GNU bug report logs - #61901
30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Antero Mejr <antero <at> mailbox.org>
Subject: bug#61901: closed (Re: bug#61901: 30.0.50; [PATCH v3] Add
 safe-local-variable-directories variable.)
Date: Thu, 11 May 2023 13:55:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#61901: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable.

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 61901 <at> debbugs.gnu.org.

-- 
61901: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=61901
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: Antero Mejr <antero <at> mailbox.org>
Cc: 61901-done <at> debbugs.gnu.org
Subject: Re: bug#61901: 30.0.50; [PATCH v3] Add safe-local-variable-directories
 variable.
Date: Thu, 11 May 2023 16:55:54 +0300

> From: Antero Mejr <antero <at> mailbox.org>
> Cc: 61901 <at> debbugs.gnu.org
> Date: Tue, 09 May 2023 21:29:54 +0000
> 
> >> +@defvar safe-local-variable-directories
> >> +This is a list of directories where local variables are always enabled.
> >> +Directory-local variables loaded from these directories, such as the
> >> +variables in @file{.dir-locals.el}, will be enabled even if they are
> >> +risky.
> >> +@end defvar
> >
> >This variable should also be documented in the Emacs user manual, not
> >only in the ELisp Reference manual -- it's a user option, and a very
> >important one at that.
> 
> Added to the manual in custom.texi "Safe File Variables" subsection.
> 
> >> ++++
> >> +** New variable 'safe-local-variable-directories'.
> >> +This variable is used to to permanently trust directories containing
> >> +risky directory-local variables.
> >
> >I would rephrase:
> >
> >  This variable names directories in which Emacs will treat all
> >  directory-local variables as safe.
> 
> Fixed in attached patch.
> 
> >>  ALL-VARS is the list of all variables to be set up.
> >> @@ -3734,7 +3744,9 @@ n  -- to ignore the local variables list.")
> >>  !  -- to apply the local variables list, and permanently mark these
> >>        values (*) as safe (in the future, they will be set automatically.)
> >>  i  -- to ignore the local variables list, and permanently mark these
> >> -      values (*) as ignored\n\n")
> >> +      values (*) as ignored
> >> ++  -- to apply the local variables list, and permanently trust all
> >> +      directory-local variables in this directory\n\n")
> >
> >I would remove the "permanently" part, it would just confuse here.
> 
> Fixed.
> 
> >> @@ -3908,6 +3924,7 @@ DIR-NAME is the name of the associated directory.  
> >> Otherwise it is nil."
> >>                 (null unsafe-vars)
> >>                 (null risky-vars))
> >>            (memq enable-local-variables '(:all :safe))
> >> +             (member dir-name safe-local-variable-directories)
> >
> >If you use 'member' for this test, then (a) the documentation of
> >safe-local-variable-directories should explicitly say that the
> >directories in the list must be in full absolute form, and (b) we
> >should consider the various issues with file names that are not
> >'equal' as strings, but still name the same directory, such as
> >letter-case differences on case-insensitive filesystems.  And what
> >about equality of "foo/" "and "foo"?
> 
> Clarified the documentation. The directory path requires a trailing
> separator, and is case-sensitive regardless of the filesystem (tested
> on vFAT).
> 
> >Also, is 'dir-name' above guaranteed to be a fully-expanded absolute
> >file name?
> 
> Yes. For TRAMP connections it's a string with text properties, but it's
> the same equality-wise.
> 
> #("/ssh:user:/home/user/src/" 5 6 (tramp-default t))
> 
> >> +(ert-deftest files-tests-safe-local-variable-directories ()
> >> +  ;; safe-local-variable-directories should be risky,
> >> +  ;; so use it as an arbitrary risky variable.
> >> +  (let ((test-alist '((safe-local-variable-directories . "some_val")))
> >> +        (fakedir "test1/test2")
> >> +        (enable-local-eval t))
> >> +    (with-temp-buffer
> >> +      (setq safe-local-variable-directories (list fakedir))
> >
> >The test should use absolute directory names for directories you put
> >into safe-local-variable-directories.
> 
> Fixed.

Thanks, I installed this on the master branch, and I'm therefore
closing this bug.

Please note some minor changes I made in the documentation parts of
the changeset, the most notable one being the use of "path" to allude
to file names or directory names: the Gnu Coding Standards frown on
that.  We use "path" only for lists of directories in the style of
PATH environment variable or load-path Lisp variable.

Thanks again for working on this feature.

[Message part 3 (message/rfc822, inline)]

From: Antero Mejr <antero <at> mailbox.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 30.0.50; [PATCH] Add permanently-enabled-local-variable-dirs variable.
Date: Wed, 01 Mar 2023 22:20:33 +0000

[Message part 4 (text/plain, inline)]

This patch allows users to trust directories to load dir-local variables
from, so they don't have to do something lile this:
(defun risky-local-variable-p (sym &optional _ignored) nil)
as suggested here:
https://emacs.stackexchange.com/questions/10983/remember-permission-to-execute-risky-local-variables

It also works over TRAMP if enable-remote-dir-locals is true.

[0001-Add-permanently-enabled-local-variable-dirs-variable.patch (text/x-patch, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.