From MAILER-DAEMON at common-lisp.net Tue May 1 07:12:55 2007 From: MAILER-DAEMON at common-lisp.net (MAILER-DAEMON) Date: Tue, 1 May 2007 16:12:55 +0900 Subject: [asdf-install-devel] Returned mail: Data format error Message-ID: <20070501071228.730793A01C@common-lisp.net> The original message was received at Tue, 1 May 2007 16:12:55 +0900 from common-lisp.net [169.5.182.92] ----- The following addresses had permanent fatal errors ----- -------------- next part -------------- A non-text attachment was scrubbed... Name: message.zip Type: application/octet-stream Size: 28984 bytes Desc: not available URL: From gwking at metabang.com Wed May 23 20:52:26 2007 From: gwking at metabang.com (Gary King) Date: Wed, 23 May 2007 16:52:26 -0400 Subject: [asdf-install-devel] ASDF-Install patch to allow installation of unsigned packages Message-ID: The following patch splits download-files-for-package into download- source-for-package and download-signature-for-package; alters install and verify-gpg-signature so that the latter now calls download- signature-for-package. Added a restart-case in download-signature-for- package so that we can still install unsigned packages.' I'd like to push this out sometime this week unless someone sees a problem... [misterx:~/darcs/asdf-install] gwking% darcs diff -u asdf-install/ installer.lisp --- old-asdf-install/asdf-install/installer.lisp 2007-05-23 16:28:17.000000000 -0400 +++ new-asdf-install/asdf-install/installer.lisp 2007-05-23 16:28:17.000000000 -0400 @@ -152,63 +152,76 @@ (defun download-link-for-signature (url) (concatenate 'string url ".asc")) -(defun download-files-for-package (package-name-or-url) +(defun download-source-for-package (package-name-or-url) (multiple-value-bind (package-url package-file) (download-url-to-temporary-file (download-link-for-package package-name-or-url)) - (if (verify-gpg-signatures-p package-name-or-url) - (multiple-value-bind (signature-url signature-file) - (download-url-to-temporary-file - (download-link-for-signature package-url)) - (declare (ignore signature-url)) - (values package-file signature-file)) - (values package-file nil)))) + (values package-file package-url))) -(defun verify-gpg-signature (file-name signature-name) - (block verify - (loop - (restart-case - (let ((tags (gpg-results file-name signature-name))) - ;; test that command returned something - (unless tags - (error 'gpg-shell-error)) - ;; test for obvious key/sig problems - (let ((errsig (header-value :errsig tags))) - (and errsig (error 'key-not-found :key-id errsig))) - (let ((badsig (header-value :badsig tags))) - (and badsig (error 'key-not-found :key-id badsig))) - (let* ((good (header-value :goodsig tags)) - (id (first good)) - (name (format nil "~{~A~^ ~}" (rest good)))) - ;; good signature, but perhaps not trusted +(defun download-signature-for-package (package-url) + "Try to download the detached GPG signature of the package that we found at package-url. Returns the name of the file and t if it succeeds or nil and nil if it fails (as multiple values)" + (restart-case + (multiple-value-bind (signature-url signature-file) + (download-url-to-temporary-file + (download-link-for-signature package-url)) + (declare (ignore signature-url)) + (values signature-file t)) + (install-anyways + (&rest rest) + :report "Don't check GPG signature for this package" + (declare (ignore rest)) + (values nil nil)))) + +(defun verify-gpg-signature (file-name package-url) + (multiple-value-bind (signature-name ok?) + (download-signature-for-package package-url) + (and ok? + (block verify + (loop (restart-case - (let ((trusted? (or (header-pair :trust_ultimate tags) - (header-pair :trust_fully tags))) - (in-list? (assoc id *trusted-uids* :test #'equal))) - (cond ((or trusted? in-list?) - ;; ok - ) - ((not trusted?) - (error 'key-not-trusted - :key-user-name name :key-id id)) - ((not in-list?) - (error 'author-not-trusted - :key-user-name name :key-id id)))) - (add-key (&rest rest) - :report "Add to package supplier list" + (let ((tags (gpg-results file-name signature-name))) + ;; test that command returned something + (unless tags + (error 'gpg-shell-error)) + ;; test for obvious key/sig problems + (let ((errsig (header-value :errsig tags))) + (and errsig (error 'key-not-found :key-id