Pkg.jl: Detect modification of packages that are supposed to be immutable
If a user accidentally modifies a package (for example by using @edit), the package could easily break and I don't think there is a way to detect it.
Perhaps there should be some option of doing an integrity check that checks that the tree hashes in the saved packages actually are what they are supposed to be?
KristofferC
All 5 comments
I was imagining a pkg> fsck or pkg> verify command to check all of your dependencies – and maybe fix them for you if they're broken.
StefanKarpinski
on 17 Nov 2017
Stefan had a thought about making the files read only.
KristofferC
on 24 Feb 2018
+1 to both read-only and a check (preferably run at each update). I just got bitten by a corrupted file and it took me some time to figure out what is going on.
mauro3
on 3 Jul 2018
Would probably need something like https://github.com/simonbyrne/GitX.jl/commit/886bbddfb9d2508b04c6722718967fe558486349 to verify the tree hash.
Would just removing -w on all files work well on all OS?
KristofferC
on 3 Jul 2018
Discussed at JuliaCon. Making them read-only seems like it gets you 98% of the way there. Right now @edit pkgfoo(x) takes you to this very tempting target for modification...
timholy
on 30 Aug 2018
Related issues
oxinabox
·
3Comments
jlperla
·
3Comments
DilumAluthge
·
3Comments
KristofferC
·
4Comments
KristofferC
·
4Comments
Most helpful comment
Discussed at JuliaCon. Making them read-only seems like it gets you 98% of the way there. Right now
@edit pkgfoo(x)takes you to this very tempting target for modification...