mirror of
https://github.com/dimitri/el-get.git
synced 2024-09-29 04:58:53 +08:00
Don't install insecurely without el-get-allow-insecure.
In most cases, we assume any connection is insecure unless the URL starts with "https://", "$USERNAME@", or "ssh". There are a few exceptions: I'm assuming all Emacswiki packages are insecure, and I don't think we can know whether packages installed via Google Go are secure or not.
This commit is contained in:
parent
f5a29eb0da
commit
acdcb6e5b2
|
@ -613,4 +613,9 @@ platforms where this recipe should apply"
|
|||
)
|
||||
,el-get-build-recipe-body))))))
|
||||
|
||||
(defcustom el-get-allow-insecure nil
|
||||
"Allow packages to be installed over insecure connections."
|
||||
:group 'el-get
|
||||
:type 'boolean)
|
||||
|
||||
(provide 'el-get-custom)
|
||||
|
|
|
@ -21,6 +21,15 @@
|
|||
"methods"
|
||||
(file-name-directory (or load-file-name buffer-file-name))))
|
||||
|
||||
(defun el-get-insecure-check (package url)
|
||||
(when (and (not el-get-allow-insecure)
|
||||
(not (string-match "^https://" url))
|
||||
(not (string-match "^[-_\.A-Za-z0-9]+@" url))
|
||||
(not (string-match "^ssh" url)))
|
||||
(error (concat "Attempting to clone insecure package "
|
||||
(el-get-as-string package)
|
||||
" without `el-get-allow-insecure'."))))
|
||||
|
||||
(require 'el-get-apt-get)
|
||||
(require 'el-get-builtin)
|
||||
(require 'el-get-brew)
|
||||
|
|
|
@ -26,6 +26,8 @@
|
|||
(name (format "*bzr branch %s*" package))
|
||||
(ok (format "Package %s installed" package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
`((:command-name ,name
|
||||
|
@ -44,6 +46,7 @@
|
|||
(name (format "*bzr pull %s*" package))
|
||||
(ok (format "Pulled package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
|
|
@ -97,6 +97,7 @@ Enable this if you want el-get to honor these settings"
|
|||
(ok (format "Checked out package %s." package))
|
||||
(ko (format "Could not checkout package %s." package)))
|
||||
|
||||
(el-get-insecure-check package url)
|
||||
;; (message "%S" `(:args ("-d" ,url "checkout" "-d" ,package ,module)))
|
||||
;; (message "el-get-cvs-checkout: %S" (string= options "login"))
|
||||
|
||||
|
@ -130,6 +131,7 @@ Enable this if you want el-get to honor these settings"
|
|||
(ok (format "Updated package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
|
||||
(el-get-insecure-check package url)
|
||||
(el-get-start-process-list
|
||||
package
|
||||
`((:command-name ,name
|
||||
|
|
|
@ -27,6 +27,8 @@
|
|||
(name (format "*darcs get %s*" package))
|
||||
(ok (format "Package %s installed" package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
`((:command-name ,name
|
||||
|
@ -45,6 +47,7 @@
|
|||
(name (format "*darcs pull %s*" package))
|
||||
(ok (format "Pulled package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
|
|
@ -139,6 +139,7 @@ the recipe, then return nil."
|
|||
;; Prepend elpa-repo to `package-archives' for new package.el
|
||||
(package-archives (append (when elpa-repo (list elpa-repo))
|
||||
(when (boundp 'package-archives) package-archives))))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(unless (and elpa-dir (file-directory-p elpa-dir))
|
||||
;; package-install does these only for interactive calls
|
||||
|
@ -190,6 +191,7 @@ first time.")
|
|||
"Ask elpa to update given PACKAGE."
