Upgrade example fails

Question

Upgrade example fails

assumptionsoup opened this issue 8 years ago · 11 comments

On my machine at least, this is the output:

 ~$ ellipsis new dotfiles
Initialized empty Git repository in /home/jordan/.ellipsis/packages/dotfiles/.git/
[master (root-commit) e6a0ced] Initial commit
 2 files changed, 35 insertions(+)
 create mode 100644 README.md
 create mode 100644 ellipsis.sh
new package created at ~/.ellipsis/packages/dotfiles

 ~$ ellipsis add dotfiles .*
[FAIL] /home/jordan/.ellipsis/packages/dotfiles/ already exists!

 ~$ ellipsis remove dotfiles

 ~$ ellipsis add dotfiles .*
[FAIL] Unkown package dotfiles, ~/.ellipsis/packages/dotfiles missing!

I wonder if ellipsis is trying to add itself as a dotfile with this command. Or maybe it's failing because .* expands to include . and ..

Answer 1 · 2016-05-02T17:43:14.000Z

Totally forgot about this, sorry! (been busy)

It's indeed trying to add itself, which is causing serious trouble.

I think it was intended to add file by file without using a glob. It will also break stuff if you already installed packages.

This should definitely be fixed or prevented.

Answer 2 · 2016-05-06T06:48:23.000Z

One of the problems with using a glob is that it will also add files that you don't want in your package.
(.ellipsis, .bash_history, .rng, links from other packages,....)

We could test for these cases, but I think its better to discourage the use of the .* glob. Maintaining that list would be tedious and there will always be files that aren't in the list and cause trouble.

So i suggest to update the docs and add a check to fail if the .* glob is being used. (eg. .ellispsis is in the file/dir list)

Whats your opinion @zeekay, @assumptionsoup?

Answer 3 · 2016-05-06T18:31:28.000Z

Leaning towards keeping track of ellipsis stuff and pruning ., ... Anything not known by ellipsis should probably be added.

Answer 4 · 2016-05-06T18:50:20.000Z

And what would you do for files that aren't ellipsis related? (.bash_history, .rng,...) I don't like blacklists..

Answer 5 · 2016-05-06T18:50:43.000Z

I would add them.

Answer 6 · 2016-05-06T18:51:44.000Z

You might want to for instance capture your current dot-file setup in one go. Can always prune incorrectly captured files with remove or however that shakes out. Seems super handy, especially for people just starting out.

Answer 7 · 2016-05-06T18:54:40.000Z

I would also love to keep the functionality, but I'm concerned about possible security risks if people forget to remove files. Although not completely fool proof, we could just add a warning.

Answer 8 · 2016-05-06T18:56:14.000Z

The only files you might want to avoid that I can think of would be those with credentials saved in them. I tend to split those off into a different package so I can still track them, but privately. Maybe extend intro tutorial to talk about best practices for securely creating your first package and note which dotfiles you generally want to avoid directly adding?

Answer 9 · 2016-05-06T19:01:32.000Z

Exactly the way I do it to!

So to sum it up,

Filter ellipsis related files
Add warning about certain files if usage of .* is detected (ellipsis path is in the list?)
Update docs to inform about best practices and safely setting up first package

Answer 10 · 2016-05-06T19:02:34.000Z

Yes I think so. Any file linking back into ~/.ellipsis we should ignore as well.

Answer 11 · 2016-05-06T19:08:13.000Z

I guess we could maintain a small list of files known to contain credentials and warn about them. Off the top of my head:

.ssh
.gitconfig
.gemrc
.npmrc
.pypirc
.pgpass
.floorc
.gist
.netrc
.git-credential-cache

Additionally:

Should probably also warn about anything with history in it
Might want to completely ignore a few known non-useful directories to track, like .cache, .zcompdump, etc.
Might be useful to add an unlinked command to list all unlinked dotfiles