Re: [PATCH 2/4] emacs: Add 'guix-devel-download-package-source'.

[Ludovic Courtès]

Alex Kost <address@hidden> skribis:

> Ludovic Courtès (2015-10-03 23:35 +0300) wrote:
>
>> Alex Kost <address@hidden> skribis:
>>
>>> * emacs/guix-devel.el (guix-devel-setup-repl): Use (guix packages) module.
>>>   (guix-devel-download-package-source): New command.
>>>   (guix-devel-keys-map): Add key binding for it.
>>> * doc/emacs.texi (Emacs Development): Document it.
>>
>> [...]
>>
>>> +(defun guix-devel-download-package-source ()
>>> +  "Download the source of the current package.
>>> +Use this function to compute SHA256 hash of the package source."
>>> +  (interactive)
>>> +  (guix-devel-with-definition def
>>> +    (guix-devel-use-modules "(guix scripts download)")
>>> +    (when (or (not guix-operation-confirm)
>>> +              (y-or-n-p (format "Download '%s' package source?" def)))
>>> +      (guix-geiser-eval-in-repl
>>> +       (format "(guix-download (origin-uri (package-source %s)))"
>>> +               def)))))
>>
>> What about instead building the ‘package-source-derivation’ of the
>> package?  That way, that would do the exact same thing as ‘guix build
>> -S’ and would work not only with ‘url-fetch’ but also with the other
>> things.
>>
>> WDYT?
>
> The goal of this command is to display a hash.

So this would be something one would use as they write a package
definition, to fill in the ‘sha256’ field, right?

In that case, I would suggest something based on the URL at point rather
than the origin at point.

However, if this is “too convenient”, I’m afraid this would give an
incentive to not check OpenPGP signatures when they are available.

> At first I also thought about building a package source and then to
> calculate the hash of the store file, but this way will lead to the
> wrong hashes for "snippet"-ed origins.  Or do I miss anything?

Well, I think bindings for ‘package-source-derivation’ would also be
useful, but IIUC this is not what you had in mind.

Thanks,
Ludo’.