From 21bb180547118e29a66bf091bd6b1dd911b3114d Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 14 Nov 2023 13:30:51 +0100
Subject: [PATCH] Use libgit2 with ssh-exec support

See https://github.com/libgit2/libgit2/pull/6617. This ensures that we
get support for ~/.ssh/config, known_hosts etc.
---
 flake.lock                   | 17 +++++++++++++++++
 flake.nix                    |  9 +++++++--
 src/libfetchers/git-utils.cc | 17 -----------------
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/flake.lock b/flake.lock
index 991cef1ee..2b1d96e4e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -16,6 +16,22 @@
         "type": "github"
       }
     },
+    "libgit2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1697646580,
+        "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
+        "owner": "libgit2",
+        "repo": "libgit2",
+        "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "libgit2",
+        "repo": "libgit2",
+        "type": "github"
+      }
+    },
     "lowdown-src": {
       "flake": false,
       "locked": {
@@ -67,6 +83,7 @@
     "root": {
       "inputs": {
         "flake-compat": "flake-compat",
+        "libgit2": "libgit2",
         "lowdown-src": "lowdown-src",
         "nixpkgs": "nixpkgs",
         "nixpkgs-regression": "nixpkgs-regression"
diff --git a/flake.nix b/flake.nix
index e71aa5374..d6a173081 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,8 +7,9 @@
   inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
   inputs.lowdown-src = { url = "github:kristapsdz/lowdown"; flake = false; };
   inputs.flake-compat = { url = "github:edolstra/flake-compat"; flake = false; };
+  inputs.libgit2 = { url = "github:libgit2/libgit2"; flake = false; };
 
-  outputs = { self, nixpkgs, nixpkgs-regression, lowdown-src, flake-compat }:
+  outputs = { self, nixpkgs, nixpkgs-regression, lowdown-src, flake-compat, libgit2 }:
 
     let
       inherit (nixpkgs) lib;
@@ -194,7 +195,11 @@
             bzip2 xz brotli editline
             openssl sqlite
             libarchive
-            libgit2
+            (pkgs.libgit2.overrideAttrs (attrs: {
+              src = libgit2;
+              version = libgit2.lastModifiedDate;
+              cmakeFlags = (attrs.cmakeFlags or []) ++ ["-DUSE_SSH=exec"];
+            }))
             boost
             lowdown-nix
             libsodium
diff --git a/src/libfetchers/git-utils.cc b/src/libfetchers/git-utils.cc
index 3a0e2d02f..1ec50099b 100644
--- a/src/libfetchers/git-utils.cc
+++ b/src/libfetchers/git-utils.cc
@@ -336,9 +336,6 @@ struct GitRepoImpl : GitRepo, std::enable_shared_from_this<GitRepoImpl>
         const std::string & url,
         const std::string & refspec) override
     {
-        /* FIXME: use libgit2. Unfortunately, it doesn't support
-           ssh_config at the moment. */
-        #if 0
         Remote remote;
 
         if (git_remote_create_anonymous(Setter(remote), *this, url.c_str()))
@@ -352,20 +349,6 @@ struct GitRepoImpl : GitRepo, std::enable_shared_from_this<GitRepoImpl>
 
         if (git_remote_fetch(remote.get(), &refspecs2, nullptr, nullptr))
             throw Error("fetching '%s' from '%s': %s", refspec, url, git_error_last()->message);
-        #endif
-
-        // FIXME: git stderr messes up our progress indicator, so
-        // we're using --quiet for now. Should process its stderr.
-        runProgram("git", true,
-            { "-C", path.abs(),
-              "--bare",
-              "fetch",
-              "--quiet",
-              "--force",
-              "--",
-              url,
-              refspec
-            }, {}, true);
     }
 
     void verifyCommit(