From d1d09616e5ffa9b0ef422c17f842550208e19038 Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Fri, 14 Feb 2020 12:56:51 +0100
Subject: [PATCH] fetchpatch: Allow using SRI hash instead of sha256

---
 pkgs/build-support/fetchpatch/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/build-support/fetchpatch/default.nix b/pkgs/build-support/fetchpatch/default.nix
index 2fb32b2324f20..23b35d87e5e93 100644
--- a/pkgs/build-support/fetchpatch/default.nix
+++ b/pkgs/build-support/fetchpatch/default.nix
@@ -11,9 +11,17 @@ let
 in
 { stripLen ? 0, extraPrefix ? null, excludes ? [], includes ? [], revert ? false, ... }@args:
 
+let
+  tmpname =
+    if args ? hash then
+      # Make base-64 encoded SRI hash filename-safe using RFC 4648 §5
+      lib.replaceStrings [ "+" "/" "=" ] [ "-" "_" "" ] args.hash
+    else
+      args.sha256;
+in
 fetchurl ({
   postFetch = ''
-    tmpfile="$TMPDIR/${args.sha256}"
+    tmpfile="$TMPDIR/${tmpname}"
     if [ ! -s "$out" ]; then
       echo "error: Fetched patch file '$out' is empty!" 1>&2
       exit 1