpkgs requires nix-1.8 features anyway, so the additional check with message were superfluous. 2015-01-13 19:43:08 +01:00			`in`
fetchgit: add 'deepClone' argument to disable shallow fetching This patch resolves https://github.com/NixOS/nixpkgs/issues/6395. Deep cloning is useful in combination with 'leaveDotGit' for builds that want to run "git describe" to obtain a proper version string, etc., like the 'haskellngPackages.cabal2nix' package does. 2015-03-10 12:40:19 +01:00			`{ url, rev ? "HEAD", md5 ? "", sha256 ? "", leaveDotGit ? deepClone`
			`, fetchSubmodules ? true, deepClone ? false`
fetchgit: Add support for specifying branch name This is useful when `leaveDotGit = true` and some other derivation expects some branch name to exist. Previously, `nix-prefetch-git` always created a branch with a hard-coded name (`fetchgit`). 2015-04-20 14:25:14 +02:00			`, branchName ? null`
fetchgit: give output a nicer name Instead of git-export, we get the basename of the repo, plus the shortrev if the commit-ish is a rev. 2015-01-01 14:34:56 +01:00			`, name ? urlToName url rev`
Allow git checkouts to have custom name 2014-09-03 19:48:15 +02:00			`}:`
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00
some fetchgit documentation svn path=/nixpkgs/trunk/; revision=18283 2009-11-08 04:02:10 +01:00			`/* NOTE:`
			`fetchgit has one problem: git fetch only works for refs.`
			`This is because fetching arbitrary (maybe dangling) commits may be a security risk`
			`and checking whether a commit belongs to a ref is expensive. This may`
			`change in the future when some caching is added to git (?)`
			`Usually refs are either tags (refs/tags/) or branches (refs/heads/)`
			`Cloning branches will make the hash check fail when there is an update.`
			`But not all patches we want can be accessed by tags.`

			`The workaround is getting the last n commits so that it's likly that they`
			`still contain the hash we want.`

			`for now : increase depth iteratively (TODO)`

			`real fix: ask git folks to add a`
			`git fetch $HASH contained in $BRANCH`
			`facility because checking that $HASH is contained in $BRANCH is less`
			`expensive than fetching --depth $N.`
			`Even if git folks implemented this feature soon it may take years until`
			`server admins start using the new version?`
			`*/`

fetchgit: Require a content hash Without this, the result will not be a fixed-output derivation and won't work in general. 2014-02-18 19:11:57 +01:00			`assert md5 != "" \|\| sha256 != "";`
fetchgit: add 'deepClone' argument to disable shallow fetching This patch resolves https://github.com/NixOS/nixpkgs/issues/6395. Deep cloning is useful in combination with 'leaveDotGit' for builds that want to run "git describe" to obtain a proper version string, etc., like the 'haskellngPackages.cabal2nix' package does. 2015-03-10 12:40:19 +01:00			`assert deepClone -> leaveDotGit;`
fetchgit: Require a content hash Without this, the result will not be a fixed-output derivation and won't work in general. 2014-02-18 19:11:57 +01:00
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00			`stdenv.mkDerivation {`
Allow git checkouts to have custom name 2014-09-03 19:48:15 +02:00			`inherit name;`
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00			`builder = ./builder.sh;`
fetchgit: follow up to 2cf7069b7da368326b51520536ac0f1020157f7a If "fetcher" is a string, then Nix will execute it with bash already, so the additional bash argument in that string was redundant and apparently causes trouble on non-Linux platforms. Hopefully fixes https://github.com/NixOS/nixpkgs/issues/11496. 2015-12-06 15:04:14 +01:00			`fetcher = "${./nix-prefetch-git}"; # This must be a string to ensure it's called with bash.`
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00			`buildInputs = [git];`

			`outputHashAlgo = if sha256 == "" then "md5" else "sha256";`
			`outputHashMode = "recursive";`
			`outputHash = if sha256 == "" then md5 else sha256;`

fetchgit: Add support for specifying branch name This is useful when `leaveDotGit = true` and some other derivation expects some branch name to exist. Previously, `nix-prefetch-git` always created a branch with a hard-coded name (`fetchgit`). 2015-04-20 14:25:14 +02:00			`inherit url rev leaveDotGit fetchSubmodules deepClone branchName;`
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00
cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 22:00:52 +02:00			`GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";`
fetchgit: Handle https. svn path=/nixpkgs/trunk/; revision=28857 2011-08-28 18:03:14 +02:00
lib/fetchers.nix: factor out impure proxy vars (#18702) Apparently everyone just copied those variables, instead of creating a library constant for them. Some even removed the comment. -.- 2016-09-17 21:50:01 +02:00			`impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars ++ [`
			`"GIT_PROXY_COMMAND" "SOCKS_SERVER"`
			`];`
preferLocalBuild: set to true for wrappers and fetchers 2014-02-10 21:03:17 +01:00
			`preferLocalBuild = true;`
* fetchgit and nix-prefetch-git svn path=/nixpkgs/trunk/; revision=16035 2009-06-24 14:48:01 +02:00			`}`