treewide: add warning comment to “boot” packages

This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).

43 files changed, 216 insertions, 1 deletions

diff --git a/pkgs/applications/editors/ed/default.nix b/pkgs/applications/editors/ed/default.nix
index 37d055e2685..0fb48203b2f 100644
--- a/pkgs/applications/editors/ed/default.nix
+++ b/pkgs/applications/editors/ed/default.nix
@@ -1,6 +1,11 @@
 { stdenv, fetchurl, lzip
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation (rec {
   name = "ed-${version}";
   version = "1.16";
diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix
index 978ad75a3d2..5f0a69583a1 100644
--- a/pkgs/development/compilers/gcc/9/default.nix
+++ b/pkgs/development/compilers/gcc/9/default.nix
@@ -31,6 +31,11 @@
 , buildPackages
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 # LTO needs libelf and zlib.
 assert libelf != null -> zlib != null;
 
diff --git a/pkgs/development/interpreters/perl/default.nix b/pkgs/development/interpreters/perl/default.nix
index 9690dfac2f2..27ccb6f22c6 100644
--- a/pkgs/development/interpreters/perl/default.nix
+++ b/pkgs/development/interpreters/perl/default.nix
@@ -2,6 +2,11 @@
 , enableThreading ? true, coreutils, makeWrapper
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 with lib;
 
 let
diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix
index e6c8b301c0b..d26d060da72 100644
--- a/pkgs/development/interpreters/python/cpython/default.nix
+++ b/pkgs/development/interpreters/python/cpython/default.nix
@@ -36,6 +36,11 @@
 , enableOptimizations ? (!stdenv.isDarwin)
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert x11Support -> tcl != null
                   && tk != null
                   && xorgproto != null
diff --git a/pkgs/development/libraries/acl/default.nix b/pkgs/development/libraries/acl/default.nix
index 4b280cc1862..6e863e4eeba 100644
--- a/pkgs/development/libraries/acl/default.nix
+++ b/pkgs/development/libraries/acl/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, gettext, attr }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "acl-2.2.53";
 
diff --git a/pkgs/development/libraries/attr/default.nix b/pkgs/development/libraries/attr/default.nix
index 44eab6bc53c..d69d475f737 100644
--- a/pkgs/development/libraries/attr/default.nix
+++ b/pkgs/development/libraries/attr/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, gettext }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "attr-2.4.48";
 
diff --git a/pkgs/development/libraries/c-ares/default.nix b/pkgs/development/libraries/c-ares/default.nix
index 02f0872cee3..2751565670a 100644
--- a/pkgs/development/libraries/c-ares/default.nix
+++ b/pkgs/development/libraries/c-ares/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, writeTextDir }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let self =
 stdenv.mkDerivation rec {
   name = "c-ares-1.15.0";
diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index 94aee7749ce..a356d7be1a9 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "expat-2.2.8";
 
diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix
index 6adc147c6ac..46e52c7988e 100644
--- a/pkgs/development/libraries/gettext/default.nix
+++ b/pkgs/development/libraries/gettext/default.nix
@@ -1,5 +1,10 @@
 { stdenv, lib, fetchurl, libiconv, xz, fetchpatch }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "gettext";
   version = "0.20.1";
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 8afea21729a..0b2f34c7b76 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -17,6 +17,11 @@
   but the exact set depends on the library version and the configuration.
 */
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 { stdenv, lib
 , buildPackages
 , fetchurl
diff --git a/pkgs/development/libraries/gmp/6.x.nix b/pkgs/development/libraries/gmp/6.x.nix
index c5fffa09bf0..f4432cfc5b8 100644
--- a/pkgs/development/libraries/gmp/6.x.nix
+++ b/pkgs/development/libraries/gmp/6.x.nix
@@ -3,6 +3,11 @@
 , buildPackages
 , withStatic ? false }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let inherit (stdenv.lib) optional; in
 
