gitRepo: patch git to work around unsafe directory "feature"

Our hack for gitRepo relied on fetching from the Nix store but git 2.35 doesn't
allow accessing git repos with "dubious" ownership.

This little patch just short-circuits the check.

Author: Atemu

flake.lock

@@ -3,14 +3,13 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     androidPkgs.url = "github:tadfisher/android-nixpkgs/stable";
 
     flake-compat.url = "github:nix-community/flake-compat";
   };
 
-  outputs = { self, nixpkgs, nixpkgs-unstable, androidPkgs, flake-compat,  ... }@inputs: let
+  outputs = { self, nixpkgs, androidPkgs, flake-compat,  ... }@inputs: let
     pkgs = import ./pkgs/default.nix { inherit inputs; };
   in {
     # robotnixSystem evaluates a robotnix configuration

flake.nix

@@ -1,10 +1,15 @@
-{ lib, inputs, fetchFromGitHub, rsync, git, gnupg, less, openssh, ... }:
+{ lib, gitRepo, fetchFromGitHub, fetchpatch2, rsync, git, gnupg, less, openssh, ... }:
 let
-  inherit (inputs) nixpkgs-unstable;
-
-  unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
+  git-patched = git.overrideAttrs (old: {
+    patches = old.patches or [ ] ++ [
+      ./ignore_dubious_ownership.patch
+    ];
+    # Likely won't succeed with the patch and we don't care.
+    doCheck = false;
+    doInstallCheck = false;
+  });
 in
-  unstablePkgs.gitRepo.overrideAttrs(oldAttrs: rec {
+  gitRepo.overrideAttrs(oldAttrs: rec {
     version = "2.45";
 
     src = fetchFromGitHub {
@@ -14,7 +19,7 @@ in
       hash = "sha256-f765TcOHL8wdPa9qSmGegofjCXx1tF/K5bRQnYQcYVc=";
     };
 
-    nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ rsync  git ];
+    nativeBuildInputs = (oldAttrs.nativeBuildInputs or []) ++ [ rsync git-patched ];
 
     repo2nixPatches = ./patches;
 
@@ -65,6 +70,10 @@ in
       wrapProgram "$out/bin/repo" \
         --set REPO_URL "file://$out/var/repo" \
         --set REPO_REV "$(cat ./COMMITED_REPO_REV)" \
-        --prefix PATH ":" "${ lib.makeBinPath [ git gnupg less openssh ] }"
+        --prefix PATH ":" "${ lib.makeBinPath [ git-patched gnupg less openssh ] }"
     '';
+
+    passthru = {
+      inherit git-patched;
+    };
   })

pkgs/gitRepo/default.nix

@@ -0,0 +1,11 @@
+diff --git a/setup.c b/setup.c
+--- a/setup.c
++++ b/setup.c
+@@ -1332,6 +1332,7 @@
+ void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+ 				const char *gitdir)
+ {
++  return; // Stubbed
+ 	struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT;
+ 	const char *path;
+ 

pkgs/gitRepo/ignore_dubious_ownership.patch

@@ -34,7 +34,9 @@ self: super: {
   });
   nix-prefetch-git = super.callPackage ./fetchgit/nix-prefetch-git.nix {};
 
-  gitRepo = super.callPackage ./gitRepo { inherit inputs; };
+  gitRepo = super.callPackage ./gitRepo {
+    inherit (super) gitRepo;
+  };
 
   ###