A rather large commit, but it's basically all to allow me to close STDIN when forking to

execute a command, which will prevent kdesvn-build from getting hung at the terminal by a
command trying to read some input:

What this entailed was:
* Preventing sudo from opening a direct connection to terminal.  This was easy, as sudo has
  a command line switch to do just that.  Note that this won't work for other programs used
  as the make-install-prefix command.

* Preventing subversion from prompting the user while still allowing the checkouts/updates
  to succeed.  This was harder, and could be a bit controversial.
  
Basically the big stumbling block for subversion is that because the SSL certificate for
svn.kde.org is unsigned (and will always be accessed at least once), subversion will
(rightly) prompt the user to see if they trust the site.  But this breaks non interactive
builds (which is what kdesvn-build is for, after all).  svn has a nice --non-interactive
switch but that defaults to rejecting the cert, which would make kdesvn-build useless.

So, what I've done for that is added code to install the appropriate signature file if it
is not detected prior to performing the update.  This is, of course, bad for all the obvious
reasons:
 1. It is choosing for the user to accept svn.kde.org (I don't consider this so bad really)
 2. Should the SSL cert for svn.kde.org ever change (and still be invalid), then people
    will have no way to allow svn to work without running it manually.  I have a mechanism
    to avoid redirecting stdin in case this happens however.
 3. This is very dependant on subversion not changing file locations, signature algorithms,
    etc.  So, we're not future proof here.

However, I'm tired of waking up and seeing kdesvn-build still trying to compile kdelibs or
something because it wants to know if I want to change the mode of a file.  Uh, thanks.  So,
in it goes.  I'm open to suggestions that are implementable for solving the svn thing in a
better fashion.

svn path=/trunk/KDE/kdesdk/scripts/kdesvn-build; revision=477110

kdesvn-build

@@ -935,7 +935,7 @@ sub checkout_module_path
 
     chdir($pathinfo{'path'});
 
-    push @args, ('svn', 'co');
+    push @args, ('svn', 'co', '--non-interactive');
     push @args, '-N' if scalar @path;
     push @args, svn_module_url($module);
     push @args, $pathinfo{'module'};
@@ -964,7 +964,7 @@ sub update_module_path
 
     chdir $fullpath;
 
-    push @args, ('svn', 'up');
+    push @args, ('svn', 'up', '--non-interactive');
     push @args, '-N' if scalar @path;
 
     note "Updating g[$module]";
@@ -994,6 +994,98 @@ sub update_module_path
     return update_module_subdirectories($module, @path);
 }
 
