diff options
| author | Jan Tojnar <jtojnar@gmail.com> | 2020-02-14 12:56:51 +0100 |
|---|---|---|
| committer | Jan Tojnar <jtojnar@gmail.com> | 2020-03-02 23:57:40 +0100 |
| commit | 01e352ac449d51480ca4750f5637bc7ad156ceb4 (patch) | |
| tree | ef45d24764917628aa223ad72f898fba6f02cb77 /pkgs/build-support | |
| parent | ac75010d336f0af3b88db3bb3313aa2b528a5286 (diff) | |
| download | nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar.gz nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar.bz2 nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar.lz nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar.xz nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.tar.zst nixpkgs-01e352ac449d51480ca4750f5637bc7ad156ceb4.zip | |
fetchpatch: Allow using base64-encoded hash
Nix now returns base64-encoded SRI hashes on hash mismatch. Usually, people copy the returned hashes in TOFU fashion but since base64-encoded strings can contain slashes, they often broke our use of them for temporary file name. Escaping them should prevent the failures.
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/fetchpatch/default.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/pkgs/build-support/fetchpatch/default.nix b/pkgs/build-support/fetchpatch/default.nix index 2fb32b2324f..71c0d466498 100644 --- a/pkgs/build-support/fetchpatch/default.nix +++ b/pkgs/build-support/fetchpatch/default.nix @@ -11,9 +11,13 @@ let in { stripLen ? 0, extraPrefix ? null, excludes ? [], includes ? [], revert ? false, ... }@args: +let + # Make base-64 encoded SRI hash filename-safe using RFC 4648 ยง5 + tmpname = lib.replaceStrings [ "+" "/" "=" ] [ "-" "_" "" ] args.sha256; +in fetchurl ({ postFetch = '' - tmpfile="$TMPDIR/${args.sha256}" + tmpfile="$TMPDIR/${tmpname}" if [ ! -s "$out" ]; then echo "error: Fetched patch file '$out' is empty!" 1>&2 exit 1 |