This allows on-the-fly rewriting of URLs before they are passed from
fetchurl (or fetchurlBoot) to curl.
The intended use is to allow inserting company-internal mirrors, or
working around company firewalls and similar network restrictions,
without having to extensively patch across all of nixpkgs. Instead,
users can pass a function in their nixpkgs that performs the necessary
URL rewrites.
Co-authored-by: Alexander Bantyev <balsoft@balsoft.ru>
Added fetchTags feature to fetchgit, explicit and clear support for
fetching all tags after the source tree fetch completes. Doing this at
build-time in the fetcher is required for packages that invoke commands
like 'git describe' which require tags, and since the nix store is
read-only by design, it is not possible to git fetch --tags at
activation- or run-time. This feature may have been possible by
specifying a postFetch option including calling git fetch --tags,
however doing so obfuscates the solution to this very real problem.
Explicit support for fetching tags should be a first class citizen just
like fetching other refs.
`pkgs` might not contain the correct derivations if cross-compiling.
Using `buildPackages` ensures that the executables come from the correct
set.
Signed-off-by: Marcel Müller <neikos@neikos.email>
We're feeding a list of files from `lsdiff` to `filterdiff` via `xargs`.
That list is newline separated, and looks something like this:
```
$ lsdiff <(curl -s 1e86a219f5.patch)
a/README.md
b/files/The Answer to the Ultimate Question of Life, The Universe, and Everything.txt
```
However, if the list contains files with apostrophes in it, xargs freaks
out:
```
$ echo "there's an apostrophe here" | xargs -I{} python -c "import sys; print(sys.argv)" {}
xargs: unmatched single quote; by default quotes are special to xargs unless you use the -0 option
```
The fix is simple, just explicitly specify a delimiter:
```
$ echo "there's an apostrophe here" | xargs -I{} --delimiter='\n' python -c "import sys; print(sys.argv)" {}
['-c', "there's an apostrophe here"]
```
I added 2 tests here:
- `nix-build -A pkgs.tests.fetchpatch.fileWithApostrophe` fails without the code change.
- `nix-build -A pkgs.tests.fetchpatch.fileWithSpace` passes both before
and after this change, but I wanted to add it to prove that I didn't
break anything.
This fixes the potential mismatch between a `applyPatches` with and without patches, as the latter would not merge the `meta` or `passthru` args.
This is technically a breaking change to the `applyPatches` interface, but there are no instances of this in nixpkgs.
During the Apple SDK revamp of #346043, cc-wrapper and bintools-wrapper
were modified to automatically add a fallback SDK if $DEVELOPER_DIR is
not set [^1]. However, because of the order of the && operands,
apple-sdk is always evaluated even when it's not needed.
Flip the && operands so we only trigger the evaluation when targeting
Darwin.
[^1]: 51755b0c00
These went back as far as 2011, and none of them are in active security
support. We shouldn’t ship them without a warning and I doubt anyone
is using them with a recent Nixpkgs.
Fixes build failure for nixos.tests.docker-tools.
The tar command below the changed line relied on the $out directory
being created but it is not being created after the commit below.
97ed6b4565
The actual problem here is that there is no GHC bootstrap tarball for
RISC-V or LoongArch, so the right thing to check here is whether the
platform being used to build GHC has a bootstrap tarball available for
it. This way, we'll do the right thing in all cases where such a
tarball isn't available, not just riscv64 and loongarch64, without
having to resort to tryEval, which could be hiding all sorts of
problems.
Since we need to refer to (unspliced) buildPackages.pandoc and
buildPackages.shellcheck in the conditionals, I've opted to remove the
pandoc and shellcheck inputs that would be spliced in
nativeBuildInputs and use buildPackages explicitly there as well, to
avoid confusingly having two different instances of the same package
around.
Some typst packages include a Makefile for unit tests, which break the
builds.
Since typst packages are just static files no attempt should be made to
build them.
evolution-ews introduced a check for optional schemas, which would skip our hardcoded code paths.
a0c514bd34
Let’s update the semantic patch to also replace the invocations of specified `schemaExistsFunction` for known schemas with `true`.
We want to strip the write bit from files after we copied them.
XOR is not the right operator for this, since if the bit is 0 in both
the actual permissions and the mask, then the result will be a 1.
So in practice, we were assigning write permissions for group and others
to all files and we were only stripping the write permissions of the
owner (since the owner had write permissions, and so the result of the
XOR is 0).
The correct thing to do is to AND with the maximum permissions that we
want to maintain (which is the inverse of what we want to strip), so
that only those bits are preserved and the others are always set to 0.
