diff options
| author | Mx Kookie <kookie@spacekookie.de> | 2020-12-21 06:05:12 +0100 |
|---|---|---|
| committer | Mx Kookie <kookie@spacekookie.de> | 2020-12-21 06:05:12 +0100 |
| commit | f107be784e6d5da5f90735765a68fdff96acfbb4 (patch) | |
| tree | 145573a598009fb6adbd5ef7fbce0a850681f5f0 /infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh | |
| parent | 2e04b35e5ac3a9123cafffbc84494fa4d389cca0 (diff) | |
| parent | e9158eca70ae59e73fae23be5d13d3fa0cfc78b4 (diff) | |
Add 'infra/libkookie/nixpkgs/' from commit 'e9158eca70ae59e73fae23be5d13d3fa0cfc78b4'
git-subtree-dir: infra/libkookie/nixpkgs
git-subtree-mainline: 2e04b35e5ac3a9123cafffbc84494fa4d389cca0
git-subtree-split: e9158eca70ae59e73fae23be5d13d3fa0cfc78b4
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh')
3 files changed, 57 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh new file mode 100644 index 000000000000..d9c6dc7da31a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh @@ -0,0 +1,15 @@ +source $stdenv/setup + +header "exporting $url (r$rev) into $out" + +if test "$sshSupport"; then + export SVN_SSH="$openssh/bin/ssh" +fi + +# Pipe the "p" character into Subversion to force it to accept the +# server's certificate. This is perfectly safe: we don't care +# whether the server is being spoofed --- only the cryptographic +# hash of the output matters. +expect -f $sshSubversion "$username" "$password" "$rev" "$url" $out + +stopNest diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix new file mode 100644 index 000000000000..fbd74efd750a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix @@ -0,0 +1,20 @@ +{stdenvNoCC, subversion, sshSupport ? true, openssh ? null, expect}: +{username, password, url, rev ? "HEAD", md5 ? "", sha256 ? ""}: + + +if md5 != "" then + throw "fetchsvnssh does not support md5 anymore, please use sha256" +else +stdenvNoCC.mkDerivation { + name = "svn-export-ssh"; + builder = ./builder.sh; + nativeBuildInputs = [subversion expect]; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = sha256; + + sshSubversion = ./sshsubversion.exp; + + inherit username password url rev sshSupport openssh; +} diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp new file mode 100755 index 000000000000..c00f39714e5b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp @@ -0,0 +1,22 @@ +#!/nix/var/nix/profiles/default/bin/expect -f + +# Set variables +set username [lindex $argv 0] +set password [lindex $argv 1] +set rev [lindex $argv 2] +set url [lindex $argv 3] +set out [lindex $argv 4] +set timeout -1 + +spawn svn export -r$rev svn+ssh://$username@$url $out +match_max 100000 + +expect "*continue connecting*" { send -- "yes\r"; expect "*?assword:*"; send -- "$password\r" } \ + "*?assword:*" { send -- "$password\r" } + +expect "*?assword:*" +send -- "$password\r" + +# Send blank line +send -- "\r" +expect eof |