* el-get-methods.el (el-get-insecure-check): Also consider URLs
satisfying `file-name-absolute-p' to be secure. `package-archives' uses
absolute file names *without* file:// prefix, so we have allow this too.
* methods/el-get-elpa.el (el-get-elpa-package-id):
(el-get-elpa-package-archive-base): New compat functions.
* methods/el-get-elpa.el (el-get-elpa-install): Call
`el-get-insecure-check' after ensuring `package-archive-contents' is
initialized.
github method, as a derived method, should build a final repository URL
and let parent's respective methods do the actual work.
Register new 'el-get-github-pull function as update method.
Make both methods, 'el-get-github-pull and 'el-get-github-clone,
implement the same pattern:
- Delegate check if URL is a secure one to the parent method
- Ignore :url from package's recipe passed by 'el-get-do-update as it
makes no sense
- Unconditionally build package repository URL with 'el-get-github-url
- Call respective git method
In Emacs 25.1, a failed cl-assert will always jump to the debugger if
debug-on-error is non-nil. In batch-mode runs this becomes confusing
with the message suppression we have, and the crazy long stack traces
that are printed are really hard to read, so suppress this debugger
behaviour with advice as well.
URL starting with 'file:///' (hostname is empty) is secure because it
always points to a local file.
OTOH, 'file://example.com/' (with any hostname, including 'localhost'
and '127.0.0.1') is insecure as it may refer to the remote file and
deciding if some hostname is actually a local in given moment in time is
tricky and too error-prone.