fetchgit: set GIT_CONFIG_NOSYSTEM

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

17.31k stars 13.54k forks source link

fetchgit: set GIT_CONFIG_NOSYSTEM #63774

Open dylex opened 5 years ago

dylex commented 5 years ago

Issue description

I ran into #63740 because fetchGit loads the system /etc/gitconfig, which didn't apply within the build environment. I'm proposing that nix-prefetch-git should set GIT_CONFIG_NOSYSTEM to ensure purity during fetching. Happy to supply a PR for this if this sounds reasonable.

Steps to reproduce

Put something bad in /etc/gitconfig (in my case it was the [filter "lfs"] that git-lfs installs) and try to build something that triggers this (in my case paraview).

sifmelcara commented 5 years ago

FWIW, maybe enable sandbox build can avoid the issue? ( https://nixos.wiki/wiki/Nix#Sandboxing )

dylex commented 5 years ago

Unfortunately sandboxing is not an option for us (non-root cluster builds on centos7 hosts).

stale[bot] commented 4 years ago

Thank you for your contributions.

This has been automatically marked as stale because it has had no activity for 180 days.

If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.

Here are suggestions that might help resolve this more quickly:

Search for maintainers and people that previously touched the related code and @ mention them in a comment.
Ask on the NixOS Discourse.
Ask on the #nixos channel on irc.freenode.net.

andronat commented 1 year ago

any news on this? I'm currently blocked by this in GitHub actions as they set:

[filter "lfs"]
        clean = git-lfs clean -- %f
        smudge = git-lfs smudge -- %f
        process = git-lfs filter-process
        required = true

in: /etc/gitconfig by default.