From: Philip Kaludercic <philipk@posteo.net>
To: Joseph Turner <joseph@breatheoutbreathe.in>
Cc: help-gnu-emacs@gnu.org
Subject: Re: package-vc-install fails to build docs
Date: Fri, 28 Apr 2023 21:17:15 +0000 [thread overview]
Message-ID: <877ctvg10k.fsf@posteo.net> (raw)
In-Reply-To: <87zg6raisd.fsf@breatheoutbreathe.in> (Joseph Turner's message of "Fri, 28 Apr 2023 12:42:24 -0700")
Joseph Turner <joseph@breatheoutbreathe.in> writes:
> Philip Kaludercic <philipk@posteo.net> writes:
>
>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>>> Philip Kaludercic <philipk@posteo.net> writes:
>>>> Joseph Turner <joseph@breatheoutbreathe.in> writes:
>> You have to look at elpa-admin.el, the "reference interpretation" for
>> how package specifications are supposed to work. It is located on a
>> separate branch in elpa.git (so that it can be shared between elpa.git
>> and nongnu.git).
>>
>> https://git.savannah.gnu.org/cgit/emacs/elpa.git/tree/elpa-admin.el?h=elpa-admin
>>
>>> Mind pointing me in the right direction?
>>
>> Ping me if you need anything else, and submit a bug report with a patch
>> as soon as you have something workable. Add a
>>
>> X-Debbugs-CC: Philip Kaludercic <philipk@posteo.net>
>>
>> header so that I get notified as well.
>
> In elpa-admin.el, :make and :shell-command are handled by calling bwrap
> to sandbox the external processes. Should we do the same thing?
The issue is that bwrap is not available on all systems, and even if it
is it is not necessarily installed. I would take the approach of
implementing this as an opt-in system first, then improving the security
perhaps even by writing a general process isolation library that could
be added to Emacs 30, using what systems are available or what the user
prefers (Guix and Nix could be useful here, there was a discussion on
this topic in the past for elpa-admin.el).
> Do you think we should also sandbox makeinfo like elpaa does?
> That could be a separate patch.
>
> Best,
>
> Joseph
prev parent reply other threads:[~2023-04-28 21:17 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-22 5:34 package-vc-install fails to build docs Joseph Turner
2023-04-22 6:07 ` Ruijie Yu via Users list for the GNU Emacs text editor
2023-04-22 7:27 ` Philip Kaludercic
2023-04-22 22:56 ` Joseph Turner
2023-04-23 12:37 ` Philip Kaludercic
2023-04-23 16:54 ` Joseph Turner
2023-04-23 18:36 ` Philip Kaludercic
2023-04-23 20:20 ` Joseph Turner
2023-04-24 5:54 ` Philip Kaludercic
2023-04-28 19:42 ` Joseph Turner
2023-04-28 21:17 ` Philip Kaludercic [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877ctvg10k.fsf@posteo.net \
--to=philipk@posteo.net \
--cc=help-gnu-emacs@gnu.org \
--cc=joseph@breatheoutbreathe.in \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).