* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. @ 2023-03-01 22:20 Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 6:57 ` Eli Zaretskii ` (2 more replies) 0 siblings, 3 replies; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-01 22:20 UTC (permalink / raw) To: 61901 [-- Attachment #1: Type: text/plain, Size: 370 bytes --] This patch allows users to trust directories to load dir-local variables from, so they don't have to do something lile this: (defun risky-local-variable-p (sym &optional _ignored) nil) as suggested here: https://emacs.stackexchange.com/questions/10983/remember-permission-to-execute-risky-local-variables It also works over TRAMP if enable-remote-dir-locals is true. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-Add-permanently-enabled-local-variable-dirs-variable.patch --] [-- Type: text/x-patch, Size: 6857 bytes --] From 93494f5beb4b51d989ea87755c077379458ffb04 Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Wed, 1 Mar 2023 21:59:57 +0000 Subject: [PATCH] Add permanently-enabled-local-variable-dirs variable. This variable can be set to automatically load risky dir-local variables from a list of trusted directories. * lisp/emacs-lisp/files.el (permanently-enabled-local-variable-dirs, hack-local-variables-filter, hack-local-variables-confirm): New variable and associated logic. * test/lisp/files-tests.el (files-tests-permanently-enabled-local-variable-dirs): Add tests for same. * doc/lispref/variables.texi (File Local Variables): Add documentation for same. * etc/NEWS (Lisp Changes in Emacs 30.1): Add news entry for same. --- doc/lispref/variables.texi | 6 ++++++ etc/NEWS | 5 +++++ lisp/files.el | 27 ++++++++++++++++++++++----- test/lisp/files-tests.el | 22 ++++++++++++++++++++++ 4 files changed, 55 insertions(+), 5 deletions(-) diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index 5584cbce9a6..47cfb824dcb 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1974,6 +1974,12 @@ File Local Variables symbols. @end defvar +@defvar permanently-enabled-local-variable-dirs +This is a list of trusted directories that contain local variables. +Local variables in these directories will always be enabled, regardless +of whether they are risky. +@end defvar + @defun hack-local-variables &optional handle-mode This function parses, and binds or evaluates as appropriate, any local variables specified by the contents of the current buffer. The variable diff --git a/etc/NEWS b/etc/NEWS index 31fb22fc1e2..cc5198a903b 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -238,6 +238,11 @@ hooks named after the feature name, like 'esh-mode-unload-hook'. \f * Lisp Changes in Emacs 30.1 ++++ +** New variable 'permanently-enabled-local-variable-dirs'. +This variable is used to to permanently trust directories containing +risky directory-local variables. + ** Functions and variables to transpose sexps +++ diff --git a/lisp/files.el b/lisp/files.el index 387a3b5dc66..bde126375ae 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -681,7 +681,8 @@ enable-local-variables always obeys file local variable specifications and the -*- line, and ignores this variable. -Also see the `permanently-enabled-local-variables' variable." +Also see the `permanently-enabled-local-variables' and +'permanently-enabled-local-variable-dirs' variables." :risky t :type '(choice (const :tag "Query Unsafe" t) (const :tag "Safe Only" :safe) @@ -3692,6 +3693,14 @@ permanently-enabled-local-variables "A list of file-local variables that are always enabled. This overrides any `enable-local-variables' setting.") +(defcustom permanently-enabled-local-variable-dirs '() + "A list of directories that contain local variables that are always +enabled, regardless of whether they are risky." + :version "30.1" + :type '(repeat string) + :risky t + :group 'find-file) + (defun hack-local-variables-confirm (all-vars unsafe-vars risky-vars dir-name) "Get confirmation before setting up local variable values. ALL-VARS is the list of all variables to be set up. @@ -3730,7 +3739,9 @@ hack-local-variables-confirm ! -- to apply the local variables list, and permanently mark these values (*) as safe (in the future, they will be set automatically.) i -- to ignore the local variables list, and permanently mark these - values (*) as ignored\n\n") + values (*) as ignored ++ -- to apply the local variables list, and permanently trust " + name "\n\n") (insert "\n\n")) (dolist (elt all-vars) (cond ((member elt unsafe-vars) @@ -3754,7 +3765,7 @@ hack-local-variables-confirm (pop-to-buffer buf '(display-buffer--maybe-at-bottom)) (let* ((exit-chars '(?y ?n ?\s)) (prompt (format "Please type %s%s: " - (if offer-save "y, n, ! or i" "y or n") + (if offer-save "y, n, !, i, or +" "y or n") (if (< (line-number-at-pos (point-max)) (window-body-height)) "" @@ -3762,8 +3773,13 @@ hack-local-variables-confirm char) (when offer-save (push ?i exit-chars) - (push ?! exit-chars)) + (push ?! exit-chars) + (push ?+ exit-chars)) (setq char (read-char-choice prompt exit-chars)) + (when (and offer-save (= char ?+)) + (customize-push-and-save + 'permanently-enabled-local-variable-dirs + (list dir-name))) (when (and offer-save (or (= char ?!) (= char ?i)) unsafe-vars) @@ -3772,7 +3788,7 @@ hack-local-variables-confirm 'safe-local-variable-values 'ignored-local-variable-values) unsafe-vars)) - (prog1 (memq char '(?! ?\s ?y)) + (prog1 (memq char '(?! ?\s ?y ?+)) (quit-window t))))))) (defconst hack-local-variable-regexp @@ -3904,6 +3920,7 @@ hack-local-variables-filter (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) + (member dir-name permanently-enabled-local-variable-dirs) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) diff --git a/test/lisp/files-tests.el b/test/lisp/files-tests.el index aadb60e1de7..95eaf9a6bd0 100644 --- a/test/lisp/files-tests.el +++ b/test/lisp/files-tests.el @@ -166,6 +166,28 @@ files-tests-permanent-local-variables (hack-local-variables) (should (eq lexical-binding nil))))) +(ert-deftest files-tests-permanently-enabled-local-variable-dirs () + ;; permanently-enabled-local-variable-dirs should be risky, + ;; so use it as an arbitrary risky variable. + (let ((test-alist '((permanently-enabled-local-variable-dirs + . "some_val"))) + (fakedir "test1/test2") + (enable-local-eval t)) + (with-temp-buffer + (setq permanently-enabled-local-variable-dirs (list fakedir)) + (hack-local-variables-filter test-alist fakedir) + (should (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq permanently-enabled-local-variable-dirs (list fakedir)) + (setq noninteractive t) + (hack-local-variables-filter test-alist "wrong") + (should-not (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq permanently-enabled-local-variable-dirs '()) + (setq noninteractive t) + (hack-local-variables-filter test-alist fakedir) + (should-not (equal file-local-variables-alist test-alist))))) + (defvar files-test-bug-18141-file (ert-resource-file "files-bug18141.el.gz") "Test file for bug#18141.") -- 2.38.1 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. 2023-03-01 22:20 bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-02 6:57 ` Eli Zaretskii 2023-03-02 17:09 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-04-25 16:40 ` bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-09 21:29 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2 siblings, 1 reply; 16+ messages in thread From: Eli Zaretskii @ 2023-03-02 6:57 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901 > Date: Wed, 01 Mar 2023 22:20:33 +0000 > From: Antero Mejr via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org> > > This patch allows users to trust directories to load dir-local variables > from, so they don't have to do something lile this: > (defun risky-local-variable-p (sym &optional _ignored) nil) > as suggested here: > https://emacs.stackexchange.com/questions/10983/remember-permission-to-execute-risky-local-variables > > It also works over TRAMP if enable-remote-dir-locals is true. Thanks, IMO this is a very useful feature. > --- a/doc/lispref/variables.texi > +++ b/doc/lispref/variables.texi > @@ -1974,6 +1974,12 @@ File Local Variables > symbols. > @end defvar > > +@defvar permanently-enabled-local-variable-dirs > +This is a list of trusted directories that contain local variables. > +Local variables in these directories will always be enabled, regardless > +of whether they are risky. > +@end defvar This should explicitly allude to the '.dir-locals.el' files in those directories, since otherwise talking about "directories that contain variables" could be confusing. I also suggest to rename the variable to something like 'permanently-safe-local-variable-directories', or maybe just 'safe-local-variable-directories' which IMO should express the purpose better. > -Also see the `permanently-enabled-local-variables' variable." > +Also see the `permanently-enabled-local-variables' and > +'permanently-enabled-local-variable-dirs' variables." ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ We quote `like this' in doc strings, to produce links in the *Help* buffers. > +(defcustom permanently-enabled-local-variable-dirs '() > + "A list of directories that contain local variables that are always > +enabled, regardless of whether they are risky." The first line of a doc string should be a single complete sentence. (This is because the various apropos commands show only the first line of the doc string.) > @@ -3730,7 +3739,9 @@ hack-local-variables-confirm > ! -- to apply the local variables list, and permanently mark these > values (*) as safe (in the future, they will be set automatically.) > i -- to ignore the local variables list, and permanently mark these > - values (*) as ignored\n\n") > + values (*) as ignored > ++ -- to apply the local variables list, and permanently trust " > + name "\n\n") "permanently trust name" sounds confusing (what is "name"?). How about this variant: + -- to apply the local variables list, and permanently trust all directory-local variables in this directory > @@ -3762,8 +3773,13 @@ hack-local-variables-confirm > char) > (when offer-save > (push ?i exit-chars) > - (push ?! exit-chars)) > + (push ?! exit-chars) > + (push ?+ exit-chars)) > (setq char (read-char-choice prompt exit-chars)) > + (when (and offer-save (= char ?+)) > + (customize-push-and-save > + 'permanently-enabled-local-variable-dirs > + (list dir-name))) Bother: AFAIU here we modify the user's custom file without asking for an explicit permission. Should we ask for permission? Last, but not least: this change is larger than what we can accept without you assigning to FSF the copyright for your changes, and I don't see any copyright assignment in your name on file. Would you be willing to do the legal paperwork for such an assignment? If yes, I will send you the form to start the paperwork rolling; when it is completed, we can install your changes. Thanks. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. 2023-03-02 6:57 ` Eli Zaretskii @ 2023-03-02 17:09 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 18:04 ` Eli Zaretskii 0 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-02 17:09 UTC (permalink / raw) To: Eli Zaretskii; +Cc: Antero Mejr, 61901 [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #1: v2-0001-Add-safe-local-variable-directories-variable.patch --] [-- Type: text/x-patch, Size: 6891 bytes --] From fa06d54fa49e4da536522e798f8c150d65bccf23 Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Wed, 1 Mar 2023 21:59:57 +0000 Subject: [PATCH v2] Add safe-local-variable-directories variable. This variable can be set to automatically load risky dir-local variables from a list of trusted directories. * lisp/emacs-lisp/files.el (safe-local-variable-directories, hack-local-variables-filter, hack-local-variables-confirm): New variable and associated logic. * test/lisp/files-tests.el (files-tests-safe-local-variable-directories): Add tests for same. * doc/lispref/variables.texi (File Local Variables): Add documentation for same. * etc/NEWS (Lisp Changes in Emacs 30.1): Add news entry for same. --- doc/lispref/variables.texi | 7 +++++++ etc/NEWS | 5 +++++ lisp/files.el | 27 ++++++++++++++++++++++----- test/lisp/files-tests.el | 21 +++++++++++++++++++++ 4 files changed, 55 insertions(+), 5 deletions(-) diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index 5584cbce9a6..93243dcb3c0 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1974,6 +1974,13 @@ File Local Variables symbols. @end defvar +@defvar safe-local-variable-directories +This is a list of directories where local variables are always enabled. +Directory-local variables loaded from these directories, such as the +variables in @file{.dir-locals.el}, will be enabled even if they are +risky. +@end defvar + @defun hack-local-variables &optional handle-mode This function parses, and binds or evaluates as appropriate, any local variables specified by the contents of the current buffer. The variable diff --git a/etc/NEWS b/etc/NEWS index 31fb22fc1e2..249dcb92889 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -238,6 +238,11 @@ hooks named after the feature name, like 'esh-mode-unload-hook'. \f * Lisp Changes in Emacs 30.1 ++++ +** New variable 'safe-local-variable-directories'. +This variable is used to to permanently trust directories containing +risky directory-local variables. + ** Functions and variables to transpose sexps +++ diff --git a/lisp/files.el b/lisp/files.el index 387a3b5dc66..a7aea449e09 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -681,7 +681,8 @@ enable-local-variables always obeys file local variable specifications and the -*- line, and ignores this variable. -Also see the `permanently-enabled-local-variables' variable." +Also see the `permanently-enabled-local-variables' and +`safe-local-variable-directories' variables." :risky t :type '(choice (const :tag "Query Unsafe" t) (const :tag "Safe Only" :safe) @@ -3692,6 +3693,15 @@ permanently-enabled-local-variables "A list of file-local variables that are always enabled. This overrides any `enable-local-variables' setting.") +(defcustom safe-local-variable-directories '() + "A list of directories where local variables are always enabled. +Directory-local variables loaded from these directories, such as the +variables in .dir-locals.el, will be enabled even if they are risky." + :version "30.1" + :type '(repeat string) + :risky t + :group 'find-file) + (defun hack-local-variables-confirm (all-vars unsafe-vars risky-vars dir-name) "Get confirmation before setting up local variable values. ALL-VARS is the list of all variables to be set up. @@ -3730,7 +3740,9 @@ hack-local-variables-confirm ! -- to apply the local variables list, and permanently mark these values (*) as safe (in the future, they will be set automatically.) i -- to ignore the local variables list, and permanently mark these - values (*) as ignored\n\n") + values (*) as ignored ++ -- to apply the local variables list, and permanently trust all + directory-local variables in this directory\n\n") (insert "\n\n")) (dolist (elt all-vars) (cond ((member elt unsafe-vars) @@ -3754,7 +3766,7 @@ hack-local-variables-confirm (pop-to-buffer buf '(display-buffer--maybe-at-bottom)) (let* ((exit-chars '(?y ?n ?\s)) (prompt (format "Please type %s%s: " - (if offer-save "y, n, ! or i" "y or n") + (if offer-save "y, n, !, i, or +" "y or n") (if (< (line-number-at-pos (point-max)) (window-body-height)) "" @@ -3762,8 +3774,12 @@ hack-local-variables-confirm char) (when offer-save (push ?i exit-chars) - (push ?! exit-chars)) + (push ?! exit-chars) + (push ?+ exit-chars)) (setq char (read-char-choice prompt exit-chars)) + (when (and offer-save (= char ?+)) + (customize-push-and-save 'safe-local-variable-directories + (list dir-name))) (when (and offer-save (or (= char ?!) (= char ?i)) unsafe-vars) @@ -3772,7 +3788,7 @@ hack-local-variables-confirm 'safe-local-variable-values 'ignored-local-variable-values) unsafe-vars)) - (prog1 (memq char '(?! ?\s ?y)) + (prog1 (memq char '(?! ?\s ?y ?