[elpa] elpa-admin 48e4ccf: * elpa-admin.el: Don't pass non-existing dirs

emacs-elpa-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] elpa-admin 48e4ccf: * elpa-admin.el: Don't pass non-existing dirs

From:	Stefan Monnier
Subject:	[elpa] elpa-admin 48e4ccf: * elpa-admin.el: Don't pass non-existing dirs to `bwrap`
Date:	Tue, 22 Dec 2020 11:19:28 -0500 (EST)

branch: elpa-admin
commit 48e4ccf3b6de1f23f67c7373d72164b0b0956331
Author: Stefan Monnier <monnier@iro.umontreal.ca>
Commit: Stefan Monnier <monnier@iro.umontreal.ca>

    * elpa-admin.el: Don't pass non-existing dirs to `bwrap`
    
    (elpaa--bwrap-args): Remove ro-binds.
    (elpaa--sandboxed-ro-binds): Rename from `elpaa--sandboxed-extra-ro-dirs`.
    Add dirs removed from `elpaa--bwrap-args`.
    (elpaa--call-sandboxed): Pass `elpaa--sandboxed-ro-binds` in reverse order
    and `expand-file-name` them.
    (elpaa--make): Adjust accordingly.
    (elpaa--batch-fetch-and): Preliminary support for syncing only
    some packages.
---
 elpa-admin.el | 41 ++++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/elpa-admin.el b/elpa-admin.el
index be43f54..4581333 100644
--- a/elpa-admin.el
+++ b/elpa-admin.el
@@ -560,32 +560,31 @@ The INFILE and DISPLAY arguments are fixed as nil."
 
 (defconst elpaa--bwrap-args
   '("--unshare-all"
-    "--ro-bind" "/lib" "/lib"
-    "--ro-bind" "/lib64" "/lib64"
-    "--ro-bind" "/usr" "/usr"
-    "--ro-bind" "/etc/alternatives" "/etc/alternatives"
-    "--ro-bind" "/etc/emacs" "/etc/emacs"
     "--dev" "/dev"
     "--proc" "/proc"
     "--tmpfs" "/tmp"))
 
-(defvar elpaa--sandboxed-extra-ro-dirs nil)
+(defvar elpaa--sandboxed-ro-binds
+  '("/lib" "/lib64" "/usr" "/etc/alternatives" "/etc/emacs"))
 
 (defun elpaa--call-sandboxed (destination &rest args)
   "Like ‘elpaa--call’ but sandboxed.
 More specifically, uses Bubblewrap such that the command is
-confined to write to the  is writable.
+confined to only have write access to the `default-directory'.
 Signal an error if the command did not finish with exit code 0."
   (if (not elpaa--sandbox)
       (apply #'elpaa--call destination args)
     (elpaa--message "call-sandboxed %S" args)
+    (let ((dd (expand-file-name default-directory))) ;No `~' allowed!
+      (setq args (nconc `("--bind" ,dd ,dd) args)))
+    ;; Add read-only dirs in reverse order.
+    (dolist (b elpaa--sandboxed-ro-binds)
+      (when (file-exists-p b)         ;`brwap' burps on binds that don't exist!
+        (setq b (expand-file-name b))
+        (setq args (nconc `("--ro-bind" ,b ,b) args))))
     (let ((exitcode
            (apply #'elpaa--call destination "bwrap"
-                  (append elpaa--bwrap-args
-                          (cl-mapcan (lambda (d) `("--ro-bind" ,d ,d))
-                                     elpaa--sandboxed-extra-ro-dirs)
-                          `("--bind" ,default-directory ,default-directory)
-                          args))))
+                  (append elpaa--bwrap-args args))))
       (unless (eq exitcode 0)
         (if (eq destination t)
             (error "Error-indicating exit code in elpaa--call-sandboxed:\n%s"
@@ -1478,9 +1477,8 @@ More at " (elpaa--default-url pkgname))
   (let ((target (elpaa--spec-get pkg-spec :make)))
     (when target
       (with-temp-buffer
-        (let ((elpaa--sandboxed-extra-ro-dirs
-               (cons (expand-file-name default-directory)
-                     elpaa--sandboxed-extra-ro-dirs))
+        (let ((elpaa--sandboxed-ro-binds
+               (cons default-directory elpaa--sandboxed-ro-binds))
               (default-directory (elpaa--dirname dir)))
           (apply #'elpaa--call-sandboxed t "make"
                  (if (consp target) target (list target)))
@@ -1575,15 +1573,20 @@ More at " (elpaa--default-url pkgname))
 
 (defun elpaa--batch-fetch-and (k)
   (let ((specs (elpaa--get-specs))
-        (pkgs command-line-args-left))
+        (pkgs command-line-args-left)
+        (clal command-line-args-left))
     (setq command-line-args-left nil)
-    (if (equal pkgs '("-")) (setq pkgs (mapcar #'car specs)))
+    (if (member pkgs '(("-") ("?"))) (setq pkgs (mapcar #'car specs)))
     (dolist (pkg pkgs)
       (let* ((pkg-spec (assoc pkg specs)))
-        (if (not pkg-spec) (message "Unknown package: %s" pkg)
+        (cond
+         ((not pkg-spec) (message "Unknown package: %s" pkg))
+         ((and (equal clal '("?")) (not (elpaa--spec-get pkg-spec :auto-sync)))
+          nil)
+         (t
           ;; (unless (file-directory-p (expand-file-name pkg "packages"))
           ;;   (elpaa--worktree-sync pkg-spec))
-          (elpaa--fetch pkg-spec k))))))
+          (elpaa--fetch pkg-spec k)))))))
 
 (defun elpaa-batch-fetch-and-show (&rest _)
   (elpaa--batch-fetch-and #'ignore))

[Prev in Thread]

Current Thread

[Next in Thread]

[elpa] elpa-admin 48e4ccf: * elpa-admin.el: Don't pass non-existing dirs to `bwrap`, Stefan Monnier <=

Prev by Date: [elpa] main 37f7e91: * elpa-packages: Adapt tramp entry.
Next by Date: [elpa] elpa-admin 922d625: * GNUmakefile (EMACS): Split out EMACSBIN for convenience
Previous by thread: [elpa] main 37f7e91: * elpa-packages: Adapt tramp entry.
Next by thread: [elpa] elpa-admin 922d625: * GNUmakefile (EMACS): Split out EMACSBIN for convenience
Index(es):
- Date
- Thread