From 7d40fbbc04cded4adbbcd3e87546d43bdacf47e8 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 22 Sep 2023 06:59:40 +0000 Subject: nix-prefetch-git: ignore global and user git config nix-prefetch-git is either run as part of a build, usually sandboxed, or outside a build, unsandboxed, to prefetch something that will later be used in a build. It's important that the latter use produces hashes that can be reproduced by the former. One way that they can differ is if the user's git config does something that changes the result of git clone. I ran into this, because my global git config automatically enables git-lfs, whereas nix-prefetch-git otherwise only uses git-lfs if specifically requested. This led to very confusing hash mismatches. --- nixos/doc/manual/release-notes/rl-2311.section.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md index 6cd59a95e63..f5a7bf54506 100644 --- a/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixos/doc/manual/release-notes/rl-2311.section.md @@ -124,6 +124,8 @@ - `himalaya` has been updated to `0.8.0`, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the [release note](https://github.com/soywod/himalaya/releases/tag/v0.8.0) for more details. +- `nix-prefetch-git` now ignores global and user git config, to improve reproducibility. + - The [services.caddy.acmeCA](#opt-services.caddy.acmeCA) option now defaults to `null` instead of `"https://acme-v02.api.letsencrypt.org/directory"`, to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream. - The default priorities of [`services.nextcloud.phpOptions`](#opt-services.nextcloud.phpOptions) have changed. This means that e.g. -- cgit 1.4.1