gitRepo: patch git to work around unsafe directory "feature"

Atemu · Atemu · commit dbfd13b94f68 · 2025-01-26T19:51:22.000+01:00
Our hack for gitRepo relied on fetching from the Nix store but git 2.35 doesn't
allow accessing git repos with "dubious" ownership.

This little patch just short-circuits the check.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -3,14 +3,13 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     androidPkgs.url = "github:tadfisher/android-nixpkgs/stable";
 
     flake-compat.url = "github:nix-community/flake-compat";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, androidPkgs, flake-compat,  ... }@inputs: let
+  outputs = { self, nixpkgs, androidPkgs, flake-compat,  ... }@inputs: let
     pkgs = import ./pkgs/default.nix { inherit inputs; };
   in {
     # robotnixSystem evaluates a robotnix configuration
diff --git a/pkgs/gitRepo/default.nix b/pkgs/gitRepo/default.nix
@@ -1,10 +1,15 @@
-{ lib, inputs, fetchFromGitHub, rsync, git, gnupg, less, openssh, ... }:
+{ lib, gitRepo, fetchFromGitHub, fetchpatch2, rsync, git, gnupg, less, openssh, ... }:
 let
-  inherit (inputs) nixpkgs-unstable;
-
-  unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
+  git-patched = git.overrideAttrs (old: {
+    patches = old.patches or [ ] ++ [
+      ./ignore_dubious_ownership.patch
+    ];
+    # Likely won't succeed with the patch and we don't care.
+    doCheck = false;
+    doInstallCheck = false;
+  });
 in
-  unstablePkgs.gitRepo.overrideAttrs(oldAttrs: rec {
+  gitRepo.overrideAttrs(oldAttrs: rec {
     version = "2.45";
 
     src = fetchFromGitHub {
@@ -14,7 +19,7 @@ in
       hash = "sha256-f765TcOHL8wdPa9qSmGegofjCXx1tF/K5bRQnYQcYVc=";
     };
 
-    nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ rsync  git ];
+    nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ rsync git-patched ];
 
     repo2nixPatches = ./patches;
 
@@ -65,6 +70,10 @@ in
       wrapProgram "$out/bin/repo" \
         --set REPO_URL "file://$out/var/repo" \
         --set REPO_REV "$(cat ./COMMITED_REPO_REV)" \
-        --prefix PATH ":" "${ lib.makeBinPath [ git gnupg less openssh ] }"
+        --prefix PATH ":" "${ lib.makeBinPath [ git-patched gnupg less openssh ] }"
     '';
+
+    passthru = {
+      inherit git-patched;
+    };
   })
diff --git a/pkgs/gitRepo/ignore_dubious_ownership.patch b/pkgs/gitRepo/ignore_dubious_ownership.patch
@@ -0,0 +1,11 @@
+diff --git a/setup.c b/setup.c
+--- a/setup.c
++++ b/setup.c
+@@ -1332,6 +1332,7 @@
+ void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+ 				const char *gitdir)
+ {
++  return; // Stubbed
+ 	struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT;
+ 	const char *path;
+ 
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
@@ -34,7 +34,9 @@ self: super: {
   });
   nix-prefetch-git = super.callPackage ./fetchgit/nix-prefetch-git.nix {};
 
-  gitRepo = super.callPackage ./gitRepo { inherit inputs; };
+  gitRepo = super.callPackage ./gitRepo {
+    inherit (super) gitRepo;
+  };
 
   ###
 
