`fetchpatch` silently strips binary sections

[mweinelt]

Issue description

When applying a patch through fetchpatch that includes a Git binary hunk, that hunk is silently dropped. This can cause all kinds of funky behaviour, e.g. due to missing test artficacts (e.g. media, der certificates) and is not easily noticable.

The issue stems from the fact that patchutils does not deal with that kind of hunk and ideally we don't want to introduce a dependency on gitMinimal in fetchpatch.

Steps to reproduce

randombit/botan@c2faa88

❯ curl  https://github.com/randombit/botan/commit/c2faa88b0281e5017be72e1c85d0c41f686e1928.patch 2>/dev/null | lsdiff
b/src/tests/data/x509/ocsp/bdr-int.pem
b/src/tests/data/x509/ocsp/bdr-root.pem
b/src/tests/data/x509/ocsp/bdr.pem
a/src/tests/test_x509_path.cpp

What is missing after applying patchutils is the hunk for src/tests/data/x509/ocsp/bdr-int-ocsp-resp.der.

Proposed remediation

Simple and stupid:

grep -q "GIT binary patch" "$out"  && { echo "Patch includes Git binary hunk, which can't be supported in fetchpatch"; exit 1 }

possibly with an escape hatch, to ignore missing binaries.

Technical details

• 23.05-pre-3056-gfae71ddc73a

cc @vcunat @risicle

[Artturin]

How about fetchpatch2 which was just merged and uses a newer patchutils

[mweinelt]

No, patchutils 0.4.2 shows the same behaviour. I'm still thinking about whether it is a reasonable ask to support this upstream.

[amarshall]

Upstream issue: twaugh/patchutils#57

However, note that GNU patch does not seem to support Git binary diff format.