Closed kmccurley closed 4 months ago
The code for this is isolated in metadata/meta_parse.py
. bibexport has some additional problems because it assumes the author has used bibtex
instead of biblatex
. For this purpose we parse the .bcf
file and create a synthetic main.aux
when they use biblatex
. This all gets copied into a TemporaryDirectory()
where we run bibexport
. One simple solution is probably to copy cryptobib into this temporary directory but I haven't tested it yet.
The way we are running bibexport
is perhaps problematic, because it does not run inside docker but invokes bibtex so it requires texlive to be installed. The extraction of bibtex entries may have other solutions like using pybtex
to parse the bibtex files and looking for the correct keys, but apparently pybtex
has its own problems because the output from parsing an entry is not the same as the input. That's why I settled on bibexport
.
Note that the bibexport
file is a bash script with additional options that might be useful (like -e,-es,-ec
) that might allow us to pick up cryptobib.
It turns out that bibexport just executes bibtex, which uses the BIBINPUTS
environment variable. I found a ridiculously easy solution to this problem, which is to put
os.environ['BIBINPUTS'] = '.:{}'.format(os.path.join(app.root_path,
'metadata/latex/iacrcc'))
right before we return app
in __init__.py
. Then if the paper uses cryptobib/crypto
it doesn't have to be uploaded and it doesn't have to be copied. I ran a test with a paper that doesn't include cryptobib in the zip file.
There is still the issue that we run bibexport outside of docker, but I don't think this is a serious issue because bibexport only runs bibtex and not pdflatex. The code for creating a synthetic main.aux
file would be harder to run inside docker, and we need that in case the author uses biblatex. All of the other options I could find were worse. Parsing the cryptobib file with pybtex takes a few minutes, which is an unacceptable delay. There has only been a single vulnerability found in bibtex in 2009, but that was patched long ago.
It seems that bibexport does not find cryptobib/crypto.bib when it is used from the docker file. We should perhaps be invoking this from the docker container anyway because it runs latex/bibtex with an unusual bibtex style.