fetchgit: add support for netrc file through impure NIX_GIT_SSL_CAINFO env

This commit is contained in:
Sandro Jäckel 2021-09-15 16:17:05 +02:00
parent e3b5143614
commit 6f53c06748
2 changed files with 18 additions and 2 deletions

View File

@ -21,6 +21,11 @@ in
postFetch ? ""
, preferLocalBuild ? true
, fetchLFS ? false
, # Shell code to build a netrc file for BASIC auth
netrcPhase ? null
, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
# needed for netrcPhase
netrcImpureEnvVars ? []
}:
/* NOTE:
@ -64,10 +69,17 @@ stdenvNoCC.mkDerivation {
inherit url rev leaveDotGit fetchLFS fetchSubmodules deepClone branchName postFetch;
postHook = if netrcPhase == null then null else ''
${netrcPhase}
# required that git uses the netrc file
mv {,.}netrc
export HOME=$PWD
'';
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [
"GIT_PROXY_COMMAND" "SOCKS_SERVER"
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ netrcImpureEnvVars ++ [
"GIT_PROXY_COMMAND" "NIX_GIT_SSL_CAINFO" "SOCKS_SERVER"
];
inherit preferLocalBuild;

View File

@ -17,6 +17,10 @@ branchName=$NIX_PREFETCH_GIT_BRANCH_NAME
out=${out:-}
http_proxy=${http_proxy:-}
# allow overwritting cacert's ca-bundle.crt with a custom one
# this can be done by setting NIX_GIT_SSL_CAINFO and NIX_SSL_CERT_FILE enviroment variables for the nix-daemon
GIT_SSL_CAINFO=${NIX_GIT_SSL_CAINFO:-$GIT_SSL_CAINFO}
# populated by clone_user_rev()
fullRev=
humanReadableRev=