bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#63336: [PATCH] package-vc: Process :make and :shell-command spec arg

From: Philip Kaludercic
Subject: bug#63336: [PATCH] package-vc: Process :make and :shell-command spec args
Date: Sun, 14 May 2023 19:30:23 +0000 
Joseph Turner <joseph@breatheoutbreathe.in> writes:

> Philip Kaludercic <philipk@posteo.net> writes:
>
>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>>
>>> Philip Kaludercic <philipk@posteo.net> writes:
>>>
>>>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>>> From b27724197acd4ee72f9d336843f0e6ed9fcee87b Mon Sep 17 00:00:00 2001
>>> From: Joseph Turner <joseph@breatheoutbreathe.in>
>>> Date: Sat, 13 May 2023 10:05:04 -0700
>>> Subject: [PATCH] package-vc: Process :make and :shell-command spec args
>>>
>>> ---
>>>  lisp/emacs-lisp/package-vc.el | 37 +++++++++++++++++++++++++++++++++++
>>>  1 file changed, 37 insertions(+)
>>>
>>> diff --git a/lisp/emacs-lisp/package-vc.el b/lisp/emacs-lisp/package-vc.el
>>> index beca0bd00e2..8529d1dad5c 100644
>>> --- a/lisp/emacs-lisp/package-vc.el
>>> +++ b/lisp/emacs-lisp/package-vc.el
>>> @@ -344,6 +344,33 @@ asynchronously."
>>>          "\n")
>>>         nil pkg-file nil 'silent))))
>>>
>>> +(defcustom package-vc-process-make nil
>>
>> Have we discussed the name of this user option?  I feel it is too
>> immediate, and therefore not intuitively obvious what purpose it serves.
>> I would imagine something along the lines of
>> "package-vc-allow-side-effects" or "package-vc-permit-building" could be
>> better?  WDYT?
>
> I like "package-vc-allow-side-effects". Changed in attached patch.
>
>>> +  "Whether to process :make and :shell-command spec arguments.
>>
>> I guess here too an explanation would be warranted (and in the manual).
>> Explaining what the issue is, and why one might be wary to enable the option.
>
> Does my addition suffice?
>
> We also might want to add another option for
> package-vc-allow-side-effects like 'user-defined, which only runs :make
> and :shell-command args which were specified by the user (as opposed to
> those which were downloaded from elpa). WDYT?

That sounds like a good idea, but let us do that in a separate patch.

> To update the manual, shall I edit doc/emacs/package.texi directly or is
> there another file to edit?

Yes, just update the table under the "Specifying Package Sources" subsection.

>>> +When set to a list of symbols (packages), run commands for only
>>> +packages in the list. When `nil', never run commands. Otherwise
>>> +when non-`nil', run commands for any package with :make or
>>> +:shell-command specified.
>>> +
>>> +Package specs are loaded from trusted package archives."
>>> +  :type '(choice (const :tag "Run for all packages" t)
>>> +                 (repeat :tag "Run only for selected packages" (symbol 
>>> :tag "Package name"))
>>> +                 (const :tag "Never run" nil))
>>> +  :version "30.1")
>>> +
>>> +(defun package-vc--make (pkg-spec pkg-desc)
>>> +  "Process :make and :shell-command PKG-SPEC arguments for PKG-DESC."
>>> +  (let ((target (plist-get pkg-spec :make))
>>> +        (cmd (plist-get pkg-spec :shell-command)))
>>> +    (when (or cmd target)
>>> +      (with-current-buffer (get-buffer-create
>>
>> I'd format the buffer name in the top let to prevent this line-break here.
>
> Done.
>
>>> +                            (format " *package-vc make %s*" 
>>> (package-desc-name pkg-desc)))
>>> +        (erase-buffer)
>>> +        (when (and cmd (/= 0 (call-process shell-file-name nil t nil 
>>> shell-command-switch cmd)))
>>> +          (warn "Failed to run %s, see buffer %S" cmd (buffer-name)))
>>> +        (when (and target (/= 0 (apply #'call-process "make" nil t nil (if 
>>> (consp target) target (list target)))))
>>> +          (warn "Failed to make %s, see buffer %S" target 
>>> (buffer-name)))))))
>>
>> If :shell-command fails, do we really want to proceed to :make?
>
> Up to you! I was following the lead of elpa-admin.el.

In that case let us do that too, unless there is a good reason not to.

>>>  (declare-function org-export-to-file "ox" (backend file))
>>>
>>>  (defun package-vc--build-documentation (pkg-desc file)
>>> @@ -486,6 +513,16 @@ documentation and marking the package as installed."
>>>        ;; Generate package file
>>>        (package-vc--generate-description-file pkg-desc pkg-file)
>>>
>>> +      ;; Process :make and :shell-command arguments before building 
>>> documentation
>>> +      (pcase package-vc-process-make
>>> +        ((pred consp) ; When non-`nil' list, check if package is on the 
>>> list.
>>> +         (when (memq (package-desc-name pkg-desc) package-vc-process-make)
>>> +           (package-vc--make pkg-spec pkg-desc)))
>>> +        ('nil         ; When `nil', do nothing.
>>> +         nil)
>>
>> Perhaps swap the two conditions, first checking nil then listp which I
>> think reads more natural.  Then again, is pcase actually serving
>> anything here?
>
> I switched the first two cases. I think pcase is readable here,
> especially if we add an 'user-defined option. What would you use
> instead?

