1 #include "primops.hh"
2 #include "eval-inline.hh"
3 #include "download.hh"
4 #include "store-api.hh"
5 #include "pathlocks.hh"
6 #include "hash.hh"
7
8 #include <sys/time.h>
9 #include <sys/wait.h>
10
11 #include <regex>
12
13 #include <nlohmann/json.hpp>
14
15 using namespace std::string_literals;
16
17 namespace nix {
18
19 struct GitInfo
20 {
21 Path storePath;
22 std::string rev;
23 std::string shortRev;
24 uint64_t revCount = 0;
25 };
26
27 std::regex revRegex("^[0-9a-fA-F]{40}$");
28
exportGit(ref<Store> store,const std::string & uri,std::optional<std::string> ref,std::string rev,const std::string & name)29 GitInfo exportGit(ref<Store> store, const std::string & uri,
30 std::optional<std::string> ref, std::string rev,
31 const std::string & name)
32 {
33 if (evalSettings.pureEval && rev == "")
34 throw Error("in pure evaluation mode, 'fetchGit' requires a Git revision");
35
36 if (!ref && rev == "" && hasPrefix(uri, "/") && pathExists(uri + "/.git")) {
37
38 bool clean = true;
39
40 try {
41 runProgram("git", true, { "-C", uri, "diff-index", "--quiet", "HEAD", "--" });
42 } catch (ExecError & e) {
43 if (!WIFEXITED(e.status) || WEXITSTATUS(e.status) != 1) throw;
44 clean = false;
45 }
46
47 if (!clean) {
48
49 /* This is an unclean working tree. So copy all tracked
50 files. */
51
52 GitInfo gitInfo;
53 gitInfo.rev = "0000000000000000000000000000000000000000";
54 gitInfo.shortRev = std::string(gitInfo.rev, 0, 7);
55
56 auto files = tokenizeString<std::set<std::string>>(
57 runProgram("git", true, { "-C", uri, "ls-files", "-z" }), "\0"s);
58
59 PathFilter filter = [&](const Path & p) -> bool {
60 assert(hasPrefix(p, uri));
61 std::string file(p, uri.size() + 1);
62
63 auto st = lstat(p);
64
65 if (S_ISDIR(st.st_mode)) {
66 auto prefix = file + "/";
67 auto i = files.lower_bound(prefix);
68 return i != files.end() && hasPrefix(*i, prefix);
69 }
70
71 return files.count(file);
72 };
73
74 gitInfo.storePath = store->addToStore("source", uri, true, htSHA256, filter);
75
76 return gitInfo;
77 }
78
79 // clean working tree, but no ref or rev specified. Use 'HEAD'.
80 rev = chomp(runProgram("git", true, { "-C", uri, "rev-parse", "HEAD" }));
81 ref = "HEAD"s;
82 }
83
84 if (!ref) ref = "HEAD"s;
85
86 if (rev != "" && !std::regex_match(rev, revRegex))
87 throw Error("invalid Git revision '%s'", rev);
88
89 deletePath(getCacheDir() + "/nix/git");
90
91 Path cacheDir = getCacheDir() + "/nix/gitv2/" + hashString(htSHA256, uri).to_string(Base32, false);
92
93 if (!pathExists(cacheDir)) {
94 createDirs(dirOf(cacheDir));
95 runProgram("git", true, { "init", "--bare", cacheDir });
96 }
97
98 Path localRefFile;
99 if (ref->compare(0, 5, "refs/") == 0)
100 localRefFile = cacheDir + "/" + *ref;
101 else
102 localRefFile = cacheDir + "/refs/heads/" + *ref;
103
104 bool doFetch;
105 time_t now = time(0);
106 /* If a rev was specified, we need to fetch if it's not in the
107 repo. */
108 if (rev != "") {
109 try {
110 runProgram("git", true, { "-C", cacheDir, "cat-file", "-e", rev });
111 doFetch = false;
112 } catch (ExecError & e) {
113 if (WIFEXITED(e.status)) {
114 doFetch = true;
115 } else {
116 throw;
117 }
118 }
119 } else {
120 /* If the local ref is older than ‘tarball-ttl’ seconds, do a
121 git fetch to update the local ref to the remote ref. */
122 struct stat st;
123 doFetch = stat(localRefFile.c_str(), &st) != 0 ||
124 (uint64_t) st.st_mtime + settings.tarballTtl <= (uint64_t) now;
125 }
126 if (doFetch)
127 {
128 Activity act(*logger, lvlTalkative, actUnknown, fmt("fetching Git repository '%s'", uri));
129
130 // FIXME: git stderr messes up our progress indicator, so
131 // we're using --quiet for now. Should process its stderr.
