From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.bugs Subject: bug#63336: [PATCH] package-vc: Process :make and :shell-command spec args Date: Mon, 15 May 2023 09:12:26 +0000 Message-ID: <87sfbynekl.fsf@posteo.net> References: <874joprxmx.fsf@breatheoutbreathe.in> <87jzxkecnk.fsf@posteo.net> <87pm7b7up0.fsf@breatheoutbreathe.in> <877ctghey0.fsf@posteo.net> <873540rqkm.fsf@breatheoutbreathe.in> <87ilcvichb.fsf@posteo.net> <87cz33parh.fsf@breatheoutbreathe.in> <871qjiiucw.fsf@posteo.net> <87jzxafotr.fsf@breatheoutbreathe.in> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="30929"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 63336@debbugs.gnu.org To: Joseph Turner Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon May 15 11:13:14 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pyUGY-0007nx-6P for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 15 May 2023 11:13:14 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pyUGO-0000f7-JN; Mon, 15 May 2023 05:13:04 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pyUGM-0000ex-PI for bug-gnu-emacs@gnu.org; Mon, 15 May 2023 05:13:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pyUGM-0000nH-GP for bug-gnu-emacs@gnu.org; Mon, 15 May 2023 05:13:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pyUGL-000612-Q8 for bug-gnu-emacs@gnu.org; Mon, 15 May 2023 05:13:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Philip Kaludercic Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 15 May 2023 09:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63336 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 63336-submit@debbugs.gnu.org id=B63336.168414195923082 (code B ref 63336); Mon, 15 May 2023 09:13:01 +0000 Original-Received: (at 63336) by debbugs.gnu.org; 15 May 2023 09:12:39 +0000 Original-Received: from localhost ([127.0.0.1]:42749 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pyUFy-00060E-9Q for submit@debbugs.gnu.org; Mon, 15 May 2023 05:12:38 -0400 Original-Received: from mout02.posteo.de ([185.67.36.66]:49729) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pyUFv-0005zw-5w for 63336@debbugs.gnu.org; Mon, 15 May 2023 05:12:36 -0400 Original-Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 57139240104 for <63336@debbugs.gnu.org>; Mon, 15 May 2023 11:12:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1684141948; bh=Y9kGgvJlz63ZvPdwEOhzG0oMnZLecENgT1e7q3+zQ6Q=; h=From:To:Cc:Subject:Autocrypt:Date:Message-ID:MIME-Version:From; b=QYJNDmAMtKSX7M1ubRZ54GvGfx4LsIxPZlbTJuCCUoqHCUhJZT0BfD4IimdddD3k/ ox5uhqhm5reIlGzMxZBt5wpoKNHz7PNRiEmKii4S4cJLnTx60jPzgQGUQyddFIweCZ 2tuKVvJteeGncq6QSz3oskOdp51xB4cN1VUUL+iAlrba1EctaxxtPRF0O88frOO4XB AliXIP+DBiX4OK0tJCPFtGxWPDNKPnWj+6WJEnpRqN75HVGZLL/aepXzByjciiejik bVFT3EISVmmvXfJptd/AbRlrceUX/S9tFhNkQZXx3fy4r3J5AP0UfpwUtI4DJv9k17 9/f2IILsJQFDA== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4QKYY74XZ8z6tvZ; Mon, 15 May 2023 11:12:27 +0200 (CEST) In-Reply-To: <87jzxafotr.fsf@breatheoutbreathe.in> (Joseph Turner's message of "Sun, 14 May 2023 16:01:10 -0700") Autocrypt: addr=philipk@posteo.net; keydata= mDMEZBBQQhYJKwYBBAHaRw8BAQdAHJuofBrfqFh12uQu0Yi7mrl525F28eTmwUDflFNmdui0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiWBBMWCAA+FiEEDg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwMFCQHhM4AFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8xYDWXahwulikAEA77hloUiSrXgFkUVJhlKBpLCHUjA0 mWZ9j9w5d08+jVwBAK6c4iGP7j+/PhbkxaEKa4V3MzIl7zJkcNNjHCXmvFcEuDgEZBBQQhIKKwYB BAGXVQEFAQEHQI5NLiLRjZy3OfSt1dhCmFyn+fN/QKELUYQetiaoe+MMAwEIB4h+BBgWCAAmFiEE Dg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwwFCQHhM4AACgkQ8xYDWXahwukm+wEA8cml4JpK NeAu65rg+auKrPOP6TP/4YWRCTIvuYDm0joBALw98AMz7/qMHvSCeU/hw9PL6u6R2EScxtpKnWof z4oM X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:261732 Archived-At: Joseph Turner writes: > Philip Kaludercic writes: > >> Joseph Turner writes: >> >>> Philip Kaludercic writes: >>> >>>> Joseph Turner writes: >>>> >>>>> Philip Kaludercic writes: >>>>> >>>>>> Joseph Turner writes: > >>> We also might want to add another option for >>> package-vc-allow-side-effects like 'user-defined, which only runs :make >>> and :shell-command args which were specified by the user (as opposed to >>> those which were downloaded from elpa). WDYT? >> >> That sounds like a good idea, but let us do that in a separate patch. > > Okay! > >>> To update the manual, shall I edit doc/emacs/package.texi directly or is >>> there another file to edit? >> >> Yes, just update the table under the "Specifying Package Sources" subsection. > > See patch. > >>>> If :shell-command fails, do we really want to proceed to :make? >>> >>> Up to you! I was following the lead of elpa-admin.el. >> >> In that case let us do that too, unless there is a good reason not to. > > +1 > >>> I switched the first two cases. I think pcase is readable here, >>> especially if we add an 'user-defined option. What would you use >>> instead? >> >> I would have just used a regular cond. >> >> --8<---------------cut here---------------start------------->8--- >> (cond >> ((null package-vc-process-make) >> ...) >> ((listp package-vc-process-make) >> ...) >> (...)) >> --8<---------------cut here---------------end--------------->8--- >> >> But this doesn't matter, do what you prefer. > > Thank you! I like pcase here. > >>> +Be careful when