From bb821c65ff1403d07aaf86a46098ca618c5d1aa5 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sat, 23 Mar 2019 09:47:13 +0100
Subject: [PATCH] systemd: update debian patches url to snapshots.debian.org

The current approach will fail when enough time has passed. We ideally
want to be reproducible even in a few years of time. So we should pick
the sources of patches wisely as otherwise we can not do that.
---
 pkgs/os-specific/linux/systemd/default.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 2f873f34b8859..d54972c055be2 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -34,10 +34,12 @@ in stdenv.mkDerivation rec {
       # Upstream's maintenance branches are still too intrusive:
       # https://github.com/systemd/systemd-stable/tree/v239-stable
       patches-deb = fetchurl {
-        # When the URL disappears, it typically means that Debian has new patches
-        # (probably security) and updating to new tarball will apply them as well.
+        # This URL should point to a stable location that does not easily
+        # disappear.  In the past we were using `mirror://debian` but that
+        # eventually causes the files to disappear.  While that was a good sign
+        # for us to update our patch collection it does break reproducibility.
         name = "systemd-debian-patches.tar.xz";
-        url = mirror://debian/pool/main/s/systemd/systemd_239-12~bpo9+1.debian.tar.xz;
+        url = http://snapshot.debian.org/archive/debian/20190301T035241Z/pool/main/s/systemd/systemd_239-12%7Ebpo9%2B1.debian.tar.xz;
         sha256 = "0v9f62gyfiw5icdrdlcvjcipsqrsm49w6n8bqp9nb8s2ih6rsfhg";
       };
       # Note that we skip debian-specific patches, i.e. ./debian/patches/debian/*