fetchgit: Support fetching signed tags over dumb http transport

[chkno]

Description of changes

Support fetching annotated (eg: signed) tags from dumb-http-transport git remotes.

Testing advice welcome! It seems like these tests depend upon live internet services, which seems not-great! Currently, it only depends upon github.com, which many other nixpkgs things also rely on, and github.com has pretty good capacity and availability. But I don't immediately see a way to test this change against github.com because github dropped support for dumb http fetching in 2011. I've included a test against my own humble home server here to demonstrate how this change corrects the defect, but my humble home server does not have the capacity and availability of github.com! I'm wary of leaving this test case in, lest any unavailability of my humble home server cause spurious flaky test failures for others. :(

Output of the test case failing without the fix:

$ nix-build . -A tests.fetchgit.dumb-http-signed-tag
this derivation will be built:
  /nix/store/by82f6l6xq9242r1v1gq6855i2y5mqhg-dumb-http-signed-tag-source-salted-mglyr7v5dxa5.drv
building '/nix/store/by82f6l6xq9242r1v1gq6855i2y5mqhg-dumb-http-signed-tag-source-salted-mglyr7v5dxa5.drv'...
exporting https://git.scottworley.com/pub/git/pinch (rev v3.0.14) into /nix/store/7886l42bijhly4k816zdnpy5gcp4h36d-dumb-http-signed-tag-source-salted-mglyr7v5dxa5
Initialized empty Git repository in /nix/store/7886l42bijhly4k816zdnpy5gcp4h36d-dumb-http-signed-tag-source-salted-mglyr7v5dxa5/.git/
fatal: dumb http transport does not support shallow capabilities
fatal: dumb http transport does not support shallow capabilities
From https://git.scottworley.com/pub/git/pinch
 * [new branch]      master     -> origin/master
 * [new tag]         1.0        -> 1.0
 ...
 * [new tag]         2.1.0      -> 2.1.0
 * [new tag]         2.1.1      -> 2.1.1
 * [new tag]         v3.0.0     -> v3.0.0
 * [new tag]         v3.0.1     -> v3.0.1
 * [new tag]         v3.0.10    -> v3.0.10
 * [new tag]         v3.0.11    -> v3.0.11
 * [new tag]         v3.0.12    -> v3.0.12
 * [new tag]         v3.0.13    -> v3.0.13
 * [new tag]         v3.0.14    -> v3.0.14
 * [new tag]         v3.0.2     -> v3.0.2
 ...
 * [new tag]         v3.0.9     -> v3.0.9
Unrecognized git object type: tag
Unable to checkout refs/tags/v3.0.14 from https://git.scottworley.com/pub/git/pinch.
error: builder for '/nix/store/by82f6l6xq9242r1v1gq6855i2y5mqhg-dumb-http-signed-tag-source-salted-mglyr7v5dxa5.drv' failed with exit code 1;

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[chkno]

It looks like the problem was introduced in #104714. FYI: @thomasjm @primeos

I think this PR will fix #115145. FYI: @eduardosm
I think this PR will fix #126848. FYI: @sternenseemann

[thomasjm]

LGTM

[nrdxp]

Testing advice welcome!

You could turn the test into a NixOS test, then you could spin up a local http server and test against that directly. That is a lot more involved though. I'll leave it to you.

[sternenseemann]

@ofborg build tests.fetchgit