changing this option as processing :make and >>> +:shell-command will run potentially harmful code. >> >> Sounds scary. I guess that is the point, but what do you think about >> something like >> >> Be careful when changing this option, as installing and updating a >> package can potentially run harmful code. If possible, allow packages >> you trust to run code, if it is necessary for a package to be properly >> initialised. > > Thank you! What do you think about the version in the attached patch? > >>> +When set to a list of symbols (packages), run commands for only >>> +packages in the list. When `nil', never run commands. Otherwise >>> +when non-`nil', run commands for any package with :make or >>> +:shell-command specified. >> >> Watch out. According to (elisp) Documentation Tips, nil is not quoted. > > Good to know! Fixed. > > From 812e32ea6c3f7b2d71174658db0e272b0b4fb84b Mon Sep 17 00:00:00 2001 > From: Joseph Turner > Date: Sat, 13 May 2023 10:05:04 -0700 > Subject: [PATCH] package-vc: Process :make and :shell-command spec args > > --- > doc/emacs/package.texi | 9 ++++++++ > lisp/emacs-lisp/package-vc.el | 42 +++++++++++++++++++++++++++++++++++ > 2 files changed, 51 insertions(+) > > diff --git a/doc/emacs/package.texi b/doc/emacs/package.texi > index 6722185cb20..4f606b22e54 100644 > --- a/doc/emacs/package.texi > +++ b/doc/emacs/package.texi > @@ -682,6 +682,15 @@ A string providing the repository-relative name of the documentation > file from which to build an Info file. This can be a Texinfo file or > an Org file. > > +@item :make > +A string or list of strings providing the target or targets defined in > +the repository Makefile which should run before building the Info > +file. Only takes effect when package-vc-allow-side-effects is non-nil. A @var is missing here > + > +@item :shell-command > +A string providing the shell command to run before building the Info > +file. Only takes effect when package-vc-allow-side-effects is non-nil. and here. I can take care of that. > + > @item :vc-backend > A symbol naming the VC backend to use for downloading a copy of the > package's repository (@pxref{Version Control Systems,,,emacs, The GNU > diff --git a/lisp/emacs-lisp/package-vc.el b/lisp/emacs-lisp/package-vc.el > index beca0bd00e2..d2f6d287224 100644 > --- a/lisp/emacs-lisp/package-vc.el > +++ b/lisp/emacs-lisp/package-vc.el > @@ -344,6 +344,38 @@ asynchronously." > "\n") > nil pkg-file nil 'silent)))) > > +(defcustom package-vc-allow-side-effects nil > + "Whether to process :make and :shell-command spec arguments. > + > +It may be necessary to run :make and :shell-command arguments in > +order to initialize a package or build its documentation, but > +please be careful when changing this option, as installing and > +updating a package can run potentially harmful code. > + > +When set to a list of symbols (packages), run commands for only > +packages in the list. When nil, never run commands. Otherwise > +when non-nil, run commands for any package with :make or > +:shell-command specified. > + > +Package specs are loaded from trusted package archives." > + :type '(choice (const :tag "Run for all packages" t) > + (repeat :tag "Run only for selected packages" (symbol :tag "Package name")) > + (const :tag "Never run" nil)) > + :version "30.1") > + > +(defun package-vc--make (pkg-spec pkg-desc) > + "Process :make and :shell-command PKG-SPEC arguments for PKG-DESC." > + (let ((target (plist-get pkg-spec :make)) > + (cmd (plist-get pkg-spec :shell-command)) > + (buf (format " *package-vc make %s*" (package-desc-name pkg-desc)))) > + (when (or cmd target) > + (with-current-buffer (get-buffer-create buf) > + (erase-buffer) > + (when (and cmd (/= 0 (call-process shell-file-name nil t nil shell-command-switch cmd))) > + (warn "Failed to run %s, see buffer %S" cmd (buffer-name))) > + (when (and target (/= 0 (apply #'call-process "make" nil t nil (if (consp target) target (list target))))) > + (warn "Failed to make %s, see buffer %S" target (buffer-name))))))) > + > (declare-function org-export-to-file "ox" (backend file)) > > (defun package-vc--build-documentation (pkg-desc file) > @@ -486,6 +518,16 @@ documentation and marking the package as installed." > ;; Generate package file > (package-vc--generate-description-file pkg-desc pkg-file) > > + ;; Process :make and :shell-command arguments before building documentation > + (pcase package-vc-allow-side-effects > + ('nil ; When `nil', do nothing. > + nil) > + ((pred consp) ; When non-`nil' list, check if package is on the list. > + (when (memq (package-desc-name pkg-desc) package-vc-allow-side-effects) > + (package-vc--make pkg-spec pkg-desc))) > + (_ ; When otherwise non-`nil', run commands. > + (package-vc--make pkg-spec pkg-desc))) Thinking about this again, I am still not convinced. Isn't --8<---------------cut here---------------start------------->8--- (when (or (eq package-vc-allow-side-effects t) (memq (package-desc-name pkg-desc) package-vc-allow-side-effects)) (package-vc--make pkg-spec pkg-desc)) --8<---------------cut here---------------end--------------->8--- much simpler? Again, you don't have to prepare another patch, I'm just interested in what you think. > + > ;; Detect a manual > (when (executable-find "install-info") > (dolist (doc-file (ensure-list (plist-get pkg-spec :doc)))