search

pythonista-cloud / server

The index powering pythonista-cloud, the package manager for Pythonista.
5 stars 0 forks source link

Generate short installer snippets for libraries #2

Open controversial opened 7 years ago

controversial commented 7 years ago

Each library should have an installer snippet that can be pasted to install it to site-packages. This would work independently from the cloud module.

lukaskollmer commented 7 years ago

1) why would you have that? 2) how would it work?

controversial commented 7 years ago

Like the StaSh installer: import requests as r; exec(r.get("goo.gl/abcdef").text);. Each repo would have code. Then the shortlink would expand to installers.pythonista.cloud/?something, which would return a full install script.

lukaskollmer commented 7 years ago

Is the install script supplied by the library or by pythonista.cloud? Using exec is really dangerous if you don't control every step of the process.

Also, I think it'd make more sense to have an install script that just calls the locally installed cloud module to install libraries. If cloud isn't already installed, the script should install cloud first, then use it to install the other library. I know this sounds a bit complicated but I think it makes more sense, otherwise you'd just create two separate dependency installation services.

controversial commented 7 years ago

The install script just downloads and extracts the script to site-packages or Documents (depending on the type of package). It doesn’t allow execution of arbitrary code.

The install script might leverage cloud, but I was intending them to be separate since cloud will have a custom dependency and caching mechanism, and will involve a lot of behind-the-scenes voodoo. The install scripts would be the “other way” and they’d just be for installing to site-packages or Documents.

On Wed, Sep 28, 2016 at 8:43 AM Lukas Kollmer notifications@github.com wrote:

Is the install script supplies by the library or by pythonista.cloud? Using exec is really dangerous if you don't control every step of the process.

Also, I think it'd make more sense to have an install script that just calls the locally installed cloud module to install libraries. If cloud isn't already installed, the script should install cloud first, then use it to install the other library. I know this sounds a bit complicated but I think it makes more sense, otherwise you'd just create two separate dependency installation services.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pythonista-cloud/server/issues/2#issuecomment-250155590, or mute the thread https://github.com/notifications/unsubscribe-auth/AJ5Yr68H88TSxXiOUuTk_oSLU_N92jPvks5qumDwgaJpZM4KIvCA .