1

Short Version:

I am using CMake and Ninja with an external dependency in a git repo that requires a password prompt. (The source code must be secured).

When building using Makefiles I can use the password prompt and everything continues.

With Ninja it locks up at:

-- Build files have been written to: 
/path/to/project/hello_cpp/build/sqlite3-download
[1/9] Creating directories for 'sqlite3-download'
Enter PEM pass phrase:

My Question:

How do I get Ninja to allow me to enter the password?

  • ninja 1.7.2
  • cmake 3.8.2
  • git 2.13.2

Long Version

The following are the steps I have taken and the context of the question.

I have created SQLite3 CMake Library as a learning exercise in how to author a CMake library.

I have also created Hello CPP as a learning exercise for building a C++ project cross platform and configuring a project template.

I managed to get external dependencies working via Craig Scott's DownloadProject CMake Module.

include(DownloadProject)  
download_project(PROJ sqlite3
  GIT_REPOSITORY  "https://github.com/dexata/sqlite3-cmake.git"
  GIT_TAG         master
)
add_subdirectory(${sqlite3_SOURCE_DIR} ${sqlite3_BINARY_DIR})
target_link_libraries(helloworld_lib_target sqlite3)
get_property(sqlite3_inc_dir TARGET sqlite3 PROPERTY INCLUDE_DIRECTORIES)

I have also authored the following answer to How can I make git accept a self signed certificate?

So I am pretty intimately aware of the security features of self hosted git. We have the current constraint that our only connection is via https to access our git instance. Even if we allowed ssh access we still have the security policy that the private key have a password and thus Ninja still needs to allow interactive prompts.

Like I said above, it works with Makefiles but I am trying to get it working for Ninja.

Your help is appreciated advance.

Josh Peak
  • 5,898
  • 4
  • 40
  • 52

1 Answers1

1

You can still use ssh with private keys that have passwords. Use something like ssh-agent and ssh-add to only have to enter your password once for the current shell (i.e. before you initiate the build) and then your build won't ask for any passwords.

If you are locked into using https and need to enter a password, you could try adding the various USES_TERMINAL_... options in your call to download_project(). I think USES_TERMINAL_DOWNLOAD and USES_TERMINAL_UPDATE should be all you'd need. These options are documented in the ExternalProject module and download_project() passes through all options it doesn't recognise to the underlying call to ExternalProject_Add(). The documentation states that this gives Ninja access to the terminal, so maybe you will then get the opportunity to enter the password.

Having to enter your password for every build quickly gets tiresome though and it makes automated CI builds pretty hard. I'd strongly recommend you consider the SSH alternative, which typically integrates well with CI systems and is much more convenient for day to day development.

Craig Scott
  • 9,238
  • 5
  • 56
  • 85
  • Amazing how much a good RTFM nudge can help. Thanks. We do have different security protocols around developer access versus machine access. Otherwise, I agree, typing passwords for CI makes no sense. – Josh Peak Jul 05 '17 at 00:31