Lispy

Common Lisp library management in Common Lisp

Introduction

Lispy is a library manager for Common Lisp, written in Common Lisp. All of its dependencies except for GPG (with which signed maps and releases are verified) are written in portable Common Lisp. With this approach you should only need a Lisp implementation installed to get started. The Lispy project has two goals:

  1. Implement an easy to use, portable library manager.
  2. Provide a wealth of ready to install libraries.

The Lispy project uses an  RSS feed to post news about significant updates to Lispy, new releases and also new libraries available in the maps.

Maps

Lispy uses distributed software "maps" to locate Common Lisp source libraries. A map contains metadata about libraries such as versions, dependencies and any extra ASDF paths. The Lispy project distributes two maps: Official and Experimental. Lispy maps are merely text files containing symbolic expressions (sexps) and are intended to be easy to use and manipulate, and to be transparent.

You may have your own source libraries or other libraries not mapped by the Lispy project. In this case, you can create your own maps or build on maps created by others. Lispy will merge them for you in the order you specify. Since Lispy uses ASDF to manage dependencies, you can also override Lispy-installed libraries by including your own earlier in ASDF's central registry list.

Upstream Source

The source archives of all Common Lisp libraries mapped by the Lispy project maps are mirrored to ensure availability. Source archives are modified by the Lispy project in the following cases.

The source archive lacks a version number.
Common Lisp source is frequently distributed in versionless archives. The Lispy project will rename the archive to include the version number or date if no version number is available.
The source needs to be patched in order to work.
The Lispy project creates a patch and sends it upstream as soon as possible.
There is no upstream source.
Occassionaly, a project will only distribute source via version control systems (even for stable code). Because this does not fit into the archive-based model Lispy uses, it is necessary to create an archive specifically for Lispy.

Security

Lispy release archives and the official maps are signed to ensure tampering cannot occur. The mirrored archives are not signed, but their MD5 sum is included in the maps. Therefore the mirrored archives are protected indirectly by the map's signature.

Signature verification is manual for the Lispy release archives (after all you have to download that for yourself). Support for automatically verifying the signature of the maps Lispy downloads is in development.

You may contact the maintainers of the Lispy project in order to establish the authenticity of the signing key. The key ID is 0x7CF49723 and can be found on key servers. e.g.

$ gpg --search-key 0x7CF49723
(1)     Matthew Kennedy <xxxxxxxx@common-lisp.net>
          1024 bit DSA key 7CF49723, created: 2008-01-18
Keys 1-1 of 1 for "0x7CF49723".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 7CF49723 from hkp server subkeys.pgp.net
...

Lispy Box

Lispy Box is a sub-project of the Lispy project which aims to create a Common Lisp library “box” or starter kit similar to LibCL, Lispbox, Lisp in a Box and STARTER-PACK. Lispy Box is distributed as a rolling release (similar to how Ubuntu is released). Each release includes the entire Official map of Common Lisp libraries at the time of the Lispy Box release in one large archive.

Layout and style inspired by CFFI.

Documentation

  • Lispy User Guide
  • Mapping Guide
  • Lispy versus …
  • Screen Casts
    • Getting Started (16MB)
    • Upgrading Libraries (3MB)
  • API

Lispy Maps

  • Official (signature)
  • Experimental (signature)

Mailing Lists

  • Announcements
  • Development

Source Code

  • Lispy 0.5 (1.9M, signature)
  • Lispy Box 9.12 (6.8M, signature)
  • Releases
  • Git Repository
  • Signing Key 0x7CF49723