From 99d512a41fb76a5daeda6c7bc5b69d1519f756d3 Mon Sep 17 00:00:00 2001
From: Sander van der Burg <s.vanderburg@tudelft.nl>
Date: Wed, 2 Apr 2008 13:28:55 +0000
Subject: [PATCH] Added hacky fetchsvn component which allows users to fetch
 code over svn+ssh

svn path=/nixpkgs/trunk/; revision=11455
---
 pkgs/build-support/fetchsvnssh/builder.sh     | 15 +++++++++++++
 pkgs/build-support/fetchsvnssh/default.nix    | 16 ++++++++++++++
 .../fetchsvnssh/sshsubversion.exp             | 22 +++++++++++++++++++
 pkgs/top-level/all-packages.nix               |  5 +++++
 4 files changed, 58 insertions(+)
 create mode 100644 pkgs/build-support/fetchsvnssh/builder.sh
 create mode 100644 pkgs/build-support/fetchsvnssh/default.nix
 create mode 100755 pkgs/build-support/fetchsvnssh/sshsubversion.exp

diff --git a/pkgs/build-support/fetchsvnssh/builder.sh b/pkgs/build-support/fetchsvnssh/builder.sh
new file mode 100644
index 000000000000..d9c6dc7da31a
--- /dev/null
+++ b/pkgs/build-support/fetchsvnssh/builder.sh
@@ -0,0 +1,15 @@
+source $stdenv/setup
+
+header "exporting $url (r$rev) into $out"
+
+if test "$sshSupport"; then
+    export SVN_SSH="$openssh/bin/ssh"
+fi
+
+# Pipe the "p" character into Subversion to force it to accept the
+# server's certificate.  This is perfectly safe: we don't care
+# whether the server is being spoofed --- only the cryptographic
+# hash of the output matters.
+expect -f $sshSubversion "$username" "$password" "$rev" "$url" $out
+
+stopNest
diff --git a/pkgs/build-support/fetchsvnssh/default.nix b/pkgs/build-support/fetchsvnssh/default.nix
new file mode 100644
index 000000000000..6c6c03d68732
--- /dev/null
+++ b/pkgs/build-support/fetchsvnssh/default.nix
@@ -0,0 +1,16 @@
+{stdenv, subversion, sshSupport ? false, openssh ? null, expect}: 
+{username, password, url, rev ? "HEAD", md5 ? "", sha256 ? ""}:
+
+stdenv.mkDerivation {
+  name = "svn-export-ssh";
+  builder = ./builder.sh;
+  buildInputs = [subversion expect];
+
+  outputHashAlgo = if sha256 == "" then "md5" else "sha256";
+  outputHashMode = "recursive";
+  outputHash = if sha256 == "" then md5 else sha256;
+  
+  sshSubversion = ./sshsubversion.exp;
+  
+  inherit username password url rev sshSupport openssh;
+}
diff --git a/pkgs/build-support/fetchsvnssh/sshsubversion.exp b/pkgs/build-support/fetchsvnssh/sshsubversion.exp
new file mode 100755
index 000000000000..c00f39714e5b
--- /dev/null
+++ b/pkgs/build-support/fetchsvnssh/sshsubversion.exp
@@ -0,0 +1,22 @@
+#!/nix/var/nix/profiles/default/bin/expect -f
+
+# Set variables
+set username [lindex $argv 0]
+set password [lindex $argv 1]
+set rev [lindex $argv 2]
+set url [lindex $argv 3]
+set out [lindex $argv 4]
+set timeout -1
+
+spawn svn export -r$rev svn+ssh://$username@$url $out
+match_max 100000
+
+expect "*continue connecting*" { send -- "yes\r"; expect "*?assword:*"; send -- "$password\r" } \
+       "*?assword:*" { send -- "$password\r" }
+
+expect "*?assword:*"
+send -- "$password\r"
+
+# Send blank line
+send -- "\r"
+expect eof
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 24159b4b39d8..e9728de377c3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -345,6 +345,11 @@ let pkgs = rec {
     sshSupport = true;
   };
 
+  fetchsvnssh = import ../build-support/fetchsvnssh {
+    inherit stdenv subversion openssh expect;
+    sshSupport = true;
+  };
+
   # TODO do some testing
   fetchhg = import ../build-support/fetchhg {
     inherit stdenv mercurial nix;