I would have just used a regular cond.

--8<---------------cut here---------------start------------->8---
(cond
 ((null package-vc-process-make)
  ...)
 ((listp package-vc-process-make)
  ...)
 (...))
--8<---------------cut here---------------end--------------->8---

But this doesn't matter, do what you prefer.

>>> +        (_            ; When otherwise non-`nil', run commands.
>>> +         (package-vc--make pkg-spec pkg-desc)))
>>> +
>>>        ;; Detect a manual
>>>        (when (executable-find "install-info")
>>>          (dolist (doc-file (ensure-list (plist-get pkg-spec :doc)))
>
> From 3e7084e8e3e3ba142f383e90bfa656f59f3cc1ad Mon Sep 17 00:00:00 2001
> From: Joseph Turner <joseph@breatheoutbreathe.in>
> Date: Sat, 13 May 2023 10:05:04 -0700
> Subject: [PATCH] package-vc: Process :make and :shell-command spec args
>
> ---
>  lisp/emacs-lisp/package-vc.el | 40 +++++++++++++++++++++++++++++++++++
>  1 file changed, 40 insertions(+)
>
> diff --git a/lisp/emacs-lisp/package-vc.el b/lisp/emacs-lisp/package-vc.el
> index beca0bd00e2..8403add364c 100644
> --- a/lisp/emacs-lisp/package-vc.el
> +++ b/lisp/emacs-lisp/package-vc.el
> @@ -344,6 +344,36 @@ asynchronously."
>          "\n")
>         nil pkg-file nil 'silent))))
>  
> +(defcustom package-vc-allow-side-effects nil
> +  "Whether to process :make and :shell-command spec arguments.
> +
> +Be careful when changing this option as processing :make and
> +:shell-command will run potentially harmful code.

Sounds scary.  I guess that is the point, but what do you think about
something like

  Be careful when changing this option, as installing and updating a
  package can potentially run harmful code.  If possible, allow packages
  you trust to run code, if it is necessary for a package to be properly
  initialised.

> +
> +When set to a list of symbols (packages), run commands for only
> +packages in the list. When `nil', never run commands.  Otherwise
> +when non-`nil', run commands for any package with :make or
> +:shell-command specified.

Watch out.  According to (elisp) Documentation Tips, nil is not quoted.

> +
> +Package specs are loaded from trusted package archives."
> +  :type '(choice (const :tag "Run for all packages" t)
> +                 (repeat :tag "Run only for selected packages" (symbol :tag 
> "Package name"))
> +                 (const :tag "Never run" nil))
> +  :version "30.1")
> +
> +(defun package-vc--make (pkg-spec pkg-desc)
> +  "Process :make and :shell-command PKG-SPEC arguments for PKG-DESC."
> +  (let ((target (plist-get pkg-spec :make))
> +        (cmd (plist-get pkg-spec :shell-command))
> +        (buf (format " *package-vc make %s*" (package-desc-name pkg-desc))))
> +    (when (or cmd target)
> +      (with-current-buffer (get-buffer-create buf)
> +        (erase-buffer)
> +        (when (and cmd (/= 0 (call-process shell-file-name nil t nil 
> shell-command-switch cmd)))
> +          (warn "Failed to run %s, see buffer %S" cmd (buffer-name)))
> +        (when (and target (/= 0 (apply #'call-process "make" nil t nil (if 
> (consp target) target (list target)))))
> +          (warn "Failed to make %s, see buffer %S" target (buffer-name)))))))
> +
>  (declare-function org-export-to-file "ox" (backend file))
>  
>  (defun package-vc--build-documentation (pkg-desc file)
> @@ -486,6 +516,16 @@ documentation and marking the package as installed."
>        ;; Generate package file
>        (package-vc--generate-description-file pkg-desc pkg-file)
>  
> +      ;; Process :make and :shell-command arguments before building 
> documentation
> +      (pcase package-vc-allow-side-effects
> +        ('nil         ; When `nil', do nothing.
> +         nil)
> +        ((pred consp) ; When non-`nil' list, check if package is on the list.
> +         (when (memq (package-desc-name pkg-desc) 
> package-vc-allow-side-effects)
> +           (package-vc--make pkg-spec pkg-desc)))
> +        (_            ; When otherwise non-`nil', run commands.
> +         (package-vc--make pkg-spec pkg-desc)))
> +
>        ;; Detect a manual
>        (when (executable-find "install-info")
>          (dolist (doc-file (ensure-list (plist-get pkg-spec :doc)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]