Merge pull request #31356 from FRidh/fetchgitPrivate

fetchgitPrivate: put our custom ssh on PATH

pkgs/build-support/fetchgit/private.nix

@@ -1,10 +1,10 @@
-{ fetchgit, writeScript, openssh, stdenv }: args: derivation ((fetchgit args).drvAttrs // {
+{ fetchgit, runCommand, makeWrapper, openssh, stdenv }: args: derivation ((fetchgit args).drvAttrs // {
   SSH_AUTH_SOCK = if (builtins.tryEval <ssh-auth-sock>).success
     then builtins.toString <ssh-auth-sock>
     else null;
-  GIT_SSH = writeScript "fetchgit-ssh" ''
+
-    #! ${stdenv.shell}
+  GIT_SSH = let
-    exec -a ssh ${openssh}/bin/ssh -F ${let
+    config = ''${let
         sshConfigFile = if (builtins.tryEval <ssh-config-file>).success
           then <ssh-config-file>
           else builtins.trace ''
@@ -14,6 +14,13 @@
 
             You may need StrictHostKeyChecking=no in the config file. Since ssh will refuse to use a group-readable private key, if using build-users you will likely want to use something like IdentityFile /some/directory/%u/key and have a directory for each build user accessible to that user.
           '' "/var/lib/empty/config";
-    in builtins.toString sshConfigFile} "$@"
+      in builtins.toString sshConfigFile}'';
+
+    ssh-wrapped = runCommand "fetchgit-ssh" {
+      buildInputs = [ makeWrapper ];
+    } ''
+      mkdir -p $out/bin
+      makeWrapper ${openssh}/bin/ssh $out/bin/ssh --prefix PATH : "$out/bin" --add-flags "-F ${config}" "$@"
     '';
+  in "${ssh-wrapped}/bin/ssh";
 })