132 runProgram("git", true, { "-C", cacheDir, "fetch", "--quiet", "--force", "--", uri, fmt("%s:%s", *ref, *ref) });
133
134 struct timeval times[2];
135 times[0].tv_sec = now;
136 times[0].tv_usec = 0;
137 times[1].tv_sec = now;
138 times[1].tv_usec = 0;
139
140 utimes(localRefFile.c_str(), times);
141 }
142
143 // FIXME: check whether rev is an ancestor of ref.
144 GitInfo gitInfo;
145 gitInfo.rev = rev != "" ? rev : chomp(readFile(localRefFile));
146 gitInfo.shortRev = std::string(gitInfo.rev, 0, 7);
147
148 printTalkative("using revision %s of repo '%s'", gitInfo.rev, uri);
149
150 std::string storeLinkName = hashString(htSHA512, name + std::string("\0"s) + gitInfo.rev).to_string(Base32, false);
151 Path storeLink = cacheDir + "/" + storeLinkName + ".link";
152 PathLocks storeLinkLock({storeLink}, fmt("waiting for lock on '%1%'...", storeLink)); // FIXME: broken
153
154 try {
155 auto json = nlohmann::json::parse(readFile(storeLink));
156
157 assert(json["name"] == name && json["rev"] == gitInfo.rev);
158
159 gitInfo.storePath = json["storePath"];
160
161 if (store->isValidPath(gitInfo.storePath)) {
162 gitInfo.revCount = json["revCount"];
163 return gitInfo;
164 }
165
166 } catch (SysError & e) {
167 if (e.errNo != ENOENT) throw;
168 }
169
170 // FIXME: should pipe this, or find some better way to extract a
171 // revision.
172 auto tar = runProgram("git", true, { "-C", cacheDir, "archive", gitInfo.rev });
173
174 Path tmpDir = createTempDir();
175 AutoDelete delTmpDir(tmpDir, true);
176
177 runProgram("tar", true, { "x", "-C", tmpDir, "-f", "-"}, tar);
178
179 gitInfo.storePath = store->addToStore(name, tmpDir);
180
181 gitInfo.revCount = std::stoull(runProgram("git", true, { "-C", cacheDir, "rev-list", "--count", gitInfo.rev }));
182
183 nlohmann::json json;
184 json["storePath"] = gitInfo.storePath;
185 json["uri"] = uri;
186 json["name"] = name;
187 json["rev"] = gitInfo.rev;
188 json["revCount"] = gitInfo.revCount;
189
190 writeFile(storeLink, json.dump());
191
192 return gitInfo;
193 }
194
prim_fetchGit(EvalState & state,const Pos & pos,Value ** args,Value & v)195 static void prim_fetchGit(EvalState & state, const Pos & pos, Value * * args, Value & v)
196 {
197 std::string url;
198 std::optional<std::string> ref;
199 std::string rev;
200 std::string name = "source";
201 PathSet context;
202
203 state.forceValue(*args[0]);
204
205 if (args[0]->type == tAttrs) {
206
207 state.forceAttrs(*args[0], pos);
208
209 for (auto & attr : *args[0]->attrs) {
210 string n(attr.name);
211 if (n == "url")
212 url = state.coerceToString(*attr.pos, *attr.value, context, false, false);
213 else if (n == "ref")
214 ref = state.forceStringNoCtx(*attr.value, *attr.pos);
215 else if (n == "rev")
216 rev = state.forceStringNoCtx(*attr.value, *attr.pos);
217 else if (n == "name")
218 name = state.forceStringNoCtx(*attr.value, *attr.pos);
219 else
220 throw EvalError("unsupported argument '%s' to 'fetchGit', at %s", attr.name, *attr.pos);
221 }
222
223 if (url.empty())
224 throw EvalError(format("'url' argument required, at %1%") % pos);
225
226 } else
227 url = state.coerceToString(pos, *args[0], context, false, false);
228
229 // FIXME: git externals probably can be used to bypass the URI
230 // whitelist. Ah well.
231 state.checkURI(url);
232
233 auto gitInfo = exportGit(state.store, url, ref, rev, name);
234
235 state.mkAttrs(v, 8);
236 mkString(*state.allocAttr(v, state.sOutPath), gitInfo.storePath, PathSet({gitInfo.storePath}));
237 mkString(*state.allocAttr(v, state.symbols.create("rev")), gitInfo.rev);
238 mkString(*state.allocAttr(v, state.symbols.create("shortRev")), gitInfo.shortRev);
239 mkInt(*state.allocAttr(v, state.symbols.create("revCount")), gitInfo.revCount);
240 v.attrs->sort();
241
242 if (state.allowedPaths)
243 state.allowedPaths->insert(state.store->toRealPath(gitInfo.storePath));
244 }
245
246 static RegisterPrimOp r("fetchGit", 1, prim_fetchGit);
247
248 }
249