 let self = stdenv.mkDerivation rec {
diff --git a/pkgs/development/libraries/kerberos/krb5.nix b/pkgs/development/libraries/kerberos/krb5.nix
index e5a593a7ff4..004d7d2227c 100644
--- a/pkgs/development/libraries/kerberos/krb5.nix
+++ b/pkgs/development/libraries/kerberos/krb5.nix
@@ -8,6 +8,11 @@
 , staticOnly ? false
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let
   libOnly = type == "lib";
 in
diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix
index 4e4afe96d54..2b56f973b5d 100644
--- a/pkgs/development/libraries/libelf/default.nix
+++ b/pkgs/development/libraries/libelf/default.nix
@@ -2,6 +2,11 @@
 , fetchurl, autoreconfHook, gettext
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "libelf-0.8.13";
 
diff --git a/pkgs/development/libraries/libev/default.nix b/pkgs/development/libraries/libev/default.nix
index 74aa8133a99..1ea0615dc23 100644
--- a/pkgs/development/libraries/libev/default.nix
+++ b/pkgs/development/libraries/libev/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, static ? false }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "libev";
   version="4.33";
diff --git a/pkgs/development/libraries/libffi/default.nix b/pkgs/development/libraries/libffi/default.nix
index eecffeba23d..d7dad6d956d 100644
--- a/pkgs/development/libraries/libffi/default.nix
+++ b/pkgs/development/libraries/libffi/default.nix
@@ -3,6 +3,11 @@
 
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "libffi-3.3";
 
diff --git a/pkgs/development/libraries/libidn2/default.nix b/pkgs/development/libraries/libidn2/default.nix
index 1fc0bd9b399..c5af2d16bb2 100644
--- a/pkgs/development/libraries/libidn2/default.nix
+++ b/pkgs/development/libraries/libidn2/default.nix
@@ -1,5 +1,10 @@
 { fetchurl, stdenv, libiconv, libunistring, help2man, buildPackages }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
diff --git a/pkgs/development/libraries/libmpc/default.nix b/pkgs/development/libraries/libmpc/default.nix
index 235474c0ca1..c0459e393fa 100644
--- a/pkgs/development/libraries/libmpc/default.nix
+++ b/pkgs/development/libraries/libmpc/default.nix
@@ -2,6 +2,11 @@
 , gmp, mpfr
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let
   version = "1.1.0";
 in
diff --git a/pkgs/development/libraries/libunistring/default.nix b/pkgs/development/libraries/libunistring/default.nix
index f0cc73ba4e9..5f300ef5199 100644
--- a/pkgs/development/libraries/libunistring/default.nix
+++ b/pkgs/development/libraries/libunistring/default.nix
@@ -1,5 +1,10 @@
 { fetchurl, stdenv, libiconv }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "libunistring";
   version = "0.9.10";
diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix
index ceba71ae06a..9fc717ef38a 100644
--- a/pkgs/development/libraries/mpfr/default.nix
+++ b/pkgs/development/libraries/mpfr/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, gmp }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   version = "4.0.2";
   pname = "mpfr";
diff --git a/pkgs/development/libraries/nghttp2/default.nix b/pkgs/development/libraries/nghttp2/default.nix
index 939f137ac3e..3294674e178 100644
--- a/pkgs/development/libraries/nghttp2/default.nix
+++ b/pkgs/development/libraries/nghttp2/default.nix
@@ -12,6 +12,11 @@
 , enablePython ? false, python ? null, cython ? null, ncurses ? null, setuptools ? null
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert enableHpack -> jansson != null;
 assert enableAsioLib -> boost != null;
 assert enableGetAssets -> libxml2 != null;
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 43170f25d38..1fc38dd8aaa 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -5,6 +5,11 @@
 , static ? false
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 with stdenv.lib;
 
 let
diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix
index c4a4c497ced..98746968146 100644
--- a/pkgs/development/libraries/zlib/default.nix
+++ b/pkgs/development/libraries/zlib/default.nix
@@ -12,6 +12,11 @@
 , splitStaticOutput ? static
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert splitStaticOutput -> static;
 
 stdenv.mkDerivation (rec {
diff --git a/pkgs/development/tools/misc/autoconf/default.nix b/pkgs/development/tools/misc/autoconf/default.nix
index 500d80d4bb8..93add837290 100644
--- a/pkgs/development/tools/misc/autoconf/default.nix
+++ b/pkgs/development/tools/misc/autoconf/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, m4, perl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "autoconf-2.69";
 
