[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Downloader for "wrapped" tarbar?
From: |
Ekaitz Zarraga |
Subject: |
Re: Downloader for "wrapped" tarbar? |
Date: |
Sat, 30 May 2020 10:24:02 +0000 |
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, May 30, 2020 10:39 AM, Hartmut Goebel
<h.goebel@crazy-compilers.com> wrote:
> Hi,
>
> was just written in another mail, I'm currently working on a
> erlang/rebar build system. This includes an importer from hex.pm, a
> package repository for elixir and erlang packages. (Since this is build
> into rebar3 I assume it what PyPI is for Python and CPAN for Perl.)
>
> At hex.pm, packages are provided in a tarfile [1] wrapping the source
> tar-file:
>
> -rw-r--r-- 0/0 1 2017-06-14 21:57 VERSION
> -rw-r--r-- 0/0 64 2017-06-14 21:57 CHECKSUM
> -rw-r--r-- 0/0 532 2017-06-14 21:57 metadata.config
> -rw-r--r-- 0/0 4744 2017-06-14 21:57 contents.tar.gz
>
> IMHO it does not make sense to keep this wrapping tar-file in the store.
>
> So my idea is to create a "hexpm-fetch" method, which downloads the
> tar-file and only stores the "content.tar.gz" in the store (using a
> proper name, of course).
>
> How can this be done?
>
> [1] https://github.com/hexpm/specifications/blob/master/package_tarball.md
>
>
Hi,
Probably you're able to reach the same conclusions as I did but anyway...
I took a look to guix/download.scm I think you just need to check what
url-fetch/zipbomb does because the usecase is similar to what you are looking
for.
Hope this helps at least a little.
Thanks for the work you are doing, I'm interested on it because I want to
package Wings3D, so once you are done you'll probably have a tester :)
Best,
Ekaitz