errsig))) + (let ((badsig (header-value :badsig tags))) + (and badsig (error 'key-not-found :key-id badsig))) + (let* ((good (header-value :goodsig tags)) + (id (first good)) + (name (format nil "~{~A~^ ~}" (rest good)))) + ;; good signature, but perhaps not trusted + (restart-case + (let ((trusted? (or (header- pair :trust_ultimate tags) + (header- pair :trust_fully tags))) + (in-list? (assoc id *trusted-uids* + :test #'equal))) + (cond ((or trusted? in-list?) + ;; ok + ) + ((not trusted?) + (error 'key-not-trusted + :key-user-name name :key-id id)) + ;; FIXME - can't get here, remove or rework? + ((not in-list?) + (error 'author-not-trusted + :key-user-name name :key-id id)))) + (add-key (&rest rest) + :report "Add to package supplier list" + (declare (ignore rest)) + (pushnew (list id name) *trusted-uids*)))) + (return-from verify t)) + (install-anyways + (&rest rest) + :report "Don't check GPG signature for this package" (declare (ignore rest)) - (pushnew (list id name) *trusted-uids*)))) - (return-from verify t)) - (install-anyways - (&rest rest) - :report "Don't check GPG signature for this package" - (declare (ignore rest)) - (return-from verify t)) - (retry-gpg-check - (&rest args) - :report "Retry GPG check \(e.g., after downloading the key\)" - (declare (ignore args)) - nil))))) + (return-from verify t)) + (retry-gpg-check + (&rest args) + :report "Retry GPG check \(e.g., after downloading the key\)" + (declare (ignore args)) + nil))))))) (defun header-value (name headers) "Searchers headers for name _without_ case sensitivity. Headers should be an alist mapping symbols to values; name a symbol. Returns the value if name is found or nil if it is not." @@ -391,10 +404,10 @@ (append packages-to-install (install-package source system p)))) (t - (multiple-value-bind (package signature) - (download-files-for-package p) + (multiple-value-bind (package url) + (download-source-for-package p) (when (verify-gpg-signatures-p p) - (verify-gpg-signature package signature)) + (verify-gpg-signature package url)) (installer-msg t "Installing ~A in ~A, ~A" p source system) (install-package source system package)) -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From tsabin at optonline.net Thu May 24 15:23:20 2007 From: tsabin at optonline.net (Todd) Date: Thu, 24 May 2007 11:23:20 -0400 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: (Gary King's message of "Wed, 23 May 2007 16:52:26 -0400") References: Message-ID: Gary King writes: > The following patch splits download-files-for-package into download- > source-for-package and download-signature-for-package; alters install > and verify-gpg-signature so that the latter now calls download- > signature-for-package. Added a restart-case in download-signature-for- > package so that we can still install unsigned packages.' > > I'd like to push this out sometime this week unless someone sees a > problem... I don't claim to be an expert on asdf-install, but this (allowing to install unsigned packages) seems directly counter to the spirit of it. Quoting from its cliki page: Because cCLan download links can be edited by anyone, we require that all packages are accompanied by detached PGP signatures. It doesn't try to force everyone to build up a web of trust, etc, so it allows you to install if something goes wrong verifying the signature, but that's different from allowing people to publish packages without signing them at all. If you permit the latter, then you make things much harder for those who _do_ want to verify signatures. I looked at the mailing list archive, and it looks like this idea started because someone tried to install the MD5 package, but the signature was missing, and the install failed. That was as it should have been (in my view), and the proper way to address that is to email the author/publisher and ask them to sign it. I've done that, and the signature is now there. I suggest reverting the prior changes, and again requiring signatures to be present for packages to be "properly published", as seems to be the original intent. -- Todd Sabin From asf at boinkor.net Thu May 24 16:03:01 2007 From: asf at boinkor.net (Andreas Fuchs) Date: Thu, 24 May 2007 18:03:01 +0200 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: References: Message-ID: <4655B735.6070301@boinkor.net> Todd wrote: > I don't claim to be an expert on asdf-install, but this (allowing to > install unsigned packages) seems directly counter to the spirit of it. I'd like to second this. I suggest that instead of circumventing asdf-install's already pretty thin layer of security features, it might be more useful to promote mechanisms that ensure these features are not forgotten by developers. (Shameless self-promotion: CLAPPA, which is due to launch in a few weeks, disallows adding a package that isn't validly signed by a known key; these keys can be downloaded from the clappa service itself.) Cheers, -- Andreas Fuchs, (http://|im:asf@|mailto:asf@)boinkor.net, antifuchs From gwking at metabang.com Thu May 24 17:40:23 2007 From: gwking at metabang.com (Gary King) Date: Thu, 24 May 2007 13:40:23 -0400 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: References: Message-ID: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> Hi Todd and Andreas, I see your point regarding requiring a license file but I'm not sure that I agree because ASDF-Install already has several "loopholes": * you can set *verify-gpg-signatures* to nil or to a list of trusted locations * you can choose a restart around an invalid or untrusted signature In this case, I know and trust Kevin Rosenberg and was willing to take the risk and get the software even though it wasn't signed. I didn't like ASDF-Install thinking it knew better than me. Without the patch, I'm forced to download the software, unpack it, move it to the right place, setup symbolic links, etc. To my mind, a consistent ASDF-Install is one that allows people to skip all of these checks (with verification). It makes no sense to allow software to be installed with an invalid signature but prevent it from being installed with a missing one. Are you arguing that all of these restarts be expunged from ASDF-Install? -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From gwking at metabang.com Thu May 24 22:29:50 2007 From: gwking at metabang.com (Gary King) Date: Thu, 24 May 2007 18:29:50 -0400 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> References: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> Message-ID: > It seems to me that these are choices made by the person installing > a package, whereas making a package without a signature is a choice > made by the person providing the package. Tim, this is a reasonable distinction. > I'm okay with opting out of the signature verification on my end if > it's expedient, but I'm not really down with a potential > proliferation of unsigned packages. In my world, an unsigned > package should not be called ASDF-INSTALLable. Could it be ASDF-Installable but just not be called that (kidding!). -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From tim at tenkan.org Thu May 24 18:17:02 2007 From: tim at tenkan.org (Tim Daly, Jr.) Date: Thu, 24 May 2007 11:17:02 -0700 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> References: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> Message-ID: <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> Hi Gary, I'd just like to add my small voice to the chorus: On May 24, 2007, at 10:40 AM, Gary King wrote: > > I see your point regarding requiring a license file but I'm not sure > that I agree because ASDF-Install already has several "loopholes": > > * you can set *verify-gpg-signatures* to nil or to a list of trusted > locations > * you can choose a restart around an invalid or untrusted signature It seems to me that these are choices made by the person installing a package, whereas making a package without a signature is a choice made by the person providing the package. I'm okay with opting out of the signature verification on my end if it's expedient, but I'm not really down with a potential proliferation of unsigned packages. In my world, an unsigned package should not be called ASDF-INSTALLable. Cheers, Tim From tsabin at optonline.net Thu May 24 19:54:22 2007 From: tsabin at optonline.net (Todd) Date: Thu, 24 May 2007 15:54:22 -0400 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> (Tim Daly, Jr.'s message of "Thu, 24 May 2007 11:17:02 -0700") References: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> Message-ID: "Tim