bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#63336: [PATCH] package-vc: Process :make and :shell-command spec arg

From: Philip Kaludercic
Subject: bug#63336: [PATCH] package-vc: Process :make and :shell-command spec args
Date: Mon, 15 May 2023 09:12:26 +0000 
Joseph Turner <joseph@breatheoutbreathe.in> writes:

> Philip Kaludercic <philipk@posteo.net> writes:
>
>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>>
>>> Philip Kaludercic <philipk@posteo.net> writes:
>>>
>>>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>>>>
>>>>> Philip Kaludercic <philipk@posteo.net> writes:
>>>>>
>>>>>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>
>>> We also might want to add another option for
>>> package-vc-allow-side-effects like 'user-defined, which only runs :make
>>> and :shell-command args which were specified by the user (as opposed to
>>> those which were downloaded from elpa). WDYT?
>>
>> That sounds like a good idea, but let us do that in a separate patch.
>
> Okay!
>
>>> To update the manual, shall I edit doc/emacs/package.texi directly or is
>>> there another file to edit?
>>
>> Yes, just update the table under the "Specifying Package Sources" subsection.
>
> See patch.
>
>>>> If :shell-command fails, do we really want to proceed to :make?
>>>
>>> Up to you! I was following the lead of elpa-admin.el.
>>
>> In that case let us do that too, unless there is a good reason not to.
>
> +1
>
>>> I switched the first two cases. I think pcase is readable here,
>>> especially if we add an 'user-defined option. What would you use
>>> instead?
>>
>> I would have just used a regular cond.
>>
>> --8<---------------cut here---------------start------------->8---
>> (cond
>>  ((null package-vc-process-make)
>>   ...)
>>  ((listp package-vc-process-make)
>>   ...)
>>  (...))
>> --8<---------------cut here---------------end--------------->8---
>>
>> But this doesn't matter, do what you prefer.
>
> Thank you! I like pcase here.
>
>>> +Be careful when changing this option as processing :make and
>>> +:shell-command will run potentially harmful code.
>>
>> Sounds scary.  I guess that is the point, but what do you think about
>> something like
>>
>>   Be careful when changing this option, as installing and updating a
>>   package can potentially run harmful code.  If possible, allow packages
>>   you trust to run code, if it is necessary for a package to be properly
>>   initialised.
>
> Thank you! What do you think about the version in the attached patch?
>
>>> +When set to a list of symbols (packages), run commands for only
>>> +packages in the list. When `nil', never run commands.  Otherwise
>>> +when non-`nil', run commands for any package with :make or
>>> +:shell-command specified.
>>
>> Watch out.  According to (elisp) Documentation Tips, nil is not quoted.
>
> Good to know! Fixed.
>
> From 812e32ea6c3f7b2d71174658db0e272b0b4fb84b Mon Sep 17 00:00:00 2001
> From: Joseph Turner <joseph@breatheoutbreathe.in>
> Date: Sat, 13 May 2023 10:05:04 -0700
> Subject: [PATCH] package-vc: Process :make and :shell-command spec args
>
> ---
>  doc/emacs/package.texi        |  9 ++++++++
>  lisp/emacs-lisp/package-vc.el | 42 +++++++++++++++++++++++++++++++++++
>  2 files changed, 51 insertions(+)
>
> diff --git a/doc/emacs/package.texi b/doc/emacs/package.texi
> index 6722185cb20..4f606b22e54 100644
> --- a/doc/emacs/package.texi
> +++ b/doc/emacs/package.texi
> @@ -682,6 +682,15 @@ A string providing the repository-relative name of the 
> documentation
>  file from which to build an Info file.  This can be a Texinfo file or
>  an Org file.
>  
> +@item :make
> +A string or list of strings providing the target or targets defined in
> +the repository Makefile which should run before building the Info
> +file. Only takes effect when package-vc-allow-side-effects is non-nil.