+)) (quit-window t))))))) (defconst hack-local-variable-regexp @@ -3904,6 +3920,7 @@ hack-local-variables-filter (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) + (member dir-name safe-local-variable-directories) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) diff --git a/test/lisp/files-tests.el b/test/lisp/files-tests.el index aadb60e1de7..af74a8b1ecf 100644 --- a/test/lisp/files-tests.el +++ b/test/lisp/files-tests.el @@ -166,6 +166,27 @@ files-tests-permanent-local-variables (hack-local-variables) (should (eq lexical-binding nil))))) +(ert-deftest files-tests-safe-local-variable-directories () + ;; safe-local-variable-directories should be risky, + ;; so use it as an arbitrary risky variable. + (let ((test-alist '((safe-local-variable-directories . "some_val"))) + (fakedir "test1/test2") + (enable-local-eval t)) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (hack-local-variables-filter test-alist fakedir) + (should (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (setq noninteractive t) + (hack-local-variables-filter test-alist "wrong") + (should-not (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories '()) + (setq noninteractive t) + (hack-local-variables-filter test-alist fakedir) + (should-not (equal file-local-variables-alist test-alist))))) + (defvar files-test-bug-18141-file (ert-resource-file "files-bug18141.el.gz") "Test file for bug#18141.") -- 2.38.1 [-- Attachment #2: Type: text/plain, Size: 1882 bytes --] Eli Zaretskii <eliz@gnu.org> writes: > This should explicitly allude to the '.dir-locals.el' files in those > directories, since otherwise talking about "directories that contain > variables" could be confusing. Fixed in v2. > I also suggest to rename the variable to something like > 'permanently-safe-local-variable-directories', or maybe just > 'safe-local-variable-directories' which IMO should express the purpose > better. I like 'safe-local-variable-directories', updated to use that. > We quote `like this' in doc strings, to produce links in the *Help* > buffers. Fixed. > The first line of a doc string should be a single complete sentence. > (This is because the various apropos commands show only the first line > of the doc string.) Fixed. > "permanently trust name" sounds confusing (what is "name"?). How > about this variant: > > + -- to apply the local variables list, and permanently trust > all directory-local variables in this directory "name" is a variable that gets expanded to the directory name, but it's redundant since it's already listed at the top. Updated to use your variant. > Bother: AFAIU here we modify the user's custom file without asking for > an explicit permission. Should we ask for permission? IMO they give sufficient permission when the use the "+" option. > Last, but not least: this change is larger than what we can accept > without you assigning to FSF the copyright for your changes, and I > don't see any copyright assignment in your name on file. Would you be > willing to do the legal paperwork for such an assignment? If yes, I > will send you the form to start the paperwork rolling; when it is > completed, we can install your changes. I sent the request-assign.future doc to the FSF assignment email earlier today, feel free to send me paperwork and I will fill it out. Thank you for the review. ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. 2023-03-02 17:09 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-02 18:04 ` Eli Zaretskii 2023-03-14 18:46 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 0 siblings, 1 reply; 16+ messages in thread From: Eli Zaretskii @ 2023-03-02 18:04 UTC (permalink / raw) To: Antero Mejr; +Cc: antero, 61901 > From: Antero Mejr <antero@mailbox.org> > Cc: Antero Mejr <antero@mailbox.org>, 61901@debbugs.gnu.org > Date: Thu, 02 Mar 2023 17:09:51 +0000 > > I sent the request-assign.future doc to the FSF assignment email earlier > today, feel free to send me paperwork and I will fill it out. That should be enough. If they don't respond within two weeks, ping them and CC me. Thanks. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. 2023-03-02 18:04 ` Eli Zaretskii @ 2023-03-14 18:46 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-14 19:48 ` Eli Zaretskii 0 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-14 18:46 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 61901 Eli Zaretskii <eliz@gnu.org> writes: >> I sent the request-assign.future doc to the FSF assignment email earlier >> today, feel free to send me paperwork and I will fill it out. > > That should be enough. If they don't respond within two weeks, ping > them and CC me. I signed and returned the full copyright assignment paperwork last week, so I assume that my copyright assignment is on file now. Let me know if this patch needs a v3 or if there is anything else before it can be applied, thanks. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable. 2023-03-14 18:46 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-03-14 19:48 ` Eli Zaretskii 0 siblings, 0 replies; 16+ messages in thread From: Eli Zaretskii @ 2023-03-14 19:48 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901 > From: Antero Mejr <antero@mailbox.org> > Cc: 61901@debbugs.gnu.org > Date: Tue, 14 Mar 2023 18:46:24 +0000 > > Eli Zaretskii <eliz@gnu.org> writes: > >> I sent the request-assign.future doc to the FSF assignment email earlier > >> today, feel free to send me paperwork and I will fill it out. > > > > That should be enough. If they don't respond within two weeks, ping > > them and CC me. > > I signed and returned the full copyright assignment paperwork last week, > so I assume that my copyright assignment is on file now. It isn't, not yet. You should receive another email with the assignment counter-signed by the FSF, and then it will be added to the DB. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-03-01 22:20 bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 6:57 ` Eli Zaretskii @ 2023-04-25 16:40 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-04-25 17:23 ` Eli Zaretskii 2023-05-09 21:29 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-04-25 16:40 UTC (permalink / raw) To: 61901 [-- Attachment #1: Type: text/plain, Size: 266 bytes --] Updated safe-local-variable-directories patch onto master and added bug number to commit message. Also should I use git --reroll-count to make v2 patches, v3, etc? If so then I included another patch to gitignore rerolled patches, otherwise please disregard it. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: v3-0001-Add-safe-local-variable-directories-variable.patch --] [-- Type: text/x-patch, Size: 7180 bytes --] From 21506c01f72b10fb69ede16333e4970c0c402851 Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Tue, 25 Apr 2023 15:30:16 +0000 Subject: [PATCH v3] Add safe-local-variable-directories variable. This variable can be set to automatically load risky dir-local variables from a list of trusted directories. * lisp/emacs-lisp/files.el (safe-local-variable-directories, hack-local-variables-filter, hack-local-variables-confirm): New variable and associated logic. * test/lisp/files-tests.el (files-tests-safe-local-variable-directories): Add tests for same. * doc/lispref/variables.texi (File Local Variables): Add documentation for same. * etc/NEWS (Lisp Changes in Emacs 30.1): Add news entry for same. (Bug#61901) --- doc/lispref/variables.texi | 7 +++++++ etc/NEWS | 5 +++++ lisp/files.el | 27 ++++++++++++++++++++++----- test/lisp/files-tests.el | 21 +++++++++++++++++++++ 4 files changed, 55 insertions(+), 5 deletions(-) diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index eadb5c36de6..7df41a7c997 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1977,6 +1977,13 @@ this can be controlled by using this variable, which is a list of symbols. @end defvar +@defvar safe-local-variable-directories +This is a list of directories where local variables are always enabled. +Directory-local variables loaded from these directories, such as the +variables in @file{.dir-locals.el}, will be enabled even if they are +risky. +@end defvar + @defun hack-local-variables &optional handle-mode This function parses, and binds or evaluates as appropriate, any local variables