Daly, Jr." writes: > Hi Gary, > > I'd just like to add my small voice to the chorus: > > On May 24, 2007, at 10:40 AM, Gary King wrote: >> >> I see your point regarding requiring a license file but I'm not sure >> that I agree because ASDF-Install already has several "loopholes": >> >> * you can set *verify-gpg-signatures* to nil or to a list of trusted >> locations >> * you can choose a restart around an invalid or untrusted signature > > It seems to me that these are choices made by the person installing a > package, whereas making a package without a signature is a choice > made by the person providing the package. I'm okay with opting out > of the signature verification on my end if it's expedient, but I'm > not really down with a potential proliferation of unsigned packages. > In my world, an unsigned package should not be called ASDF-INSTALLable. Yes, this, particularly the last statement, is the crux of what I was trying to say. It seems that other people have gotten the (I think) mistaken impression that the patch makes it so that any unsigned package will be installed, whether the user wanted to verify signatures, or not. That would be truly awful, but isn't the case, I think (though I haven't looked in detail). What I'm talking about is trivial in comparison, but still worth thinking about, IMHO. The intent of the patch is to not require a signature to be present, _if_ you've told asdf-install that you don't care about validating signatures. That is in some ways consistent, but it has an effect on the ecosystem that develops around asdf-install. If asdf-install doesn't requires all packages to have signatures, you can end up with a fragmented state where you have some packages that can only be installed by users who don't care about signatures. On the other hand, if it requires signatures to be present regardless of user preference, that won't happen. The question is about what minimum standards asdf-install should require of publishers, and how to go about enforcing it. I guess I just thought it was kind of sad that the first time someone forgot to publish a signature for a package, the code was changed to allow it, instead of just shooting the person an email. -- Todd Sabin From gwking at metabang.com Fri May 25 15:48:56 2007 From: gwking at metabang.com (Gary King) Date: Fri, 25 May 2007 11:48:56 -0400 Subject: [asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages In-Reply-To: References: <9FF19FD3-C29C-44AB-8FD6-8873EC694E86@metabang.com> <01B12148-C13F-4CB2-AE8D-52361C9C812E@tenkan.org> Message-ID: Hi Todd, Well said. I have two points to make: 1. the _proposed_ patch does nothing more than add another restart. I does nothing automatically. 2. the _proposed_ patch is, well, proposed. > I guess I just thought it was kind of sad that the first time someone > forgot to publish a signature for a package, the code was changed to > allow it, instead of just shooting the person an email. the only code changed is on my computer. I (try to) maintain ASDF- Install for the community; I'm not going to make changes to it willy- nilly. I sent the patch to CCLAN to get feedback before I pushed it because the community matters. I like the idea of the patch but I hear and understand the strong push back that I've gotten and will therefore _not_ push it out. thanks to most everyone for, I think, a useful discussion. -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From chrisdone at googlemail.com Sun May 27 04:01:01 2007 From: chrisdone at googlemail.com (Chris Done) Date: Sun, 27 May 2007 05:01:01 +0100 Subject: [asdf-install-devel] ASDF-Install working on Windows XP with CLISP Message-ID: <7f55268a0705262101t5c8d1188wce3c5dc5c1b52fbb@mail.gmail.com> Hi. I've been fudging about with ASDF-Install on Windows+CLISP and here's what I've been up to. What works (and did not before) ---------- (1) The system-wide location chooses a more sensible location by default. (2) When extracting the ASDF packages it now uses the MinGW version of tar, and works successfully. (3) Now uses a tiny (12KB) shortcut creating utility I wrote (MIT license if you want the C++ code*) to create shortcuts to the .asd files. It uses this transparently in the same way that the tar extracting code does. (4) Retrieving dependencies