From fa88e75c4587aacebbc0c3f37b6a15f0c57d8268 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Tue, 22 Feb 2005 16:27:28 +0000
Subject: * Use fixed-output hashes in fetchsvn. * In nix-prefetch-svn, support
 setuid installations where the user has   no write access to the Nix store.

svn path=/nixpkgs/trunk/; revision=2275
---
 pkgs/build-support/fetchsvn/builder.sh       |  6 +++---
 pkgs/build-support/fetchsvn/default.nix      |  8 +++++++-
 pkgs/build-support/fetchsvn/nix-prefetch-svn | 22 ++++++++++++++++------
 3 files changed, 26 insertions(+), 10 deletions(-)

(limited to 'pkgs')

diff --git a/pkgs/build-support/fetchsvn/builder.sh b/pkgs/build-support/fetchsvn/builder.sh
index 3079588dca3..25a3c756892 100644
--- a/pkgs/build-support/fetchsvn/builder.sh
+++ b/pkgs/build-support/fetchsvn/builder.sh
@@ -2,7 +2,7 @@
 
 header "exporting $url (r$rev) into $out"
 
-prefetch=$(dirname $out)/svn-checkout-tmp-$md5
+prefetch=$(dirname $out)/svn-checkout-tmp-$outputHash
 echo $prefetch
 if test -e "$prefetch"; then
     mv $prefetch $out
@@ -11,8 +11,8 @@ else
 fi
 
 actual=$(nix-hash $out)
-if test "$actual" != "$md5"; then
-    echo "hash is $actual, expected $md5" >&2
+if test "$actual" != "$outputHash"; then
+    echo "hash is $actual, expected $outputHash" >&2
     exit 1
 fi
 
diff --git a/pkgs/build-support/fetchsvn/default.nix b/pkgs/build-support/fetchsvn/default.nix
index 4540772f1a6..131dd5d756c 100644
--- a/pkgs/build-support/fetchsvn/default.nix
+++ b/pkgs/build-support/fetchsvn/default.nix
@@ -4,6 +4,12 @@ stdenv.mkDerivation {
   name = "svn-export";
   builder = ./builder.sh;
   buildInputs = [subversion nix];
+
+  # Nix <= 0.7 compatibility.
   id = md5;
-  inherit url rev md5;
+
+  outputHashAlgo = "md5";
+  outputHash = md5;
+  
+  inherit url rev;
 }
diff --git a/pkgs/build-support/fetchsvn/nix-prefetch-svn b/pkgs/build-support/fetchsvn/nix-prefetch-svn
index 7f5f6828941..00d860e347e 100755
--- a/pkgs/build-support/fetchsvn/nix-prefetch-svn
+++ b/pkgs/build-support/fetchsvn/nix-prefetch-svn
@@ -24,6 +24,15 @@ if test -z "$hash"; then
     # !!! race? should be relatively safe, `svn export' barfs if $tmpPath exists.
     tmpPath1=$storeDir/svn-checkout-tmp-$$
 
+    # Test whether we have write permission in the store.  If not,
+    # fetch to /tmp and don't copy to the store.  This is a hack to
+    # make this script at least work somewhat in setuid installations.
+    if ! touch $tmpPath1 2> /dev/null; then
+        echo "(cannot write to the store, result won't be cached)" >&2
+        dummyMode=1
+        tmpPath1=/tmp/nix-prefetch-svn-$$ # !!! security?
+    fi
+
     # Perform the checkout.
     svn export -r "$rev" "$url" $tmpPath1 >&2
 
@@ -32,9 +41,10 @@ if test -z "$hash"; then
     echo "hash is $hash" >&2
 
     # Rename it so that the fetchsvn builder can find it.
-    tmpPath2=$storeDir/svn-checkout-tmp-$hash
-    test -e $tmpPath2 || mv $tmpPath1 $tmpPath2 # !!! race
-
+    if test "$dummyMode" != 1; then
+        tmpPath2=$storeDir/svn-checkout-tmp-$hash
+        test -e $tmpPath2 || mv $tmpPath1 $tmpPath2 # !!! race
+    fi
 fi
 
 # Create a Nix expression that does a fetchsvn.
@@ -44,12 +54,12 @@ storeExpr=$( \
   | nix-instantiate -)
 
 # Realise it.
-finalPath=$(nix-store -qnB --force-realise $storeExpr)
+finalPath=$(nix-store -r $storeExpr)
 
 echo "path is $finalPath" >&2
 
-if test -n "$tmpPath2"; then
-    rm -rf $tmpPath2 || true
+if test -n "$tmpPath1" -o -n "$tmpPath2"; then
+    rm -rf $tmpPath1 $tmpPath2 || true
 fi
 
 echo $hash
-- 
cgit 1.4.1