|
||||
(unless package--initialized
|
||||
(package-initialize t))
|
||||
(el-get-insecure-check package url)
|
||||
(when el-get-elpa-do-refresh
|
||||
(package-refresh-contents)
|
||||
(when (eq el-get-elpa-do-refresh 'once)
|
||||
|
|
|
@ -41,6 +41,7 @@ filename.el ;;; filename.el --- description"
|
|||
(defun el-get-emacswiki-install (package url post-install-fun)
|
||||
"Download a single-file PACKAGE over HTTP from emacswiki."
|
||||
(let ((url (or url (format "%s%s.el" el-get-emacswiki-base-url package))))
|
||||
(el-get-insecure-check package "http://insecure") ; insecure even over HTTPS
|
||||
(el-get-http-install package url post-install-fun)))
|
||||
|
||||
(defun el-get-emacswiki-compute-checksum (package)
|
||||
|
|
|
@ -57,6 +57,8 @@ are stored in the package directory"
|
|||
(open-args (list "open" "--nested" (expand-file-name fossil-name fossil-dir) checkout))
|
||||
(ok (format "Package %s installed." package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
(list
|
||||
|
@ -101,7 +103,8 @@ are stored in the package directory"
|
|||
(update-args (list "update" checkout))
|
||||
(ok (format "Updated package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(message "%s" update-args)
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
`((:command-name ,name
|
||||
|
|
|
@ -30,6 +30,8 @@
|
|||
(plist-get source :checksum)))
|
||||
(ok (format "Package %s installed." package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
;; TODO: not sure if it's possible for svn:// URLs to use TLS?
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
@ -61,6 +63,7 @@
|
|||
(r-name (format "*git svn rebase %s*" package))
|
||||
(r-ok (format "Rebased package %s." package))
|
||||
(r-ko (format "Could not rebase package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
|
|
@ -72,6 +72,8 @@ found."
|
|||
(list url pname)))
|
||||
(ok (format "Package %s installed." package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
(list
|
||||
|
@ -117,6 +119,8 @@ found."
|
|||
(pull-args (list "--no-pager" (if checkout "fetch" "pull")))
|
||||
(ok (format "Pulled package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
`((:command-name ,name
|
||||
|
|
|
@ -80,6 +80,7 @@ USERNAME and REPONAME are strings."
|
|||
|
||||
(defun el-get-github-clone (package url post-install-fun)
|
||||
"Clone the given package from Github following the URL."
|
||||
(el-get-insecure-check package url)
|
||||
(el-get-git-clone package
|
||||
(or url (el-get-github-url package))
|
||||
post-install-fun))
|
||||
|
|
|
@ -31,6 +31,7 @@
|
|||
(name (format "*go get %s*" package))
|
||||
(ok (format "Package %s installed." package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
;; TODO: no idea how to check this for insecure connections
|
||||
(unless (file-directory-p pdir)
|
||||
(make-directory pdir))
|
||||
(setenv "GOPATH" pdir)
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
(list url pname)))
|
||||
(ok (format "Package %s installed." package))
|
||||
(ko (format "Could not install package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
@ -59,6 +60,7 @@
|
|||
(plist-get source :checksum)))
|
||||
(ok (format "Pulled package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
|
|
@ -68,6 +68,7 @@ into the package :localname option or its `file-name-nondirectory' part."
|
|||
(dest (or dest (el-get-http-dest-filename package url))))
|
||||
(unless (file-directory-p pdir)
|
||||
(make-directory pdir))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(if (not el-get-default-process-sync)
|
||||
(url-retrieve url 'el-get-http-retrieve-callback
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
(name (format "*svn checkout %s*" package))
|
||||
(ok (format "Checked out package %s." package))
|
||||
(ko (format "Could not checkout package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
@ -55,6 +56,7 @@
|
|||
(name (format "*svn update %s*" package))
|
||||
(ok (format "Updated package %s." package))
|
||||
(ko (format "Could not update package %s." package)))
|
||||
(el-get-insecure-check package url)
|
||||
|
||||
(el-get-start-process-list
|
||||
package
|
||||
|
|
Loading…
Reference in New Issue
Block a user