works correctly. E.g. I can successfully download and install cl-irc and its dependencies. * I was going to write the shortcut creation with CLISP's FFI, but you have to use COM in Windows to create shortcuts, and to implement a wrapper in Lisp for that is a frightening concept to me indeed. Problems -------- My actual Cygwin installation is broken. Such was my initial motivation to "fix" ASDF-Install was because a friend said he was using Emacs and CLISP under Cygwin (on Windows XP) so that he could use ASDF-Install. So, I figured I would make modifications that make it independent of Cygwin and Cygwin's bash. The actual execution of Cygwin's tar didn't seem correct. I replaced the execution program and arguments with that of MinGW's tar and it seemed to hang while reading from the stream, even though tar outputs something. Perhaps I am in the wrong, but I wrote another function that does this for the MinGW tar so that it returns the output successfully. I'm not sure about defsystem, I've never used it or read about it. I don't remember modifying anything asdf-specific, but I probably may have. I'll have to look into it. What I plan to do ----------------- I've learned a lot about Common Lisp and portability in going through ASDF-Install, so I'll probably be making quite a few additions to it. I need to clean up a few things, to make sure my modifications are completely transparent i.e ASDF-Install works precisely as before on non-Windows+CLISP setups. Once I've cleaned up the code, as I said before, I'll upload it somewhere if anyone wants to test it on their Windows+CLISP setup. What I'm considering -------------------- My heart jumps when the error pops up in SLIME about PGP signatures, where I commonly select "don't verify". I was thinking it may be a good idea to make errors and choices interactive. But, I know some people do like interactive programs, likewise sometimes I do not. So in that case perhaps asdf-install:install could have a ':interactive' option which would enable a more newb-friendly, simple interface -- but would not be the default option? or some other method of controlling the way that ASDF-Install interacts with the user. E.g.: (asdf-install:install 'cl-irc :interactive t) I'm probably going to implement something like this. But I would like to know your opinions on what I have done and what I plan to do, if you have any. Being primarily on Windows, I think I have the opportunity to add some cool stuff to ASDF-Install on the Windows side of things. Ho, ho. Cheers -- Chris Done From Scott at sympoiesis.com Mon May 28 07:12:18 2007 From: Scott at sympoiesis.com (Scott L. Burson) Date: Mon, 28 May 2007 00:12:18 -0700 Subject: [asdf-install-devel] Minor problem installing ASDF-Install Message-ID: <5F6F2DE0-893B-48F3-8C43-1A694F32AE4E@sympoiesis.com> [Resending after subscribing to the list] Hi, I was trying to install a package with SBCL, and ran into a bug in their version of ASDF-Install, so I tried installing your version with `(asdf-install:install "asdf-install")'. I ran into a little problem: the `tests' directory contains some Allegro fasls, and since Allegro and SBCL unfortunately both use the extension `.fasl', SBCL chokes on them. I assume they were included inadvertently. -- Scott From Scott at sympoiesis.com Mon May 28 07:04:56 2007 From: Scott at sympoiesis.com (Scott L. Burson) Date: Mon, 28 May 2007 00:04:56 -0700 Subject: [asdf-install-devel] Minor problem installing ASDF-Install Message-ID: Hi, I was trying to install a package with SBCL, and ran into a bug in their version of ASDF-Install, so I tried installing your version with `(asdf-install:install "asdf-install")'. I ran into a little problem: the `tests' directory contains some Allegro fasls, and since Allegro and SBCL unfortunately both use the extension `.fasl', SBCL chokes on them. I assume they were included inadvertently. -- Scott From gwking at metabang.com Mon May 28 13:45:03 2007 From: gwking at metabang.com (Gary King) Date: Mon, 28 May 2007 09:45:03 -0400 Subject: [asdf-install-devel] Minor problem installing ASDF-Install In-Reply-To: <5F6F2DE0-893B-48F3-8C43-1A694F32AE4E@sympoiesis.com> References: <5F6F2DE0-893B-48F3-8C43-1A694F32AE4E@sympoiesis.com> Message-ID: <17FF7403-5725-43A2-9FB0-10E066EA01F9@metabang.com> Hi