fetchgitPrivate: put our custom ssh on PATH

Currently we wrap ssh so it can find the config file passed in by <ssh-config-file>. If one however uses ProxyCommand ssh, then ssh that is on PATH is taken (which is also unavailable when using nix-shell --pure), which is the plain ${openssh}/bin/ssh. This commit makes sure our wrapped ssh is available on PATH.
2017-11-07 14:07:52 +01:00 · 2017-11-07 14:07:52 +01:00 · f8eed5f7a5
commit f8eed5f7a5
parent 2e333a202b
1 changed files with 20 additions and 13 deletions
--- a/pkgs/build-support/fetchgit/private.nix
+++ b/pkgs/build-support/fetchgit/private.nix
@ -1,10 +1,10 @@
-{ fetchgit, writeScript, openssh, stdenv }: args: derivation ((fetchgit args).drvAttrs // {
+{ fetchgit, runCommand, makeWrapper, openssh, stdenv }: args: derivation ((fetchgit args).drvAttrs // {
  SSH_AUTH_SOCK = if (builtins.tryEval <ssh-auth-sock>).success
    then builtins.toString <ssh-auth-sock>
    else null;
-  GIT_SSH = writeScript "fetchgit-ssh" ''
-    #! ${stdenv.shell}
-    exec -a ssh ${openssh}/bin/ssh -F ${let
+
+  GIT_SSH = let
+    config = ''${let
        sshConfigFile = if (builtins.tryEval <ssh-config-file>).success
          then <ssh-config-file>
          else builtins.trace ''
@ -14,6 +14,13 @@

            You may need StrictHostKeyChecking=no in the config file. Since ssh will refuse to use a group-readable private key, if using build-users you will likely want to use something like IdentityFile /some/directory/%u/key and have a directory for each build user accessible to that user.
          '' "/var/lib/empty/config";
-    in builtins.toString sshConfigFile} "$@"
+      in builtins.toString sshConfigFile}'';
+
+    ssh-wrapped = runCommand "fetchgit-ssh" {
+      buildInputs = [ makeWrapper ];
+    } ''
+      mkdir -p $out/bin
+      makeWrapper ${openssh}/bin/ssh $out/bin/ssh --prefix PATH : "$out/bin" --add-flags "-F ${config}" "$@"
    '';
+  in "${ssh-wrapped}/bin/ssh";
 })