specified by the contents of the current buffer. The variable diff --git a/etc/NEWS b/etc/NEWS index d39343b8bd4..4eb3ab27139 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -375,6 +375,11 @@ hooks named after the feature name, like 'esh-mode-unload-hook'. \f * Lisp Changes in Emacs 30.1 ++++ +** New variable 'safe-local-variable-directories'. +This variable is used to to permanently trust directories containing +risky directory-local variables. + ** New variable 'inhibit-auto-fill' to temporarily prevent auto-fill. ** Functions and variables to transpose sexps diff --git a/lisp/files.el b/lisp/files.el index c6f53e5eaf8..3152fc61d9d 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -681,7 +681,8 @@ The command \\[normal-mode], when used interactively, always obeys file local variable specifications and the -*- line, and ignores this variable. -Also see the `permanently-enabled-local-variables' variable." +Also see the `permanently-enabled-local-variables' and +`safe-local-variable-directories' variables." :risky t :type '(choice (const :tag "Query Unsafe" t) (const :tag "Safe Only" :safe) @@ -3696,6 +3697,15 @@ variable to set.") "A list of file-local variables that are always enabled. This overrides any `enable-local-variables' setting.") +(defcustom safe-local-variable-directories '() + "A list of directories where local variables are always enabled. +Directory-local variables loaded from these directories, such as the +variables in .dir-locals.el, will be enabled even if they are risky." + :version "30.1" + :type '(repeat string) + :risky t + :group 'find-file) + (defun hack-local-variables-confirm (all-vars unsafe-vars risky-vars dir-name) "Get confirmation before setting up local variable values. ALL-VARS is the list of all variables to be set up. @@ -3734,7 +3744,9 @@ n -- to ignore the local variables list.") ! -- to apply the local variables list, and permanently mark these values (*) as safe (in the future, they will be set automatically.) i -- to ignore the local variables list, and permanently mark these - values (*) as ignored\n\n") + values (*) as ignored ++ -- to apply the local variables list, and permanently trust all + directory-local variables in this directory\n\n") (insert "\n\n")) (dolist (elt all-vars) (cond ((member elt unsafe-vars) @@ -3758,7 +3770,7 @@ i -- to ignore the local variables list, and permanently mark these (pop-to-buffer buf '(display-buffer--maybe-at-bottom)) (let* ((exit-chars '(?y ?n ?\s)) (prompt (format "Please type %s%s: " - (if offer-save "y, n, ! or i" "y or n") + (if offer-save "y, n, !, i, or +" "y or n") (if (< (line-number-at-pos (point-max)) (window-body-height)) "" @@ -3766,8 +3778,12 @@ i -- to ignore the local variables list, and permanently mark these char) (when offer-save (push ?i exit-chars) - (push ?! exit-chars)) + (push ?! exit-chars) + (push ?+ exit-chars)) (setq char (read-char-choice prompt exit-chars)) + (when (and offer-save (= char ?+)) + (customize-push-and-save 'safe-local-variable-directories + (list dir-name))) (when (and offer-save (or (= char ?!) (= char ?i)) unsafe-vars) @@ -3776,7 +3792,7 @@ i -- to ignore the local variables list, and permanently mark these 'safe-local-variable-values 'ignored-local-variable-values) unsafe-vars)) - (prog1 (memq char '(?! ?\s ?y)) + (prog1 (memq char '(?! ?\s ?y ?+)) (quit-window t))))))) (defconst hack-local-variable-regexp @@ -3908,6 +3924,7 @@ DIR-NAME is the name of the associated directory. Otherwise it is nil." (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) + (member dir-name safe-local-variable-directories) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) diff --git a/test/lisp/files-tests.el b/test/lisp/files-tests.el index aadb60e1de7..af74a8b1ecf 100644 --- a/test/lisp/files-tests.el +++ b/test/lisp/files-tests.el @@ -166,6 +166,27 @@ form.") (hack-local-variables) (should (eq lexical-binding nil))))) +(ert-deftest files-tests-safe-local-variable-directories () + ;; safe-local-variable-directories should be risky, + ;; so use it as an arbitrary risky variable. + (let ((test-alist '((safe-local-variable-directories . "some_val"))) + (fakedir "test1/test2") + (enable-local-eval t)) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (hack-local-variables-filter test-alist fakedir) + (should (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (setq noninteractive t) + (hack-local-variables-filter test-alist "wrong") + (should-not (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories '()) + (setq noninteractive t) + (hack-local-variables-filter test-alist fakedir) + (should-not (equal file-local-variables-alist test-alist))))) + (defvar files-test-bug-18141-file (ert-resource-file "files-bug18141.el.gz") "Test file for bug#18141.") -- 2.39.2 [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #3: 0001-Ignore-rerolled-patches.patch --] [-- Type: text/x-patch, Size: 608 bytes --] From e847ad3f782304f210c318502da031d8a810834f Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Tue, 25 Apr 2023 15:33:18 +0000 Subject: [PATCH] Ignore rerolled patches. * .gitignore (Version control and locks): Ignore .patch files that start with "v" and a number 0-99. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b09a0c030b3..139eb49ba41 100644 --- a/.gitignore +++ b/.gitignore @@ -283,6 +283,8 @@ gnustmp* \#*\# ChangeLog [0-9]*.patch +v[0-9]-[0-9]*.patch +v[0-9][0-9]-[0-9]*.patch [0-9]*.txt /vc-dwim-log-* -- 2.39.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-04-25 16:40 ` bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-04-25 17:23 ` Eli Zaretskii 0 siblings, 0 replies; 16+ messages in thread From: Eli Zaretskii @ 2023-04-25 17:23 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901 > Date: Tue, 25 Apr 2023 16:40:07 +0000 > From: Antero Mejr via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org> > > Updated safe-local-variable-directories patch onto master and added bug > number to commit message. Thanks, see some comments below. > Also should I use git --reroll-count to make v2 patches, v3, etc? You don't have to. The version part is removed by "git am" anyway, and it is not important for patch review here. > --- a/doc/lispref/variables.texi > +++ b/doc/lispref/variables.texi > @@ -1977,6 +1977,13 @@ this can be controlled by using this variable, which is a list of > symbols. > @end defvar > > +@defvar safe-local-variable-directories > +This is a list of directories where local variables are always enabled. > +Directory-local variables loaded from these directories, such as the > +variables in @file{.dir-locals.el}, will be enabled even if they are > +risky. > +@end defvar This variable should also be documented in the Emacs user manual, not only in the ELisp Reference manual -- it's a user option, and a very important one at that. > ++++ > +** New variable 'safe-local-variable-directories'. > +This variable is used to to permanently trust directories containing > +risky directory-local variables. I would rephrase: This variable names directories in which Emacs will treat all directory-local variables as safe. > ALL-VARS is the list of all variables to be set up. > @@ -3734,7 +3744,9 @@ n -- to ignore the local variables list.") > ! -- to apply the local variables list, and permanently mark these > values (*) as safe (in the future, they will be set automatically.) > i -- to ignore the local variables list, and permanently mark these > - values (*) as ignored\n\n") > + values (*) as ignored > ++ -- to apply the local variables list, and permanently trust all > + directory-local variables in this directory\n\n") I would remove the "permanently" part, it would just confuse here. > @@ -3908,6 +3924,7 @@ DIR-NAME is the name of the associated directory. Otherwise it is nil." > (null unsafe-vars) > (null risky-vars)) > (memq enable-local-variables '(:all :safe)) > + (member dir-name safe-local-variable-directories) If you use 'member' for this test, then (a) the documentation of safe-local-variable-directories should explicitly say that the directories in the list must be in full absolute form, and (b) we should consider the various issues with file names that are not 'equal' as strings, but still name the same directory, such as letter-case differences on case-insensitive filesystems. And what about equality of "foo/" "and "foo"? Also, is 'dir-name' above guaranteed to be a fully-expanded absolute file name? > +(ert-deftest files-tests-safe-local-variable-directories () > + ;; safe-local-variable-directories should be risky, > + ;; so use it as an arbitrary risky variable. > + (let ((test-alist '((safe-local-variable-directories . "some_val"))) > + (fakedir "test1/test2") > + (enable-local-eval t)) > + (with-temp-buffer > + (setq safe-local-variable-directories (list fakedir)) The test should use absolute directory names for directories you put into safe-local-variable-directories. