Can we prevent mix archive.install from installing improper archive?

Nerves Forum Nerves Questions / Help
, ,
1

It seems like currently any Elixir package can be locally installed using
mix archive.install hex <package-name> command; however locally installing a
wrong package can negatively affect our local development environment particularly when dependencies are involved.

As an example, for Nerves project, we need to locally install one package called
nerves_bootstrap by running mix archive.install hex nerves_bootstrap.

https://hexdocs.pm/nerves/installation.html

But when we accidentally install nerves instead of nerves_bootstrap,
mix deps.get suddenly stops working in all the local Nerves firmware projects.

$ mix archive
* hex-2.0.4
* nerves-1.9.3   #<-- this is bad because it should not exist locally
* nerves_bootstrap-1.11.3
* phx_new-1.6.15
Archives installed at: /Users/mnishiguchi/.asdf/installs/elixir/1.14.3-otp-25/.mix/archives

We get an error that is not directly related to the mistake we make. The error
may looks like this:

mix deps.get
...
All dependencies are up to date

Nerves environment
  MIX_TARGET:   grisp2
  MIX_ENV:      dev

Checking for prebuilt Nerves artifacts...
  Checking nerves_system_grisp2...
  => Trying https://github.com/nerves-project/nerves_system_grisp2/releases/download/v0.6.0/nerves_system_grisp2
-portable-0.6.0-3B7C7BE.tar.gz

22:32:18.982 [notice] Application eex exited: :stopped
** (MatchError) no match of right hand side value: {:error, {:castore, {'no such file or directory', 'castore.ap
p'}}}
    (nerves 1.9.3) lib/nerves/utils/http_client.ex:24: Nerves.Utils.HTTPClient.start_link/0
    (nerves 1.9.3) lib/nerves/artifact/resolvers/uri.ex:14: Nerves.Artifact.Resolvers.URI.get/1
    (nerves 1.9.3) lib/nerves/artifact/resolver.ex:20: Nerves.Artifact.Resolver.do_get/3
    (nerves 1.9.3) lib/mix/tasks/nerves.artifact.get.ex:65: Mix.Tasks.Nerves.Artifact.Get.get_artifact/2
    (elixir 1.14.3) lib/enum.ex:975: Enum."-each/2-lists^foreach/1-0-"/2
    (mix 1.14.3) lib/mix/task.ex:421: anonymous fn/3 in Mix.Task.run_task/4
    (nerves_bootstrap 1.11.3) lib/mix/tasks/nerves.deps.get.ex:15: Mix.Tasks.Nerves.Deps.Get.run/1
    (mix 1.14.3) lib/mix/task.ex:421: anonymous fn/3 in Mix.Task.run_task/4``

Now I know the error occurs because the archive does not have dependencies but when
making this type mistake accidentally, the error message might not be so helpful in debugging.

Is there a way to prevent an improper archive from being accidentally installed locally, or
somehow show a little more informative error message?

5 Likes
2

Installing :nerves instead of :nerves_bootstrap will be prevented in the next release by this change. The way it works is by aliasing archive.build to raise with an error message.

5 Likes