sebnow
commented
14 years ago Work on this has already started as a child project. It initially started as parched, a primitive parser implemented python. A more sophisticated parser was started to conform to shell semantics. The python parser will be converted to bindings for this parser once it has reached a usable state*.
- Or has at least surpassed parched in usability.
The current parser sources the PKGBUILD in a shell, outputting the variables in a Python-compatible format, which is then evaluated in python. This works extremely well as far as parsing goes, but at the cost of security. Malicious code can be used, or even just a simple infinite loop could hang the server. A secure and restricted parser/interpreter should be implemented to rectify this.