[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[nongnu] elpa-admin 0783750 417/439: * elpa-admin.el (elpaa--sandbox-ext
From: |
Philip Kaludercic |
Subject: |
[nongnu] elpa-admin 0783750 417/439: * elpa-admin.el (elpaa--sandbox-extra-ro-dirs): New var |
Date: |
Sun, 17 Oct 2021 15:48:48 -0400 (EDT) |
branch: elpa-admin
commit 0783750952cbb2488cef1c5afeee539484a09d65
Author: Stefan Monnier <monnier@iro.umontreal.ca>
Commit: Stefan Monnier <monnier@iro.umontreal.ca>
* elpa-admin.el (elpaa--sandbox-extra-ro-dirs): New var
(elpaa-read-config): Initialize it.
(elpaa--call-sandboxed): Use it.
(elpaa--sandbox-ro-binds): Rename from `elpaa--sandboxed-ro-binds`.
---
elpa-admin.el | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/elpa-admin.el b/elpa-admin.el
index 48fc5de..7f1a116 100644
--- a/elpa-admin.el
+++ b/elpa-admin.el
@@ -53,6 +53,8 @@
(defvar elpaa--email-from nil) ;;"ELPA update <do.not.reply@elpa.gnu.org>"
(defvar elpaa--email-reply-to nil)
+(defvar elpaa--sandbox-extra-ro-dirs nil)
+
(defvar elpaa--sandbox t
"If non-nil, run some of the less trusted commands in a sandbox.
This is recommended when building packages from untrusted sources,
@@ -86,6 +88,7 @@ on some Debian systems.")
('email-from elpaa--email-from)
('email-reply-to elpaa--email-reply-to)
('sandbox elpaa--sandbox)
+ ('sandbox-extra-ro-dirs elpaa--sandbox-extra-ro-dirs)
('debug elpaa--debug))
val))))
@@ -718,7 +721,7 @@ The INFILE and DISPLAY arguments are fixed as nil."
"--proc" "/proc"
"--tmpfs" "/tmp"))
-(defvar elpaa--sandboxed-ro-binds
+(defvar elpaa--sandbox-ro-binds
'("/lib" "/lib64" "/bin" "/usr" "/etc/alternatives" "/etc/emacs"))
(defun elpaa--call-sandboxed (destination &rest args)
@@ -732,7 +735,8 @@ Signal an error if the command did not finish with exit
code 0."
(let ((dd (expand-file-name default-directory))) ;No `~' allowed!
(setq args (nconc `("--bind" ,dd ,dd) args)))
;; Add read-only dirs in reverse order.
- (dolist (b elpaa--sandboxed-ro-binds)
+ (dolist (b (append elpaa--sandbox-ro-binds
+ elpaa--sandbox-extra-ro-dirs))
(when (file-exists-p b) ;`brwap' burps on binds that don't exist!
(setq b (expand-file-name b))
(setq args (nconc `("--ro-bind" ,b ,b) args))))
@@ -1589,8 +1593,8 @@ More at " (elpaa--default-url pkgname))
(elpaa--build-Info-1 f dir))))
(defun elpaa--build-Info-1 (docfile dir)
- (let* ((elpaa--sandboxed-ro-binds
- (cons default-directory elpaa--sandboxed-ro-binds))
+ (let* ((elpaa--sandbox-ro-binds
+ (cons default-directory elpaa--sandbox-ro-binds))
(default-directory (elpaa--dirname dir))
(tmpfiles '()))
(when (and docfile (file-readable-p docfile)
@@ -1657,8 +1661,8 @@ More at " (elpaa--default-url pkgname))
(cmd (elpaa--spec-get pkg-spec :shell-command)))
(when (or cmd target)
(with-temp-buffer
- (let ((elpaa--sandboxed-ro-binds
- (cons default-directory elpaa--sandboxed-ro-binds))
+ (let ((elpaa--sandbox-ro-binds
+ (cons default-directory elpaa--sandbox-ro-binds))
(default-directory (elpaa--dirname dir)))
(when cmd
(elpaa--call-sandboxed t shell-file-name
- [nongnu] elpa-admin 040972d 342/439: * README.org: Describe how to build the archive and add a package, (continued)
- [nongnu] elpa-admin 040972d 342/439: * README.org: Describe how to build the archive and add a package, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 6dcc26f 378/439: * elpa-admin.el (elpaa--make): Fix last change, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 26d341c 391/439: * elpa-admin.el (elpaa--make): Add support for non-make command, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin fd06277 384/439: * elpa-admin.el (elpaa--core-package-sync): Don't presume shape of plist, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin f3fd8c5 387/439: * GNUmakefile (%.tar): New target, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 221c427 350/439: * admin/archive-contents.el: Improve handling of snapshot version numbers, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin c84575d 411/439: * elpa-admin.el (elpaa--get-release-revision): Fix code for :core pkgs, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin e3ca730 420/439: Support LibreJS, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 9e01d93 406/439: * elpa-admin.el (elpaa--prune-old-tarballs): Return resulting oldtarballs, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin fae2e2e 412/439: * elpa-admin.el (elpaa--prune-old-tarballs): Fix computation of .sig name, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 0783750 417/439: * elpa-admin.el (elpaa--sandbox-extra-ro-dirs): New var,
Philip Kaludercic <=
- [nongnu] elpa-admin d10026f 419/439: * elpa-admin.el: Preserve release tarballs at least 2 years, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 97ebbd5 405/439: * elpa-admin.el (elpaa--prune-old-tarballs): "(Re)move" the non-kept files, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 8ed7b88 354/439: Rename vars and functions with `elpaa-` prefix, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin d8903b6 358/439: * elpa-admin.el: Add some of the support needed to build Org packages, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 7e5b75b 359/439: * elpa-admin.el: Add support for checking copyright notices, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin c26df96 392/439: * elpa-admin.el: Allow `:doc` to specify several doc files, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin 396a74b 421/439: Bump license for package pages to CC BY-ND 4.0, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin c29da22 424/439: * elpa-admin.el: Generate SVG badges, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin fa18a66 413/439: * elpa-admin.el: Improve doc build for the :core packages, Philip Kaludercic, 2021/10/17
- [nongnu] elpa-admin de2fd22 418/439: * elpa-admin.el (elpaa-read-config): Allow lists of strings, Philip Kaludercic, 2021/10/17