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-03-01 22:20 bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 6:57 ` Eli Zaretskii 2023-04-25 16:40 ` bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-09 21:29 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 13:55 ` Eli Zaretskii 2 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-09 21:29 UTC (permalink / raw) To: eliz; +Cc: 61901 [-- Attachment #1: Type: text/plain, Size: 3136 bytes --] >> +@defvar safe-local-variable-directories >> +This is a list of directories where local variables are always enabled. >> +Directory-local variables loaded from these directories, such as the >> +variables in @file{.dir-locals.el}, will be enabled even if they are >> +risky. >> +@end defvar > >This variable should also be documented in the Emacs user manual, not >only in the ELisp Reference manual -- it's a user option, and a very >important one at that. Added to the manual in custom.texi "Safe File Variables" subsection. >> ++++ >> +** New variable 'safe-local-variable-directories'. >> +This variable is used to to permanently trust directories containing >> +risky directory-local variables. > >I would rephrase: > > This variable names directories in which Emacs will treat all > directory-local variables as safe. Fixed in attached patch. >> ALL-VARS is the list of all variables to be set up. >> @@ -3734,7 +3744,9 @@ n -- to ignore the local variables list.") >> ! -- to apply the local variables list, and permanently mark these >> values (*) as safe (in the future, they will be set automatically.) >> i -- to ignore the local variables list, and permanently mark these >> - values (*) as ignored\n\n") >> + values (*) as ignored >> ++ -- to apply the local variables list, and permanently trust all >> + directory-local variables in this directory\n\n") > >I would remove the "permanently" part, it would just confuse here. Fixed. >> @@ -3908,6 +3924,7 @@ DIR-NAME is the name of the associated directory. >> Otherwise it is nil." >> (null unsafe-vars) >> (null risky-vars)) >> (memq enable-local-variables '(:all :safe)) >> + (member dir-name safe-local-variable-directories) > >If you use 'member' for this test, then (a) the documentation of >safe-local-variable-directories should explicitly say that the >directories in the list must be in full absolute form, and (b) we >should consider the various issues with file names that are not >'equal' as strings, but still name the same directory, such as >letter-case differences on case-insensitive filesystems. And what >about equality of "foo/" "and "foo"? Clarified the documentation. The directory path requires a trailing separator, and is case-sensitive regardless of the filesystem (tested on vFAT). >Also, is 'dir-name' above guaranteed to be a fully-expanded absolute >file name? Yes. For TRAMP connections it's a string with text properties, but it's the same equality-wise. #("/ssh:user:/home/user/src/" 5 6 (tramp-default t)) >> +(ert-deftest files-tests-safe-local-variable-directories () >> + ;; safe-local-variable-directories should be risky, >> + ;; so use it as an arbitrary risky variable. >> + (let ((test-alist '((safe-local-variable-directories . "some_val"))) >> + (fakedir "test1/test2") >> + (enable-local-eval t)) >> + (with-temp-buffer >> + (setq safe-local-variable-directories (list fakedir)) > >The test should use absolute directory names for directories you put >into safe-local-variable-directories. Fixed. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-Add-safe-local-variable-directories-variable.patch --] [-- Type: text/x-patch, Size: 9984 bytes --] From 4ecb9ebc01c856f896ed2fee110b491209e23c4e Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Tue, 9 May 2023 20:51:14 +0000 Subject: [PATCH] Add safe-local-variable-directories variable. This variable can be set to automatically load risky dir-local variables from a list of trusted directories. * lisp/emacs-lisp/files.el (safe-local-variable-directories, hack-local-variables-filter, hack-local-variables-confirm): New variable and associated logic. * test/lisp/files-tests.el (files-tests-safe-local-variable-directories): Add tests for same. * doc/emacs/custom.texi (Safe File Variables): Add documentation for same. * doc/lispref/variables.texi (File Local Variables): Add documentation for same. * etc/NEWS (Lisp Changes in Emacs 30.1): Add news entry for same. (Bug#61901) --- doc/emacs/custom.texi | 22 ++++++++++++++++++++++ doc/lispref/variables.texi | 12 ++++++++++++ etc/NEWS | 5 +++++ lisp/files.el | 34 +++++++++++++++++++++++++++++----- test/lisp/files-tests.el | 21 +++++++++++++++++++++ 5 files changed, 89 insertions(+), 5 deletions(-) diff --git a/doc/emacs/custom.texi b/doc/emacs/custom.texi index 87290734cc9..2ddd39be31f 100644 --- a/doc/emacs/custom.texi +++ b/doc/emacs/custom.texi @@ -1328,6 +1328,13 @@ pairs in the file, by typing @kbd{i} at the confirmation prompt -- these pairs will thereafter be ignored in this file and in all other files. + For directory-local variable/value pairs +(@pxref{Directory Variables}), typing @kbd{+} at the confirmation +prompt will set all the variable/value pairs, and recognize all +variables in that directory as safe in the future. This option should +only be used for directories whose contents you trust. The @kbd{+} +confirmation prompt option is not available for file-local variables. + @vindex safe-local-variable-values @vindex ignored-local-variable-values @cindex risky variable @@ -1344,6 +1351,21 @@ record safe values for risky variables, do it directly by customizing Similarly, if you want to record values of risky variables that should be permanently ignored, customize @code{ignored-local-variable-values}. +@vindex safe-local-variable-directories + Sometimes it is helpful to always trust risky variables in a certain +directory, and skip the confirmation prompt when directory-local +variables are loaded there. When @kbd{+} is pressed at the risky +variable confirmation prompt, the directory in question is added to +the @samp{safe-local-variable-directories} variable, and risky +directory-local variables there will be loaded without prompting in +the future. If customizing @samp{safe-local-variable-directories} +manually, the directories in this list must be fully-expanded absolute +paths that end in a directory separator character. Directory paths +may be remote directory paths (@pxref{Remote Files}), if the +@code{enable-remote-dir-locals} variable is set to @code{t}. +Directory paths in this list are case-sensitive, even if the +filesystem is not. + @vindex enable-local-variables The variable @code{enable-local-variables} allows you to change the way Emacs processes local variables. Its default value is @code{t}, diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index eadb5c36de6..52a94db3703 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1977,6 +1977,18 @@ this can be controlled by using this variable, which is a list of symbols. @end defvar +@defvar safe-local-variable-directories +This is a list of directories where local variables are always +enabled. Directory-local variables loaded from these directories, +such as the variables in @file{.dir-locals.el}, will be enabled even +if they are risky. The directories in this list must be +fully-expanded absolute paths that end in a directory separator +character. They may also be remote directory paths if the +@code{enable-remote-dir-locals} variable is set to @code{t}. +Directory paths in this list are case-sensitive, even if the +filesystem is not. +@end defvar + @defun hack-local-variables &optional handle-mode This function parses, and binds or evaluates as appropriate, any local variables specified by the contents of the current buffer. The variable diff --git a/etc/NEWS b/etc/NEWS index 3c71e52fff4..3bef9d2ed2a 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -380,6 +380,11 @@ hooks named after the feature name, like 'esh-mode-unload-hook'. \f * Lisp Changes in Emacs 30.1 ++++ +** New variable 'safe-local-variable-directories'. +This variable names directories in which Emacs will treat all +directory-local variables as safe. + ** New variable 'inhibit-auto-fill' to temporarily prevent auto-fill. ** Functions and variables to transpose sexps diff --git a/lisp/files.el b/lisp/files.el index c6f53e5eaf8..aa01e638c98 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -681,7 +681,8 @@ The command \\[normal-mode], when used interactively, always obeys file local variable specifications and the -*- line, and ignores this variable. -Also see the `permanently-enabled-local-variables' variable." +Also see the `permanently-enabled-local-variables' and +`safe-local-variable-directories' variables." :risky t :type '(choice (const :tag "Query Unsafe" t) (const :tag "Safe Only" :safe) @@ -3696,6 +3697,15 @@ variable to set.") "A list of file-local variables that are always enabled. This overrides any `enable-local-variables' setting.") +(defcustom safe-local-variable-directories '() + "A list of directories where local variables are always enabled. +Directory-local variables loaded from these directories, such as the +variables in .dir-locals.el, will be enabled even if they are risky." + :version "30.1" + :type '(repeat string) + :risky t + :group 'find-file) + (defun hack-local-variables-confirm (all-vars unsafe-vars risky-vars dir-name) "Get confirmation before setting up local variable values. ALL-VARS is the list of all variables to be set up. @@ -3734,7 +3744,11 @@ n -- to ignore the local variables list.") ! -- to apply the local variables list, and permanently mark these values (*) as safe (in the future, they will be set automatically.) i -- to ignore the local variables list, and permanently mark these - values (*) as ignored\n\n") + values (*) as ignored" + (if dir-name " ++ -- to apply the local variables list, and trust all directory-local + variables in this directory\n\n" + "\n\n")) (insert "\n\n")) (dolist (elt all-vars) (cond ((member elt unsafe-vars) @@ -3758,7 +3772,11 @@ i -- to ignore the local variables list, and permanently mark these (pop-to-buffer buf '(display-buffer--maybe-at-bottom)) (let* ((exit-chars '(?y ?n ?\s)) (prompt (format "Please type %s%s: " - (if offer-save "y, n, ! or i" "y or n") + (if offer-save + (if dir-name + "y, n, !, i, +" + "y, n, !, i") + "y or n") (if (< (line-number-at-pos (point-max)) (window-body-height)) "" @@ -3766,8 +3784,13 @@ i -- to ignore the local variables list, and permanently mark these char) (when offer-save (push ?i exit-chars) - (push ?! exit-chars)) + (push ?! exit-chars) + (when dir-name + (push ?+ exit-chars))) (setq char (read-char-choice prompt exit-chars)) + (when (and offer-save dir-name (= char ?+)) + (customize-push-and-save 'safe-local-variable-directories + (list dir-name))) (when (and offer-save (or (= char ?!) (= char ?i)) unsafe-vars) @@ -3776,7 +3799,7 @@ i -- to ignore the local variables list, and permanently mark these 'safe-local-variable-values 'ignored-local-variable-values) unsafe-vars)) - (prog1 (memq char '(?! ?\s ?y)) + (prog1 (memq char '(?! ?\s ?y ?+)) (quit-window t))))))) (defconst hack-local-variable-regexp @@ -3908,6 +3931,7 @@ DIR-NAME is the name of the associated directory. Otherwise it is nil." (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) + (member dir-name safe-local-variable-directories) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) diff --git a/test/lisp/files-tests.el b/test/lisp/files-tests.el index aadb60e1de7..e87bb3cfa0a 100644 --- a/test/lisp/files-tests.el +++ b/test/lisp/files-tests.el @@ -166,6 +166,27 @@ form.") (hack-local-variables) (should (eq lexical-binding nil))))) +(ert-deftest files-tests-safe-local-variable-directories () + ;; safe-local-variable-directories should be risky, + ;; so use it as an arbitrary risky variable. + (let ((test-alist '((safe-local-variable-directories . "some_val"))) + (fakedir "/test1/test2/") + (enable-local-eval t)) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (hack-local-variables-filter test-alist fakedir) + (should (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories (list fakedir)) + (setq noninteractive t) + (hack-local-variables-filter test-alist "wrong") + (should-not (equal file-local-variables-alist test-alist))) + (with-temp-buffer + (setq safe-local-variable-directories '()) + (setq noninteractive t) + (hack-local-variables-filter test-alist fakedir) + (should-not (equal file-local-variables-alist test-alist))))) + (defvar files-test-bug-18141-file (ert-resource-file "files-bug18141.el.gz") "Test file for bug#18141.") -- 2.39.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-09 21:29 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 13:55 ` Eli Zaretskii [not found] ` <87ilcy3mdt.fsf@mailbox.org> 0 siblings, 1 reply; 16+ messages in thread From: Eli Zaretskii @ 2023-05-11 13:55 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901-done > From: Antero Mejr <antero@mailbox.org> > Cc: 61901@debbugs.gnu.org > Date: Tue, 09 May 2023 21:29:54 +0000 > > >> +@defvar safe-local-variable-directories > >> +This is a list of directories where local variables are always enabled. > >> +Directory-local variables loaded from these directories, such as the > >> +variables in @file{.dir-locals.el}, will be enabled even if they are > >> +risky. > >> +@end defvar > > > >This variable should also be documented in the Emacs user manual, not > >only in the ELisp Reference manual -- it's a user option, and a very > >important one at that. > > Added to the manual in custom.texi "Safe File Variables" subsection. > > >> ++++ > >> +** New variable 'safe-local-variable-directories'. > >> +This variable is used to to permanently trust directories containing > >> +risky directory-local variables. > > > >I would rephrase: > > > > This variable names directories in which Emacs will treat all > > directory-local variables as safe. > > Fixed in attached patch. > > >> ALL-VARS is the list of all variables to be set up. > >> @@ -3734,7 +3744,9 @@ n -- to ignore the local variables list.") > >> ! -- to apply the local variables list, and permanently mark these > >> values (*) as safe (in the future, they will be set automatically.) > >> i -- to ignore the local variables list, and permanently mark these > >> - values (*) as ignored\n\n") > >> + values (*) as ignored > >> ++ -- to apply the local variables list, and permanently trust all > >> + directory-local variables in this directory\n\n") > > > >I would remove the "permanently" part, it would just confuse here. > > Fixed. > > >> @@ -3908,6 +3924,7 @@ DIR-NAME is the name of the associated directory. > >> Otherwise it is nil." > >> (null unsafe-vars) > >> (null risky-vars)) > >> (memq enable-local-variables '(:all :safe)) > >> + (member dir-name safe-local-variable-directories) > > > >If you use 'member' for this test, then (a) the documentation of > >safe-local-variable-directories should explicitly say that the > >directories in the list must be in full absolute form, and (b) we > >should consider the various issues with file names that are not > >'equal' as strings, but still name the same directory, such as > >letter-case differences on case-insensitive filesystems. And what > >about equality of "foo/" "and "foo"? > > Clarified the documentation. The directory path requires a trailing > separator, and is