diff --git a/pkgs/development/tools/misc/binutils/default.nix b/pkgs/development/tools/misc/binutils/default.nix
index cd05ea354ca..b352e63a27c 100644
--- a/pkgs/development/tools/misc/binutils/default.nix
+++ b/pkgs/development/tools/misc/binutils/default.nix
@@ -10,6 +10,11 @@
 , texinfo
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let
   reuseLibs = enableShared && withAllTargets;
 
diff --git a/pkgs/development/tools/misc/gnum4/default.nix b/pkgs/development/tools/misc/gnum4/default.nix
index b301324e956..2e3e4acfdc1 100644
--- a/pkgs/development/tools/misc/gnum4/default.nix
+++ b/pkgs/development/tools/misc/gnum4/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation {
   name = "gnum4-1.4.18";
 
diff --git a/pkgs/development/tools/misc/help2man/default.nix b/pkgs/development/tools/misc/help2man/default.nix
index 74ba7f55093..f23b5a9c8fd 100644
--- a/pkgs/development/tools/misc/help2man/default.nix
+++ b/pkgs/development/tools/misc/help2man/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, perlPackages, gettext }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "help2man-1.47.16";
 
diff --git a/pkgs/development/tools/misc/libtool/default.nix b/pkgs/development/tools/misc/libtool/default.nix
index debc4107882..199c6504f39 100644
--- a/pkgs/development/tools/misc/libtool/default.nix
+++ b/pkgs/development/tools/misc/libtool/default.nix
@@ -1,5 +1,10 @@
 {stdenv, fetchurl, m4, perl}:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "libtool-1.5.26";
 
diff --git a/pkgs/development/tools/misc/patchelf/default.nix b/pkgs/development/tools/misc/patchelf/default.nix
index 5119225d9ae..5d2309333a6 100644
--- a/pkgs/development/tools/misc/patchelf/default.nix
+++ b/pkgs/development/tools/misc/patchelf/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "patchelf-0.11";
 
diff --git a/pkgs/development/tools/misc/texinfo/common.nix b/pkgs/development/tools/misc/texinfo/common.nix
index 1fb8a6b2f0d..ec51dc2259d 100644
--- a/pkgs/development/tools/misc/texinfo/common.nix
+++ b/pkgs/development/tools/misc/texinfo/common.nix
@@ -6,6 +6,11 @@
 , interactive ? false, ncurses, procps
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let
   crossBuildTools = interactive && stdenv.hostPlatform != stdenv.buildPlatform;
 in
diff --git a/pkgs/development/tools/parsing/bison/default.nix b/pkgs/development/tools/parsing/bison/default.nix
index ba2caac96c9..357c8ea17cf 100644
--- a/pkgs/development/tools/parsing/bison/default.nix
+++ b/pkgs/development/tools/parsing/bison/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, m4, perl, help2man }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "bison";
   version = "3.6.4";
diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix
index a9d0cf45168..cab11cc87ae 100644
--- a/pkgs/os-specific/linux/kernel/generic.nix
+++ b/pkgs/os-specific/linux/kernel/generic.nix
@@ -53,6 +53,11 @@
 , ...
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert stdenv.isLinux;
 
