21.02.13 16:18, Ulrich Mueller написав(ла): > It looks promising. I only wonder why you need to define your own > fetch function instead of assigning SRC_URI? This will cause the > ebuilds to be live ebuilds and there will be no possibility for the > user to verify the integrity of the downloaded package. Or have I > missed something? > > > Cheers, > Ulrich >
Thanks. The problem with SRC_URI is that if it is defined, manifests should include hashes of the source files. As g-elisp is aimed to dynamically generate overlays on user's computer it means that during this generation all the sources from elisp repos will be downloaded. It isn't very nice. The integrity of sources could be verified in ebuild, but I have not found any hashes in elpa's repository info. May be I just failed in my googling, so if you know a solution of this problem, I will implement it with great pleasure. Best regards, Jauhien
signature.asc
Description: OpenPGP digital signature
