libgit2: Disable Security.framework transport on Darwin.

When used by cargo, `libgit2` crashes with a Segmentation Fault on
Darwin. This crash is somehow connected to the `Security.framework`
native to Darwin, and while being easy to reproduce, is very hard to
track down.

This commit introduces a patch to `libgit2` which disables the
troublesome transport and instead depends on `libcurl`. The patch also
adds support for `SSL_CERT_FILE` to `libgit2`.

Upstream tracking issue is
https://github.com/libgit2/libgit2/issues/3885.

pkgs/development/libraries/git2/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, http-parser, libiconv }:
+{ stdenv, fetchurl, pkgconfig, cmake, zlib, python, libssh2, openssl, curl, http-parser, libiconv }:
 
 stdenv.mkDerivation (rec {
   version = "0.24.1";
@@ -10,10 +10,20 @@ stdenv.mkDerivation (rec {
     sha256 = "0rw80480dx2f6a2wbb1bwixygg1iwq3r7vwhxdmkkf4lpxd35jhd";
   };
 
+  # TODO: `cargo` (rust's package manager) surfaced a serious bug in
+  # libgit2 when the `Security.framework` transport is used on Darwin.
+  # The upstream issue is tracked at
+  # https://github.com/libgit2/libgit2/issues/3885 - feel free to
+  # remove this patch as soon as it's resolved (i.E. when cargo is
+  # working fine without this patch)
+  patches = stdenv.lib.optionals stdenv.isDarwin [
+    ./disable-security.framework.patch
+  ];
+
   cmakeFlags = "-DTHREADSAFE=ON";
 
   nativeBuildInputs = [ cmake python pkgconfig ];
-  buildInputs = [ zlib libssh2 openssl http-parser ];
+  buildInputs = [ zlib libssh2 openssl http-parser curl ];
 
   meta = {
     description = "The Git linkable library";