Unverified Commit 7d40fbbc authored by Alyssa Ross's avatar Alyssa Ross
Browse files

nix-prefetch-git: ignore global and user git config 

nix-prefetch-git is either run as part of a build, usually sandboxed,
or outside a build, unsandboxed, to prefetch something that will later
be used in a build.  It's important that the latter use produces
hashes that can be reproduced by the former.

One way that they can differ is if the user's git config does
something that changes the result of git clone.  I ran into this,
because my global git config automatically enables git-lfs, whereas
nix-prefetch-git otherwise only uses git-lfs if specifically
requested.  This led to very confusing hash mismatches.
parent c9a66704

nixos/doc/manual/release-notes/rl-2311.section.md

+2 −0
Original line number Diff line number Diff line
@@ -124,6 +124,8 @@ 


- `himalaya` has been updated to `0.8.0`, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the [release note](https://github.com/soywod/himalaya/releases/tag/v0.8.0) for more details.



- `nix-prefetch-git` now ignores global and user git config, to improve reproducibility.



- The [services.caddy.acmeCA](#opt-services.caddy.acmeCA) option now defaults to `null` instead of `"https://acme-v02.api.letsencrypt.org/directory"`, to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream.



- The default priorities of [`services.nextcloud.phpOptions`](#opt-services.nextcloud.phpOptions) have changed. This means that e.g.

pkgs/build-support/fetchgit/nix-prefetch-git

+6 −3
Original line number Diff line number Diff line
@@ -293,9 +293,6 @@ clone_user_rev() { 
    local rev="${3:-HEAD}"



    if [ -n "$fetchLFS" ]; then

        tmpHomePath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-git-tmp-home-XXXXXXXXXX")"

        exit_handlers+=(remove_tmpHomePath)

        HOME="$tmpHomePath"

        clean_git lfs install

    fi
@@ -417,6 +414,12 @@ if test -z "$branchName"; then 
    branchName=fetchgit

fi



tmpHomePath="$(mktemp -d "${TMPDIR:-/tmp}/nix-prefetch-git-tmp-home-XXXXXXXXXX")"

exit_handlers+=(remove_tmpHomePath)

HOME="$tmpHomePath"

unset XDG_CONFIG_HOME

export GIT_CONFIG_NOSYSTEM=1



if test -n "$builder"; then

    test -n "$out" -a -n "$url" -a -n "$rev" || usage

    mkdir -p "$out"