ASDF-Install - last updated 2008-07-10

Downloads and installs an ASDF or a MK:DEFSYSTEM system or anything else that looks convincingly like one. It updates the ASDF:*CENTRAL-REGISTRY* symlinks for all the toplevel .asd files it contains, and it also MK:ADD-REGISTRY-LOCATION for the appropriate directories for MK:DEFSYSTEM.

Please read this file before use: in particular: this is an automatic tool that downloads and compiles stuff it finds on the internet. Please look at the SECURITY section and be sure you understand the implications

Usage

This can be used either from within a CL implementation:

cl-prompt> (load "/path/to/load-asdf-install.lisp")
cl-prompt> (asdf-install:install 'xlunit) ; for example

With SBCL you can also use the standalone command `sbcl-asdf-install' from the shell:

$ sbcl-asdf-install xlunit

Each argument may be -

Security Concerns: Read This Carefully

When you invoke asdf-install, you are asking your CL implementation to download, compile, and install software from some random site on the web. Given that it's indirected through a page on CLiki, any malicious third party doesn't even need to hack the distribution server to replace the package with something else: he can just edit the link.

For this reason, we encourage package providers to crypto-sign their packages (see details at the URL in the PACKAGE CREATION section) and users to check the signatures. asdf-install has three levels of automatic signature checking: "on", "off" and "unknown sites", which can be set using the configuration variables described in CUSTOMIZATION below. The default is "unknown sites", which will expect a GPG signature on all downloads except those from presumed-good sites. The current default presumed-good sites are CCLAN nodes, and two web sites run by SBCL maintainers: again, see below for customization details

Customization

If the file $HOME/.asdf-install exists, it is loaded. This can be used to override the default values of exported special variables. Presently these are

Package Creation

If you want to create your own packages that can be installed using this loader, see the "Making your package downloadable..." section at http://www.cliki.net/asdf-install

Hackers Note

Listen very carefully: I will say this only as often as it appears to be necessary to say it. asdf-install is not a good example of how to write a URL parser, HTTP client, or anything else, really. Well-written extensible and robust URL parsers, HTTP clients, FTP clients, etc would definitely be nice things to have, but it would be nicer to have them in CCLAN where anyone can use them - after having downloaded them with asdf-install - than in SBCL contrib where they're restricted to SBCL users and can only be updated once a month via SBCL developers. This is a bootstrap tool, and as such, will tend to resist changes that make it longer or dependent on more other packages, unless they also add to its usefulness for bootstrapping.

Todo