A @var is missing here

> +
> +@item :shell-command
> +A string providing the shell command to run before building the Info
> +file. Only takes effect when package-vc-allow-side-effects is non-nil.

and here.  I can take care of that.

> +
>  @item :vc-backend
>  A symbol naming the VC backend to use for downloading a copy of the
>  package's repository (@pxref{Version Control Systems,,,emacs, The GNU
> diff --git a/lisp/emacs-lisp/package-vc.el b/lisp/emacs-lisp/package-vc.el
> index beca0bd00e2..d2f6d287224 100644
> --- a/lisp/emacs-lisp/package-vc.el
> +++ b/lisp/emacs-lisp/package-vc.el
> @@ -344,6 +344,38 @@ asynchronously."
>          "\n")
>         nil pkg-file nil 'silent))))
>  
> +(defcustom package-vc-allow-side-effects nil
> +  "Whether to process :make and :shell-command spec arguments.
> +
> +It may be necessary to run :make and :shell-command arguments in
> +order to initialize a package or build its documentation, but
> +please be careful when changing this option, as installing and
> +updating a package can run potentially harmful code.
> +
> +When set to a list of symbols (packages), run commands for only
> +packages in the list. When nil, never run commands.  Otherwise
> +when non-nil, run commands for any package with :make or
> +:shell-command specified.
> +
> +Package specs are loaded from trusted package archives."
> +  :type '(choice (const :tag "Run for all packages" t)
> +                 (repeat :tag "Run only for selected packages" (symbol :tag 
> "Package name"))
> +                 (const :tag "Never run" nil))
> +  :version "30.1")
> +
> +(defun package-vc--make (pkg-spec pkg-desc)
> +  "Process :make and :shell-command PKG-SPEC arguments for PKG-DESC."
> +  (let ((target (plist-get pkg-spec :make))
> +        (cmd (plist-get pkg-spec :shell-command))
> +        (buf (format " *package-vc make %s*" (package-desc-name pkg-desc))))
> +    (when (or cmd target)
> +      (with-current-buffer (get-buffer-create buf)
> +        (erase-buffer)
> +        (when (and cmd (/= 0 (call-process shell-file-name nil t nil 
> shell-command-switch cmd)))
> +          (warn "Failed to run %s, see buffer %S" cmd (buffer-name)))
> +        (when (and target (/= 0 (apply #'call-process "make" nil t nil (if 
> (consp target) target (list target)))))
> +          (warn "Failed to make %s, see buffer %S" target (buffer-name)))))))
> +
>  (declare-function org-export-to-file "ox" (backend file))
>  
>  (defun package-vc--build-documentation (pkg-desc file)
> @@ -486,6 +518,16 @@ documentation and marking the package as installed."
>        ;; Generate package file
>        (package-vc--generate-description-file pkg-desc pkg-file)
>  
> +      ;; Process :make and :shell-command arguments before building 
> documentation
> +      (pcase package-vc-allow-side-effects
> +        ('nil         ; When `nil', do nothing.
> +         nil)
> +        ((pred consp) ; When non-`nil' list, check if package is on the list.
> +         (when (memq (package-desc-name pkg-desc) 
> package-vc-allow-side-effects)
> +           (package-vc--make pkg-spec pkg-desc)))
> +        (_            ; When otherwise non-`nil', run commands.
> +         (package-vc--make pkg-spec pkg-desc)))

Thinking about this again, I am still not convinced.  Isn't

--8<---------------cut here---------------start------------->8---
(when (or (eq package-vc-allow-side-effects t)
          (memq (package-desc-name pkg-desc)
                package-vc-allow-side-effects))
  (package-vc--make pkg-spec pkg-desc))
--8<---------------cut here---------------end--------------->8---

much simpler?  Again, you don't have to prepare another patch, I'm just
interested in what you think.

> +
>        ;; Detect a manual
>        (when (executable-find "install-info")
>          (dolist (doc-file (ensure-list (plist-get pkg-spec :doc)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]