 let
diff --git a/pkgs/os-specific/linux/keyutils/default.nix b/pkgs/os-specific/linux/keyutils/default.nix
index 76869bfde5b..553b0b87f41 100644
--- a/pkgs/os-specific/linux/keyutils/default.nix
+++ b/pkgs/os-specific/linux/keyutils/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "keyutils";
   version = "1.6.1";
diff --git a/pkgs/shells/bash/4.4.nix b/pkgs/shells/bash/4.4.nix
index 4cb3c14a9a0..deeb4093c68 100644
--- a/pkgs/shells/bash/4.4.nix
+++ b/pkgs/shells/bash/4.4.nix
@@ -12,6 +12,11 @@ assert interactive -> readline70 != null;
 assert withDocs -> texinfo != null;
 assert stdenv.hostPlatform.isDarwin -> binutils != null;
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let
   upstreamPatches = import ./bash-4.4-patches.nix (nr: sha256: fetchurl {
     url = "mirror://gnu/bash/bash-4.4-patches/bash44-${nr}";
diff --git a/pkgs/tools/archivers/gnutar/default.nix b/pkgs/tools/archivers/gnutar/default.nix
index 749f795c449..672c99d80c0 100644
--- a/pkgs/tools/archivers/gnutar/default.nix
+++ b/pkgs/tools/archivers/gnutar/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, autoreconfHook, acl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "gnutar";
   version = "1.32";
diff --git a/pkgs/tools/compression/bzip2/default.nix b/pkgs/tools/compression/bzip2/default.nix
index 41dcd54ecdb..3e20258cbbe 100644
--- a/pkgs/tools/compression/bzip2/default.nix
+++ b/pkgs/tools/compression/bzip2/default.nix
@@ -3,6 +3,11 @@
 , autoreconfHook
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "bzip2";
   version = "1.0.6.0.1";
diff --git a/pkgs/tools/compression/gzip/default.nix b/pkgs/tools/compression/gzip/default.nix
index eb680ff8a06..9628e100c1c 100644
--- a/pkgs/tools/compression/gzip/default.nix
+++ b/pkgs/tools/compression/gzip/default.nix
@@ -4,6 +4,11 @@
 , writeText
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "gzip";
   version = "1.10";
diff --git a/pkgs/tools/compression/lzip/default.nix b/pkgs/tools/compression/lzip/default.nix
index 62f57a8cca7..e55af8b94ed 100644
--- a/pkgs/tools/compression/lzip/default.nix
+++ b/pkgs/tools/compression/lzip/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, texinfo }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "lzip";
   version = "1.21";
diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index 545384c396d..5cf88288d81 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, enableStatic ? false }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "xz-5.2.5";
 
diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix
index 49edc002bec..50d3a2437d7 100644
--- a/pkgs/tools/misc/coreutils/default.nix
+++ b/pkgs/tools/misc/coreutils/default.nix
@@ -10,6 +10,11 @@
 , singleBinary ? "symlinks" # you can also pass "shebangs" or false
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert aclSupport -> acl != null;
 assert selinuxSupport -> libselinux != null && libsepol != null;
 
diff --git a/pkgs/tools/misc/findutils/default.nix b/pkgs/tools/misc/findutils/default.nix
index 230e401ef82..84dd187e1fc 100644
--- a/pkgs/tools/misc/findutils/default.nix
+++ b/pkgs/tools/misc/findutils/default.nix
@@ -2,6 +2,11 @@
 , coreutils
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   pname = "findutils";
   version = "4.7.0";
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index ce24854d04d..9a8a245a790 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -12,6 +12,11 @@
 , brotliSupport ? false, brotli ? null
 }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 assert http2Support -> nghttp2 != null;
 assert idnSupport -> libidn != null;
 assert ldapSupport -> openldap != null;
diff --git a/pkgs/tools/text/diffutils/default.nix b/pkgs/tools/text/diffutils/default.nix
index 06ecda9ff21..6fd69a9ba4c 100644
--- a/pkgs/tools/text/diffutils/default.nix
+++ b/pkgs/tools/text/diffutils/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, xz, coreutils ? null }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 stdenv.mkDerivation rec {
   name = "diffutils-3.7";
 
diff --git a/pkgs/tools/text/gnugrep/default.nix b/pkgs/tools/text/gnugrep/default.nix
index 3f5c4d7d86c..f7e3cd42a9b 100644
--- a/pkgs/tools/text/gnugrep/default.nix
+++ b/pkgs/tools/text/gnugrep/default.nix
@@ -1,5 +1,10 @@
 { stdenv, fetchurl, pcre, libiconv, perl }:
 
+# Note: this package is used for bootstrapping fetchurl, and thus
+# cannot use fetchpatch! All mutable patches (generated by GitHub or
+# cgit) that are needed here should be included directly in Nixpkgs as
+# files.
+
 let version = "3.4"; in
 
 stdenv.mkDerivation {
@@ -19,7 +24,7 @@ stdenv.mkDerivation {
 
   # cygwin: FAIL: multibyte-white-space
   # freebsd: FAIL mb-non-UTF8-performance
-  # all platforms: timing sensitivity in long-pattern-perf 
+  # all platforms: timing sensitivity in long-pattern-perf
   #doCheck = !stdenv.isDarwin && !stdenv.isSunOS && !stdenv.isCygwin && !stdenv.isFreeBSD;
   doCheck = false;