+# The function checks whether subversion already has an ssl acceptance
+# notification for svn.kde.org, and if it's doesn't, installs one.
+# Problems: First off, installing any kind of "accept this ssl cert without
+# user's active consent" kind of sucks.  Second, this function is very
+# specific to the various signature algorithms used by svn, so it could break
+# in the future.  But there's not a better way to skip warnings about svn.kde.org
+# until the site has a valid ssl certificate.
+# 
+# Accepts no arguments, has no return value.
+sub install_missing_ssl_signature
+{
+    my $sig_dir  = "$ENV{HOME}/.subversion/auth/svn.ssl.server";
+    my $sig_file = "ec08b331e2e6cabccb6c3e17a85e28ce";
+
+    debug "Checking $sig_dir/$sig_file for KDE SSL signature.";
+
+    if (-e "$sig_dir/$sig_file")
+    {
+        debug "KDE SSL Signature file present.";
+        return;
+    }
+
+    debug "No KDE SSL Signature found.";
+    return if pretending;
+
+    # Now we're definitely installing, let the user know.
+    warning "Installing b[y[KDE SSL signature] for Subversion.  This is to avoid";
+    warning "Subversion warnings about KDE's self-signed SSL certificate for svn.kde.org";
+
+    # Make sure the directory is created.
+    if(not super_mkdir($sig_dir))
+    {
+        error "Unable to create r[Subversion signature] directory!";
+        error "$!";
+
+        return;
+    }
+
+    my $sig_data =
+'K 10
+ascii_cert
+V 1216
+MIIDijCCAvOgAwIBAgIJAO9Ca3rOVtgrMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGE\
+wJERTEQMA4GA1UECBMHQmF2YXJpYTESMBAGA1UEBxMJTnVlcm5iZXJnMREwDwYDVQQKEw\
+hLREUgZS5WLjEMMAoGA1UECxMDU1ZOMRQwEgYDVQQDEwtzdm4ua2RlLm9yZzEfMB0GCSq\
+GSIb3DQEJARYQc3lzYWRtaW5Aa2RlLm9yZzAeFw0wNTA1MTExMDA4MjFaFw0xNTA1MDkx\
+MDA4MjFaMIGLMQswCQYDVQQGEwJERTEQMA4GA1UECBMHQmF2YXJpYTESMBAGA1UEBxMJT\
+nVlcm5iZXJnMREwDwYDVQQKEwhLREUgZS5WLjEMMAoGA1UECxMDU1ZOMRQwEgYDVQQDEw\
+tzdm4ua2RlLm9yZzEfMB0GCSqGSIb3DQEJARYQc3lzYWRtaW5Aa2RlLm9yZzCBnzANBgk\
+qhkiG9w0BAQEFAAOBjQAwgYkCgYEA6COuBkrEcEJMhzHajKpN/StQwr/YeXIXKwtROWEt\
+7evsXBNqqRe6TuUc/iVYgBuZ4umVlJ/qJ7Q8cSa8Giuk2B3ShZx/WMSC80OfGDJ4LoWm3\
+uoW8h45ExAACBlhuuSSa7MkH6EXhru1SvLbAbTcSVqyTzoWxhkAb8ujy6CUxHsCAwEAAa\
+OB8zCB8DAdBgNVHQ4EFgQUx2W0046HfWi1fGL1V8NlDJvnPRkwgcAGA1UdIwSBuDCBtYA\
+Ux2W0046HfWi1fGL1V8NlDJvnPRmhgZGkgY4wgYsxCzAJBgNVBAYTAkRFMRAwDgYDVQQI\
+EwdCYXZhcmlhMRIwEAYDVQQHEwlOdWVybmJlcmcxETAPBgNVBAoTCEtERSBlLlYuMQwwC\
+gYDVQQLEwNTVk4xFDASBgNVBAMTC3N2bi5rZGUub3JnMR8wHQYJKoZIhvcNAQkBFhBzeX\
+NhZG1pbkBrZGUub3JnggkA70Jres5W2CswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQU\
+FAAOBgQDjATlL2NByFDo5hhQAQdXjSYrMxil7zcpQjR+KYVizC7yK99ZsA0LYf/Qbu/pa\
+oMnmKLKWeNlF8Eq7/23TeAJmjw1pKi97ZO2FJ8jvy65iBEJLRYnpJ75dvg05iugm9GZ5w\
+Px6GHZmkSrteGDXgVbbSDy5exv1naqc+qEM7Ar4Xw==
+K 8
+failures
+V 1
+8
+K 15
+svn:realmstring
+V 23
+https://svn.kde.org:443
+END
+';
+
+    # Remove the \<newline> parts (the gibberish should be one big long
+    # line).
+    $sig_data =~ s/\\\n//gm;
+
+    if(not open SIG, ">$sig_dir/$sig_file")
+    {
+        error "Unable to open KDE SSL signature file!";
+        error "r[$!]";
+
+        return;
+    }
+
+    if(not print SIG $sig_data)
+    {
+        error "Unable to write to KDE SSL signature file!";
+        error "r[$!]";
+    }
+
+    close SIG;
+}
+
 # Subroutine to run a command with redirected STDOUT and STDERR.  First parameter
 # is name of the log file (relative to the log directory), and the
 # second parameter is a reference to an array with the command and
@@ -1038,8 +1130,16 @@ sub log_command
         # Redirect stdout and stderr to the given file.
         if (not debugging)
         {
-# Comment this out because it conflicts with make-install-prefix
-#            open (STDIN, "</dev/null");
+
+# The stdin redirection used to be commented out because it will cause
+# problems for users using make-install-prefix when a password is desired, or
+# when svn complains about the SSL signature.  I think I've fixed the latter,
+# and I've decided that users should configure sudo to not need the password,
+# or simply run sudo kdesvn-build instead of using make-install-prefix.  Now
+# other commands will fail instead of hanging at the terminal.  As it stands, it can still
+# be canceled using an exported env var just in case.
+
+            open (STDIN, "</dev/null") unless exists $ENV{'KDESVN_BUILD_USE_TTY'};
             open (STDOUT, ">$logdir/$filename.log") or do {
                 error "Error opening $logdir/$filename.log for logfile.";
                 # Don't abort, hopefully STDOUT still works.
@@ -1307,7 +1407,20 @@ sub safe_make (@)
 
         $description = $apidox ? "API Documentation" : clr "g[$module]";
         unshift @args, $make, $apidox ? 'install-apidox' : 'install';
-        unshift @args, split(' ', get_option ($module, 'make-install-prefix'));
+
+        my @install_cmd = split(' ', get_option ($module, 'make-install-prefix'));
+        if (@install_cmd)
+        {
+            # Add -S option if we're running sudo and it's not already
+            # present.  This causes sudo to read the password from stdin (and
+            # consequently fail instead of hanging at the terminal).
+            if ($install_cmd[0] eq 'sudo' and not grep (/^-S$/, @install_cmd))
+            {
+                splice (@install_cmd, 1, 0, '-S'); # Add -S right after 'sudo'
+            }
+
+            unshift @args, @install_cmd;
+        }
 
         info "\tInstalling $description.";
     }
@@ -2708,6 +2821,10 @@ sub handle_updates
         }
     }
 
+    # Make sure KDE's SSL signature is present since --non-interactive is
+    # passed to svn.
+    install_missing_ssl_signature();
+
     foreach $module (@{$update_ref})
     {
         my $fullpath = get_fullpath($module, 'source');

kdesvn-buildrc-sample

@@ -79,7 +79,12 @@ global
 
 # If you would like install KDE to the system (DO NOT INSTALL *over* a prior
 # installation!), then you'll probably need to use sudo to install everything.
-# 	make-install-prefix sudo
+#
+# The -S parameter causes sudo to read from standard input (which is redirected by
+# kdesvn-build).  This means that if sudo has to ask for your password, it will fail,
+# you need to configure sudo to be able to run "make install" and "unsermake install"
+# without requesting a password.
+# 	make-install-prefix sudo -S
 
 # You can use the set-env option to add values to the build environment.
 	set-env LDFLAGS -Wl,-O1   # Optimize the linker, takes longer.