Mercurial > octave
changeset 24872:a26f8c97df21
warning and yes_or_no for installing using url
* doc: include an example and state "security issue" and
"no community support"
author | Juan Pablo Carbajal <ajuanpi+dev@gmail.com> |
---|---|
date | Wed, 14 Mar 2018 08:29:47 +0100 |
parents | ca43264971ea |
children | 486bc22482ca |
files | .hgsubstate scripts/pkg/pkg.m |
diffstat | 2 files changed, 45 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgsubstate Tue Mar 13 17:47:20 2018 +0100 +++ b/.hgsubstate Wed Mar 14 08:29:47 2018 +0100 @@ -1,1 +1,1 @@ -39ff6af136126e6e8c37f22bd2c57f411d0664b6 gnulib +733fbf6b39bc505d2717f25e8b7d114aeaa94098 gnulib
--- a/scripts/pkg/pkg.m Tue Mar 13 17:47:20 2018 +0100 +++ b/scripts/pkg/pkg.m Wed Mar 14 08:29:47 2018 +0100 @@ -39,7 +39,27 @@ ## @end example ## ## @noindent -## installs the package found in the file @file{image-1.0.0.tar.gz}. +## installs the package found in the file @file{image-1.0.0.tar.gz}. The +## file containing the package can be an url, e.g. +## +## @example +## pkg install 'http://somewebsite.org/image-1.0.0.tar.gz' +## @end example +## +## @noindent +## installs the package found in the given url. This +## requires an internet connection and the cURL library. +## +## @noindent +## @emph{Security risk}: no verification of the package is performed +## before the installation. It has the same security issues as manually +## downloading the package from the given url and installing it. +## +## @noindent +## @emph{No support}: the GNU Octave community is not responsible for +## packages installed from foreign sites. For support or for +## reporting bugs you need to contact the maintainers of the installed +## package directly (see the @file{DESCRIPTION} file of the package) ## ## The @var{option} variable can contain options that affect the manner ## in which a package is installed. These options can be one or more of @@ -398,16 +418,31 @@ if (success != 1) error ("pkg: failed to create temporary directory: %s", msg); endif + for file_idx = find (external_files_mask) - [~, fname, fext] = fileparts (files{file_idx}); - local_files{end+1} = fullfile (tmp_dir, [fname fext]); + + warning ('Octave:security', + ['You are installing from an unofficial source.\n' ... + 'The GNU Octave community is not responsible' ... + ' for the content of this package.\n' ... + '%s will be downloaded and installed.\n'], + files{file_idx}); + _yes = yes_or_no ('Are you sure you want to do this? '); - [~, success, msg] = urlwrite (files{file_idx}, local_files{end}); - if (success != 1) - error ("pkg: failed to read package '%s': %s", - files{file_idx}, msg); - endif - files{file_idx} = local_files{end}; + if (_yes) + [~, fname, fext] = fileparts (files{file_idx}); + local_files{end+1} = fullfile (tmp_dir, [fname fext]); + + [~, success, msg] = urlwrite (files{file_idx}, local_files{end}); + if (success != 1) + error ("pkg: failed to read package '%s': %s", + files{file_idx}, msg); + endif + files{file_idx} = local_files{end}; + else + files(file_idx) = []; + endif # do remote install + endfor endif endif