Scott, Thanks for pointing this out and a hand slap to me for letting these slip in; I just uploaded the source again and all seems to be well. Please let me know if you have any other problems with the portable version of ASDF-Install. Also, what wasn't working in SBCL's version? thanks, On May 28, 2007, at 3:12 AM, Scott L. Burson wrote: > [Resending after subscribing to the list] > > Hi, > > I was trying to install a package with SBCL, and ran into a bug in > their version of ASDF-Install, so I tried installing your version > with `(asdf-install:install "asdf-install")'. I ran into a little > problem: the `tests' directory contains some Allegro fasls, and > since Allegro and SBCL unfortunately both use the extension > `.fasl', SBCL chokes on them. I assume they were included > inadvertently. > > -- Scott > _______________________________________________ > asdf-install-devel mailing list > asdf-install-devel at common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/asdf-install-devel -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From gwking at metabang.com Mon May 28 13:46:12 2007 From: gwking at metabang.com (Gary King) Date: Mon, 28 May 2007 09:46:12 -0400 Subject: [asdf-install-devel] ASDF-Install working on Windows XP with CLISP In-Reply-To: <7f55268a0705262101t5c8d1188wce3c5dc5c1b52fbb@mail.gmail.com> References: <7f55268a0705262101t5c8d1188wce3c5dc5c1b52fbb@mail.gmail.com> Message-ID: <529C4A8C-C1D1-431F-A502-193517F0B0D6@metabang.com> Hi Chris, This looks exciting. I'll respond in more detail when I have some time to digest it all. -- Gary Warren King, metabang.com Cell: (413) 885 9127 Fax: (206) 338-4052 gwkkwg on Skype * garethsan on AIM From Scott at sympoiesis.com Mon May 28 16:05:31 2007 From: Scott at sympoiesis.com (Scott L.Burson) Date: Mon, 28 May 2007 09:05:31 -0700 Subject: [asdf-install-devel] Minor problem installing ASDF-Install In-Reply-To: <17FF7403-5725-43A2-9FB0-10E066EA01F9@metabang.com> References: <5F6F2DE0-893B-48F3-8C43-1A694F32AE4E@sympoiesis.com> <17FF7403-5725-43A2-9FB0-10E066EA01F9@metabang.com> Message-ID: <0CF0028F-90B6-4E22-BC3D-7D2D030A6540@sympoiesis.com> On May 28, 2007, at 6:45 AM, Gary King wrote: > Please let me know if you have any other problems with the portable > version of ASDF-Install. Also, what wasn't working in SBCL's version? > Here's what I sent them yesterday. -- Scott ------ Begin message to sbcl-devel at lists.sourceforge.net ------ Hi, Today I was creating an ASDF-Installable package for my newly released functional collections library (http://common-lisp.net/ project/fset/), and tested by installing it with SBCL, and ran into some problems with ASDF-Install: () The worst was that my `defsystem' form, in the `.asd' file, was written in such a way as to generate two `asdf:missing-dependency' signals for the same subsystem, and a bug in `asdf-install:install' caused the subsystem's package file to be downloaded twice, wherein the `open' call failed the second time with a "file exists" error. (I was able to work around this by rewriting my `defsystem' form to use `:serial t', but it still seemed worth fixing.) () A minor annoyance was that when the `key-not-found' error was signalled telling me I need to do `gpg --recv-keys', and I did so, there was no convenient way to continue; I had to abort the installation and start over. () Along with that, there were two cosmetic problems with the `key- not-found' message: first, the hex key fingerprints were prefixed with "0x", which was superfluous, and second, `*print-circle*' needed to be bound to `nil' for the message not to be pointlessly confusing since the fingerprint is printed twice. I enclose a patch for ASDF-Install that fixes all these problems. -- Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-asdf-install-20070527 Type: application/octet-stream Size: 5546 bytes Desc: not available URL: -------------- next part -------------- From acristin at gmail.com Mon May 28 22:05:05 2007 From: acristin at gmail.com (Andy Cristina) Date: Mon, 28 May 2007 17:05:05 -0500 Subject: [asdf-install-devel] ASDF-Install working on Windows XP with CLISP In-Reply-To: <7f55268a0705262101t5c8d1188wce3c5dc5c1b52fbb@mail.gmail.com> References: <7f55268a0705262101t5c8d1188wce3c5dc5c1b52fbb@mail.gmail.com> Message-ID: <6043bfd00705281505i2640e141sddda3a3223c7fbb3@mail.gmail.com> My experience getting asdf-install to work on windows could be summed up with two sentences: If you fix path issues and ignore cygwin, the unix side of the code works fine for windows. If you can find a version of GNU tar that is not terminally braindead, asdf-install works fine on windows. The fact that asdf-install reads the output of tar to find .asd files was always something that I considered to be really really horrible, but it was too much effort to change for something that, ultimately, I decided wasn't worth using anyway (not that its bad software, I just found that it wasn't very difficult to install things by hand and I was having to install libraries where the asdf-install link was not current). On 5/26/07, Chris Done wrote: > Hi. I've been fudging about with ASDF-Install on Windows+CLISP and > here's what I've been up to. > > What works (and did not before) > ---------- > > (1) The system-wide location chooses a more sensible location by default. > (2) When extracting the ASDF packages it now uses the MinGW version of > tar, and works successfully. > (3) Now uses a tiny (12KB) shortcut creating utility I wrote (MIT > license if you want the C++ code*) to create shortcuts to the .asd > files. It uses this transparently in the same way that the tar > extracting code does. > (4) Retrieving dependencies works correctly. E.g. I can successfully > download and install cl-irc and its dependencies. > > * I was going to write the shortcut creation with CLISP's FFI, but you > have to use COM in Windows to create shortcuts, and to implement a > wrapper in Lisp for that is a frightening concept to me indeed. > > Problems > -------- > > My actual Cygwin installation is broken. Such was my initial > motivation to "fix" ASDF-Install was because a friend said he was > using Emacs and CLISP under Cygwin (on Windows XP) so that he could > use ASDF-Install. So, I figured I would make modifications that make > it independent of Cygwin and Cygwin's bash. > > The actual execution of Cygwin's tar didn't seem correct. I replaced > the execution program and arguments with that of MinGW's tar and it > seemed to hang while reading from the stream, even though tar outputs > something. Perhaps I am in the wrong, but I wrote another function > that does this for the MinGW tar so that it returns the output > successfully. > > I'm not sure about defsystem, I've never used it or read about it. I > don't remember modifying anything asdf-specific, but I probably may > have. I'll have to look into it. > > What I plan to do > ----------------- > > I've learned a lot about Common Lisp and portability in going through > ASDF-Install, so I'll probably be making quite a few additions to it. > > I need to clean up a few things, to make sure my modifications are > completely transparent i.e ASDF-Install works precisely as before on > non-Windows+CLISP setups. > > Once I've cleaned up the code, as I said before, I'll upload it > somewhere if anyone wants to test it on their Windows+CLISP setup. > > What I'm considering > -------------------- > > My heart jumps when the error pops up in SLIME about PGP signatures, > where I commonly select "don't verify". I was thinking it may be a > good idea to make errors and choices interactive. But, I know some > people do like interactive programs, likewise sometimes I do not. So > in that case perhaps asdf-install:install could have a ':interactive' > option which would enable a more newb-friendly, simple interface -- > but would not be the default option? or some other method of > controlling the way that ASDF-Install interacts with the user. E.g.: > > (asdf-install:install 'cl-irc :interactive t) > > I'm probably going to implement something like this. But I would like > to know your opinions on what I have done and what I plan to do, if > you have any. Being primarily on Windows, I think I have the > opportunity to add some cool stuff to ASDF-Install on the Windows side > of things. Ho, ho. > > Cheers > > -- > Chris Done > _______________________________________________ > asdf-install-devel mailing list > asdf-install-devel at common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/asdf-install-devel >