diff options
| author | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
|---|---|---|
| committer | Mx Kookie <kookie@spacekookie.de> | 2020-10-31 19:35:09 +0100 |
| commit | c4625b175f8200f643fd6e11010932ea44c78433 (patch) | |
| tree | bce3f89888c8ac3991fa5569a878a9eab6801ccc /infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh | |
| parent | 49f735974dd103039ddc4cb576bb76555164a9e7 (diff) | |
| parent | d661aa56a8843e991261510c1bb28fdc2f6975ae (diff) | |
Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'
git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh')
3 files changed, 57 insertions, 0 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh new file mode 100644 index 000000000000..d9c6dc7da31a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/builder.sh @@ -0,0 +1,15 @@ +source $stdenv/setup + +header "exporting $url (r$rev) into $out" + +if test "$sshSupport"; then + export SVN_SSH="$openssh/bin/ssh" +fi + +# Pipe the "p" character into Subversion to force it to accept the +# server's certificate. This is perfectly safe: we don't care +# whether the server is being spoofed --- only the cryptographic +# hash of the output matters. +expect -f $sshSubversion "$username" "$password" "$rev" "$url" $out + +stopNest diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix new file mode 100644 index 000000000000..fbd74efd750a --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/default.nix @@ -0,0 +1,20 @@ +{stdenvNoCC, subversion, sshSupport ? true, openssh ? null, expect}: +{username, password, url, rev ? "HEAD", md5 ? "", sha256 ? ""}: + + +if md5 != "" then + throw "fetchsvnssh does not support md5 anymore, please use sha256" +else +stdenvNoCC.mkDerivation { + name = "svn-export-ssh"; + builder = ./builder.sh; + nativeBuildInputs = [subversion expect]; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = sha256; + + sshSubversion = ./sshsubversion.exp; + + inherit username password url rev sshSupport openssh; +} diff --git a/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp new file mode 100755 index 000000000000..c00f39714e5b --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/build-support/fetchsvnssh/sshsubversion.exp @@ -0,0 +1,22 @@ +#!/nix/var/nix/profiles/default/bin/expect -f + +# Set variables +set username [lindex $argv 0] +set password [lindex $argv 1] +set rev [lindex $argv 2] +set url [lindex $argv 3] +set out [lindex $argv 4] +set timeout -1 + +spawn svn export -r$rev svn+ssh://$username@$url $out +match_max 100000 + +expect "*continue connecting*" { send -- "yes\r"; expect "*?assword:*"; send -- "$password\r" } \ + "*?assword:*" { send -- "$password\r" } + +expect "*?assword:*" +send -- "$password\r" + +# Send blank line +send -- "\r" +expect eof |