diff --git a/kdesvn-build b/kdesvn-build index 3746079..c73f413 100755 --- a/kdesvn-build +++ b/kdesvn-build @@ -935,7 +935,7 @@ sub checkout_module_path chdir($pathinfo{'path'}); - push @args, ('svn', 'co'); + push @args, ('svn', 'co', '--non-interactive'); push @args, '-N' if scalar @path; push @args, svn_module_url($module); push @args, $pathinfo{'module'}; @@ -964,7 +964,7 @@ sub update_module_path chdir $fullpath; - push @args, ('svn', 'up'); + push @args, ('svn', 'up', '--non-interactive'); push @args, '-N' if scalar @path; note "Updating g[$module]"; @@ -994,6 +994,98 @@ sub update_module_path return update_module_subdirectories($module, @path); } +# The function checks whether subversion already has an ssl acceptance +# notification for svn.kde.org, and if it's doesn't, installs one. +# Problems: First off, installing any kind of "accept this ssl cert without +# user's active consent" kind of sucks. Second, this function is very +# specific to the various signature algorithms used by svn, so it could break +# in the future. But there's not a better way to skip warnings about svn.kde.org +# until the site has a valid ssl certificate. +# +# Accepts no arguments, has no return value. +sub install_missing_ssl_signature +{ + my $sig_dir = "$ENV{HOME}/.subversion/auth/svn.ssl.server"; + my $sig_file = "ec08b331e2e6cabccb6c3e17a85e28ce"; + + debug "Checking $sig_dir/$sig_file for KDE SSL signature."; + + if (-e "$sig_dir/$sig_file") + { + debug "KDE SSL Signature file present."; + return; + } + + debug "No KDE SSL Signature found."; + return if pretending; + + # Now we're definitely installing, let the user know. + warning "Installing b[y[KDE SSL signature] for Subversion. This is to avoid"; + warning "Subversion warnings about KDE's self-signed SSL certificate for svn.kde.org"; + + # Make sure the directory is created. + if(not super_mkdir($sig_dir)) + { + error "Unable to create r[Subversion signature] directory!"; + error "$!"; + + return; + } + + my $sig_data = +'K 10 +ascii_cert +V 1216 +MIIDijCCAvOgAwIBAgIJAO9Ca3rOVtgrMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGE\ +wJERTEQMA4GA1UECBMHQmF2YXJpYTESMBAGA1UEBxMJTnVlcm5iZXJnMREwDwYDVQQKEw\ +hLREUgZS5WLjEMMAoGA1UECxMDU1ZOMRQwEgYDVQQDEwtzdm4ua2RlLm9yZzEfMB0GCSq\ +GSIb3DQEJARYQc3lzYWRtaW5Aa2RlLm9yZzAeFw0wNTA1MTExMDA4MjFaFw0xNTA1MDkx\ +MDA4MjFaMIGLMQswCQYDVQQGEwJERTEQMA4GA1UECBMHQmF2YXJpYTESMBAGA1UEBxMJT\ +nVlcm5iZXJnMREwDwYDVQQKEwhLREUgZS5WLjEMMAoGA1UECxMDU1ZOMRQwEgYDVQQDEw\ +tzdm4ua2RlLm9yZzEfMB0GCSqGSIb3DQEJARYQc3lzYWRtaW5Aa2RlLm9yZzCBnzANBgk\ +qhkiG9w0BAQEFAAOBjQAwgYkCgYEA6COuBkrEcEJMhzHajKpN/StQwr/YeXIXKwtROWEt\ +7evsXBNqqRe6TuUc/iVYgBuZ4umVlJ/qJ7Q8cSa8Giuk2B3ShZx/WMSC80OfGDJ4LoWm3\ +uoW8h45ExAACBlhuuSSa7MkH6EXhru1SvLbAbTcSVqyTzoWxhkAb8ujy6CUxHsCAwEAAa\ +OB8zCB8DAdBgNVHQ4EFgQUx2W0046HfWi1fGL1V8NlDJvnPRkwgcAGA1UdIwSBuDCBtYA\ +Ux2W0046HfWi1fGL1V8NlDJvnPRmhgZGkgY4wgYsxCzAJBgNVBAYTAkRFMRAwDgYDVQQI\ +EwdCYXZhcmlhMRIwEAYDVQQHEwlOdWVybmJlcmcxETAPBgNVBAoTCEtERSBlLlYuMQwwC\ +gYDVQQLEwNTVk4xFDASBgNVBAMTC3N2bi5rZGUub3JnMR8wHQYJKoZIhvcNAQkBFhBzeX\ +NhZG1pbkBrZGUub3JnggkA70Jres5W2CswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQU\ +FAAOBgQDjATlL2NByFDo5hhQAQdXjSYrMxil7zcpQjR+KYVizC7yK99ZsA0LYf/Qbu/pa\ +oMnmKLKWeNlF8Eq7/23TeAJmjw1pKi97ZO2FJ8jvy65iBEJLRYnpJ75dvg05iugm9GZ5w\ +Px6GHZmkSrteGDXgVbbSDy5exv1naqc+qEM7Ar4Xw== +K 8 +failures +V 1 +8 +K 15 +svn:realmstring +V 23 +https://svn.kde.org:443 +END +'; + + # Remove the \ parts (the gibberish should be one big long + # line). + $sig_data =~ s/\\\n//gm; + + if(not open SIG, ">$sig_dir/$sig_file") + { + error "Unable to open KDE SSL signature file!"; + error "r[$!]"; + + return; + } + + if(not print SIG $sig_data) + { + error "Unable to write to KDE SSL signature file!"; + error "r[$!]"; + } + + close SIG; +} + # Subroutine to run a command with redirected STDOUT and STDERR. First parameter # is name of the log file (relative to the log directory), and the # second parameter is a reference to an array with the command and @@ -1038,8 +1130,16 @@ sub log_command # Redirect stdout and stderr to the given file. if (not debugging) { -# Comment this out because it conflicts with make-install-prefix -# open (STDIN, "$logdir/$filename.log") or do { error "Error opening $logdir/$filename.log for logfile."; # Don't abort, hopefully STDOUT still works. @@ -1307,7 +1407,20 @@ sub safe_make (@) $description = $apidox ? "API Documentation" : clr "g[$module]"; unshift @args, $make, $apidox ? 'install-apidox' : 'install'; - unshift @args, split(' ', get_option ($module, 'make-install-prefix')); + + my @install_cmd = split(' ', get_option ($module, 'make-install-prefix')); + if (@install_cmd) + { + # Add -S option if we're running sudo and it's not already + # present. This causes sudo to read the password from stdin (and + # consequently fail instead of hanging at the terminal). + if ($install_cmd[0] eq 'sudo' and not grep (/^-S$/, @install_cmd)) + { + splice (@install_cmd, 1, 0, '-S'); # Add -S right after 'sudo' + } + + unshift @args, @install_cmd; + } info "\tInstalling $description."; } @@ -2708,6 +2821,10 @@ sub handle_updates } } + # Make sure KDE's SSL signature is present since --non-interactive is + # passed to svn. + install_missing_ssl_signature(); + foreach $module (@{$update_ref}) { my $fullpath = get_fullpath($module, 'source'); diff --git a/kdesvn-buildrc-sample b/kdesvn-buildrc-sample index 0fe3ea8..0f6bc33 100644 --- a/kdesvn-buildrc-sample +++ b/kdesvn-buildrc-sample @@ -79,7 +79,12 @@ global # If you would like install KDE to the system (DO NOT INSTALL *over* a prior # installation!), then you'll probably need to use sudo to install everything. -# make-install-prefix sudo +# +# The -S parameter causes sudo to read from standard input (which is redirected by +# kdesvn-build). This means that if sudo has to ask for your password, it will fail, +# you need to configure sudo to be able to run "make install" and "unsermake install" +# without requesting a password. +# make-install-prefix sudo -S # You can use the set-env option to add values to the build environment. set-env LDFLAGS -Wl,-O1 # Optimize the linker, takes longer.