case-sensitive regardless of the filesystem (tested > on vFAT). > > >Also, is 'dir-name' above guaranteed to be a fully-expanded absolute > >file name? > > Yes. For TRAMP connections it's a string with text properties, but it's > the same equality-wise. > > #("/ssh:user:/home/user/src/" 5 6 (tramp-default t)) > > >> +(ert-deftest files-tests-safe-local-variable-directories () > >> + ;; safe-local-variable-directories should be risky, > >> + ;; so use it as an arbitrary risky variable. > >> + (let ((test-alist '((safe-local-variable-directories . "some_val"))) > >> + (fakedir "test1/test2") > >> + (enable-local-eval t)) > >> + (with-temp-buffer > >> + (setq safe-local-variable-directories (list fakedir)) > > > >The test should use absolute directory names for directories you put > >into safe-local-variable-directories. > > Fixed. Thanks, I installed this on the master branch, and I'm therefore closing this bug. Please note some minor changes I made in the documentation parts of the changeset, the most notable one being the use of "path" to allude to file names or directory names: the Gnu Coding Standards frown on that. We use "path" only for lists of directories in the style of PATH environment variable or load-path Lisp variable. Thanks again for working on this feature. ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87ilcy3mdt.fsf@mailbox.org>]
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. [not found] ` <87ilcy3mdt.fsf@mailbox.org> @ 2023-05-11 16:10 ` Eli Zaretskii 2023-05-11 17:49 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 0 siblings, 1 reply; 16+ messages in thread From: Eli Zaretskii @ 2023-05-11 16:10 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901 > From: Antero Mejr <antero@mailbox.org> > Date: Thu, 11 May 2023 15:42:38 +0000 > > Thanks. I looked it over and found a typo. Patch is attached. Thanks, I removed the redundant text (not exactly the one you proposed to remove). It was your original text, which I replaced with modified one, left there by mistake. > diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi > index b3a8cd8110c..28deddf985d 100644 > --- a/doc/lispref/variables.texi > +++ b/doc/lispref/variables.texi > @@ -1986,7 +1986,7 @@ fully-expanded absolute file names that end in a directory separator > character. They may also be remote directories if the variable > @code{enable-remote-dir-locals} is set non-@code{nil}. Directories in > this list are matched case-sensitively, even if the filesystem is > -case-sensitive. > +case-insensitive. > @end defvar This actually means that I misunderstood the code. Now that I see the truth, why is it a good idea to compare directories case-sensitively when the filesystem is not? That's not something users will expect. (And why private email? Please keep the bug address on the CC list.) ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-11 16:10 ` Eli Zaretskii @ 2023-05-11 17:49 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 18:11 ` Eli Zaretskii 0 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 17:49 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 61901 Eli Zaretskii <eliz@gnu.org> writes: >> diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi >> index b3a8cd8110c..28deddf985d 100644 >> --- a/doc/lispref/variables.texi >> +++ b/doc/lispref/variables.texi >> @@ -1986,7 +1986,7 @@ fully-expanded absolute file names that end in a >> directory separator >> character. They may also be remote directories if the variable >> @code{enable-remote-dir-locals} is set non-@code{nil}. Directories in >> this list are matched case-sensitively, even if the filesystem is >> -case-sensitive. >> +case-insensitive. >> @end defvar > > This actually means that I misunderstood the code. Now that I see the > truth, why is it a good idea to compare directories case-sensitively > when the filesystem is not? That's not something users will expect. What if a directory's case sensitivity changes so that it previously did not match, but now does? This could happen with Windows per-directory case sensitivity modifications, mounted disks, or remote paths. To accurately assess if a directory name matches with possible case-sensitivity, the process would be: 1. check the case-sensitivity of the filesystem 2. If case insensitive, check the case-sensitivity of each subdirectory (using Windows queryCaseSensitiveInfo if applicable) 3. map over the components of the directory name, checking each subdirectory with the correct case-sensitivity setting That logic would be difficult for users to reason about, so for features with security considerations like this I think it's better to err on the side of safety and simplicity even if the behavior is stricter than expected. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-11 17:49 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 18:11 ` Eli Zaretskii 2023-05-11 20:11 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 0 siblings, 1 reply; 16+ messages in thread From: Eli Zaretskii @ 2023-05-11 18:11 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901 > From: Antero Mejr <antero@mailbox.org> > Cc: 61901@debbugs.gnu.org > Date: Thu, 11 May 2023 17:49:50 +0000 > > Eli Zaretskii <eliz@gnu.org> writes: > > > This actually means that I misunderstood the code. Now that I see the > > truth, why is it a good idea to compare directories case-sensitively > > when the filesystem is not? That's not something users will expect. > > What if a directory's case sensitivity changes so that it previously did > not match, but now does? This could happen with Windows per-directory > case sensitivity modifications, mounted disks, or remote paths. > > To accurately assess if a directory name matches with possible > case-sensitivity, the process would be: > 1. check the case-sensitivity of the filesystem > 2. If case insensitive, check the case-sensitivity of each subdirectory > (using Windows queryCaseSensitiveInfo if applicable) > 3. map over the components of the directory name, checking each subdirectory > with the correct case-sensitivity setting > > That logic would be difficult for users to reason about, so for features > with security considerations like this I think it's better to err on the > side of safety and simplicity even if the behavior is stricter than > expected. We already have all that in file-equal-p. We should just use is there. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-11 18:11 ` Eli Zaretskii @ 2023-05-11 20:11 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 21:38 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 0 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 20:11 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 61901 [-- Attachment #1: Type: text/plain, Size: 808 bytes --] Eli Zaretskii <eliz@gnu.org> writes: >> > This actually means that I misunderstood the code. Now that I see the >> > truth, why is it a good idea to compare directories case-sensitively >> > when the filesystem is not? That's not something users will expect. >> >> To accurately assess if a directory name matches with possible >> case-sensitivity, the process would be: >> 1. check the case-sensitivity of the filesystem >> 2. If case insensitive, check the case-sensitivity of each subdirectory >> (using Windows queryCaseSensitiveInfo if applicable) >> 3. map over the components of the directory name, checking each subdirectory >> with the correct case-sensitivity setting > > We already have all that in file-equal-p. We should just use is > there. Ok, patch is attached (tested on FAT32 disk). [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-Handle-case-insensitivity-for-safe-local-variable-di.patch --] [-- Type: text/x-patch, Size: 2067 bytes --] From 338629b4dc6da17460c96a19178307e6db4bd5d8 Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Thu, 11 May 2023 19:22:49 +0000 Subject: [PATCH] Handle case-insensitivity for safe-local-variable-directories. * lisp/emacs-lisp/files.el (hack-local-variables-filter): Use file-equal-p when checking safe-local-variable-directories. * doc/lispref/variables.texi (File Local Variables): Remove sentence in safe-local-variable-directories description about unusual case-sensitivity behavior. (Bug#61901) --- doc/lispref/variables.texi | 4 +--- lisp/files.el | 4 +++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index b3a8cd8110c..d8f0ad489bc 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1984,9 +1984,7 @@ such as the variables in @file{.dir-locals.el}, will be enabled even if they are risky. The directories in this list must be fully-expanded absolute file names that end in a directory separator character. They may also be remote directories if the variable -@code{enable-remote-dir-locals} is set non-@code{nil}. Directories in -this list are matched case-sensitively, even if the filesystem is -case-sensitive. +@code{enable-remote-dir-locals} is set non-@code{nil}. @end defvar @defun hack-local-variables &optional handle-mode diff --git a/lisp/files.el b/lisp/files.el index 35d794f6dcf..a3e7e2bd65d 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -3934,7 +3934,9 @@ DIR-NAME is the name of the associated directory. Otherwise it is nil." (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) - (member dir-name safe-local-variable-directories) + (delq nil (mapcar (lambda (dir) + (file-equal-p dir dir-name)) + safe-local-variable-directories)) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) -- 2.39.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-11 20:11 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 21:38 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-12 11:09 ` Eli Zaretskii 0 siblings, 1 reply; 16+ messages in thread From: Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-11 21:38 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 61901 [-- Attachment #1: Type: text/plain, Size: 1041 bytes --] Antero Mejr <antero@mailbox.org> writes: > Eli Zaretskii <eliz@gnu.org> writes: > >>> > This actually means that I misunderstood the code. Now that I see the >>> > truth, why is it a good idea to compare directories case-sensitively >>> > when the filesystem is not? That's not something users will expect. >>> >>> To accurately assess if a directory name matches with possible >>> case-sensitivity, the process would be: >>> 1. check the case-sensitivity of the filesystem >>> 2. If case insensitive, check the case-sensitivity of each subdirectory >>> (using Windows queryCaseSensitiveInfo if applicable) >>> 3. map over the components of the directory name, checking each subdirectory >>> with the correct case-sensitivity setting >> >> We already have all that in file-equal-p. We should just use is >> there. > > Ok, patch is attached (tested on FAT32 disk). Please ignore that last patch, here is a corrected version with updated docs. Since file-equal-p handles the trailing slash, now it doesn't matter if there is/isn't one. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-Handle-case-insensitivity-for-safe-local-variable-di.patch --] [-- Type: text/x-patch, Size: 3495 bytes --] From 175280bff2574cc7b826025903d4ca1802b7c5e6 Mon Sep 17 00:00:00 2001 From: Antero Mejr <antero@mailbox.org> Date: Thu, 11 May 2023 19:22:49 +0000 Subject: [PATCH] Handle case-insensitivity for safe-local-variable-directories. * lisp/emacs-lisp/files.el (hack-local-variables-filter): Use file-equal-p when checking safe-local-variable-directories. * doc/lispref/variables.texi (File Local Variables): Remove sentences in safe-local-variable-directories description about case-sensitivity and trailing slash behaviors. * doc/emacs/custom.texi (Safe File Variables): Remove sentence about safe-local-variable-directories trailing slash behavior. (Bug#61901) --- doc/emacs/custom.texi | 7 +++---- doc/lispref/variables.texi | 8 +++----- lisp/files.el | 5 ++++- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/emacs/custom.texi b/doc/emacs/custom.texi index d8abf81c75f..d8221f51425 100644 --- a/doc/emacs/custom.texi +++ b/doc/emacs/custom.texi @@ -1359,10 +1359,9 @@ certain directories, and skip the confirmation prompt when local variables are loaded from those directories, even if the variables are risky. The variable @code{safe-local-variable-directories} holds the list of such directories. The names of the directories in this list -must be full absolute file names, and should end in a slash. If the -variable @code{enable-remote-dir-locals} has a non-@code{nil} value, -the list can include remote directories as well (@pxref{Remote -Files}). +must be full absolute file names. If the variable +@code{enable-remote-dir-locals} has a non-@code{nil} value, the list +can include remote directories as well (@pxref{Remote Files}). @vindex enable-local-variables The variable @code{enable-local-variables} allows you to change the diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index b3a8cd8110c..4eda035473e 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1982,11 +1982,9 @@ This is a list of directories where local variables are always enabled. Directory-local variables loaded from these directories, such as the variables in @file{.dir-locals.el}, will be enabled even if they are risky. The directories in this list must be -fully-expanded absolute file names that end in a directory separator -character. They may also be remote directories if the variable -@code{enable-remote-dir-locals} is set non-@code{nil}. Directories in -this list are matched case-sensitively, even if the filesystem is -case-sensitive. +fully-expanded absolute file names. They may also be remote +directories if the variable @code{enable-remote-dir-locals} is set +non-@code{nil}. @end defvar @defun hack-local-variables &optional handle-mode diff --git a/lisp/files.el b/lisp/files.el index 35d794f6dcf..148f47cbc97 100644 --- a/lisp/files.el +++ b/lisp/files.el @@ -3934,7 +3934,10 @@ DIR-NAME is the name of the associated directory. Otherwise it is nil." (null unsafe-vars) (null risky-vars)) (memq enable-local-variables '(:all :safe)) - (member dir-name safe-local-variable-directories) + (delq nil (mapcar (lambda (dir) + (and dir-name dir + (file-equal-p dir dir-name))) + safe-local-variable-directories)) (hack-local-variables-confirm all-vars unsafe-vars risky-vars dir-name)) (dolist (elt all-vars) -- 2.39.2 ^ permalink raw reply related [flat|nested] 16+ messages in thread
* bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable. 2023-05-11 21:38 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2023-05-12 11:09 ` Eli Zaretskii 0 siblings, 0 replies; 16+ messages in thread From: Eli Zaretskii @ 2023-05-12 11:09 UTC (permalink / raw) To: Antero Mejr; +Cc: 61901-done > From: Antero Mejr <antero@mailbox.org> > Cc: 61901@debbugs.gnu.org > Date: Thu, 11 May 2023 21:38:33 +0000 > > Please ignore that last patch, here is a corrected version with updated > docs. Since file-equal-p handles the trailing slash, now it doesn't > matter if there is/isn't one. Thanks, installed. This change broke files-tests, so I installed a fix there. ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2023-05-12 11:09 UTC | newest] Thread overview: 16+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-03-01 22:20 bug#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 6:57 ` Eli Zaretskii 2023-03-02 17:09 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-02 18:04 ` Eli Zaretskii 2023-03-14 18:46 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-03-14 19:48 ` Eli Zaretskii 2023-04-25 16:40 ` bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories variable Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-04-25 17:23 ` Eli Zaretskii 2023-05-09 21:29 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 13:55 ` Eli Zaretskii [not found] ` <87ilcy3mdt.fsf@mailbox.org> 2023-05-11 16:10 ` Eli Zaretskii 2023-05-11 17:49 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 18:11 ` Eli Zaretskii 2023-05-11 20:11 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-11 21:38 ` Antero Mejr via Bug reports for GNU Emacs, the Swiss army knife of text editors 2023-05-12 11:09 ` Eli Zaretskii
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).