From 666042141ed2039fdb136ccc89ca1aff6a495ec4 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 21 Apr 2020 14:02:17 +0200 Subject: [PATCH] git: Fix the update.sh script and use HTTPS The syntax is ${parameter:-word} (i.e. previously this used "latestTag" instead of the actual value). (Fixes a regression from #85278.) Also: Even though getting the latest tag isn't really security critical (as long as Git itself is secure against untrusted input), I'd prefer to switch from the Git to the HTTPS protocol (for authentication of the server and encryption + uses a standard port). --- .../version-management/git-and-tools/git/update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/git-and-tools/git/update.sh b/pkgs/applications/version-management/git-and-tools/git/update.sh index d0bc413fb89..54574722b02 100755 --- a/pkgs/applications/version-management/git-and-tools/git/update.sh +++ b/pkgs/applications/version-management/git-and-tools/git/update.sh @@ -4,8 +4,8 @@ set -eu -o pipefail oldVersion="$(nix-instantiate --eval -E "with import ./. {}; lib.getVersion git" | tr -d '"')" -latestTag="$(git ls-remote --tags --sort="v:refname" git://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')" -targetVersion="${1:-latestTag}" +latestTag="$(git ls-remote --tags --sort="v:refname" https://github.com/git/git.git | grep -v '\{\}' | grep -v '\-rc' | tail -1 | sed 's|^.*/v\(.*\)|\1|')" +targetVersion="${1:-$latestTag}" if [ ! "${oldVersion}" = "${targetVersion}" ]; then update-source-version git "${targetVersion}"