1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
{
lib,
repoRevToNameMaybe,
fetchgit,
fetchzip,
}:
lib.makeOverridable (
# gitlab example
{
owner,
repo,
rev ? null,
tag ? null,
name ? repoRevToNameMaybe repo (lib.revOrTag rev tag) "gitlab",
protocol ? "https",
domain ? "gitlab.com",
group ? null,
fetchSubmodules ? false,
leaveDotGit ? false,
deepClone ? false,
forceFetchGit ? false,
sparseCheckout ? [ ],
private ? false,
varPrefix ? null,
... # For hash agility
}@args:
assert (
lib.assertMsg (lib.xor (tag == null) (
rev == null
)) "fetchFromGitLab requires one of either `rev` or `tag` to be provided (not both)."
);
let
slug = lib.concatStringsSep "/" (
(lib.optional (group != null) group)
++ [
owner
repo
]
);
revWithTag = if tag != null then "refs/tags/" + tag else rev;
escapedSlug = lib.replaceStrings [ "." "/" ] [ "%2E" "%2F" ] slug;
escapedRevWithTag = lib.replaceStrings [ "+" "%" "/" ] [ "%2B" "%25" "%2F" ] revWithTag;
passthruAttrs = removeAttrs args [
"protocol"
"domain"
"owner"
"group"
"repo"
"rev"
"tag"
"fetchSubmodules"
"forceFetchGit"
"private"
"varPrefix"
"leaveDotGit"
"deepClone"
];
varBase = "NIX${lib.optionalString (varPrefix != null) "_${varPrefix}"}_GITLAB_PRIVATE_";
useFetchGit =
fetchSubmodules || leaveDotGit || deepClone || forceFetchGit || (sparseCheckout != [ ]);
fetcher = if useFetchGit then fetchgit else fetchzip;
privateAttrs = lib.optionalAttrs private (
lib.throwIfNot (protocol == "https") "private token login is only supported for https" {
netrcPhase = ''
if [ -z "''$${varBase}USERNAME" -o -z "''$${varBase}PASSWORD" ]; then
echo "Error: Private fetchFromGitLab requires the nix building process (nix-daemon in multi user mode) to have the ${varBase}USERNAME and ${varBase}PASSWORD env vars set." >&2
exit 1
fi
''
+ (
if useFetchGit then
# GitLab supports HTTP Basic Authentication only when Git is used:
# https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#project-access-tokens
''
cat > netrc <<EOF
machine ${domain}
login ''$${varBase}USERNAME
password ''$${varBase}PASSWORD
EOF
''
else
# Access via the GitLab API requires a custom header and does not work
# with HTTP Basic Authentication:
# https://docs.gitlab.com/ee/api/#personalprojectgroup-access-tokens
''
# needed because fetchurl always sets --netrc-file if a netrcPhase is present
touch netrc
cat > private-token <<EOF
PRIVATE-TOKEN: ''$${varBase}PASSWORD
EOF
curlOpts="$curlOpts --header @./private-token"
''
);
netrcImpureEnvVars = [
"${varBase}USERNAME"
"${varBase}PASSWORD"
];
}
);
gitRepoUrl = "${protocol}://${domain}/${slug}.git";
fetcherArgs =
(
if useFetchGit then
{
inherit
rev
deepClone
tag
fetchSubmodules
sparseCheckout
leaveDotGit
;
url = gitRepoUrl;
}
else
{
url = "${protocol}://${domain}/api/v4/projects/${escapedSlug}/repository/archive.tar.gz?sha=${escapedRevWithTag}";
passthru = {
inherit gitRepoUrl;
};
}
)
// privateAttrs
// passthruAttrs
// {
inherit name;
};
in
fetcher fetcherArgs
// {
meta.homepage = "${protocol}://${domain}/${slug}/";
inherit
tag
owner
repo
;
rev = revWithTag;
}
)
|
