Open kpym opened 3 years ago
I had a quick look at the perl and adding new tectonic options to match --xetex and xetexcmd wouldn't be hard but omitting shell-escape would be worrying pdfcrop unconditionally runs tex variants with -no-shell-escape and ghostscript with -dSAFER does tectonic not have the option to disable shell access?
Also as tectonic isn't in the standard distributions does it help to add it here, you could certainly distribute a tectonic specific version of the script with the tectonic distribution which could then default to tectonic and not require commandline option at all.
@davidcarlisle As you control the produced .tex
file and you know that there is no \write18
inside and you call the compiler against this particular source, why you need -no-shell-escape
? I know that it is a good habit to use it, but in this particular case, what is the danger ? If somebody wants to overcome this flag, as you can see in my example, it can use -xetexcmd
to execute anything he wants, no ?
Currently tectonic
do not implement shell-escape
as you can see here and here.
To make the test I compiled the following test_write.tex
\documentclass{article}
\newread\myscriptresult
\begin{document}
\immediate\write18{ls -l > ls.txt}
Check if \texttt{ls.txt} exists.
\end{document}
with xelatex -no-shell-escape
(no worning, no ls.txt
), xelatex -shell-escape
(ls.txt
is created) and with tectonic
(no ls.txt
and a warning is displayed):
> tectonic test_write.tex
note: this is a BETA release; ask questions and report bugs at https://tectonic.newton.cx/
Running TeX ...
Fontconfig error: Cannot load default config file
warning: test_write.tex:5: runsystem(ls -l > ls.txt)...disabled.
Rerunning TeX because "test_write.aux" changed ...
warning: test_write.tex:5: runsystem(ls -l > ls.txt)...disabled.
Running xdvipdfmx ...
Writing `test_write.pdf` (4.97 KiB)
Skipped writing 1 intermediate files (use --keep-intermediates to keep them)
If one day tectonic implement -shell-escape
and -no-shell-escape
, then probably the flag will be -Z no-shell-escape
(as -Z
pass the parameter to xetex
).
Also as tectonic isn't in the standard distributions does it help to add it here, you could certainly distribute a tectonic specific version of the script with the tectonic distribution which could then default to tectonic and not require commandline option at all.
I agree that we can build a tectonic specific version of pdfcrop
, and this can probably be done in rust
because tectonic is not only an executable, but a library too.
But meanwhile it looks not so complicated to add a support here. The fact that tectonic
isn't in the standard distributions is precisely on of its advantages : we can just download a single executable of tectonic
for our platform and pdfcrop
, and we are ready to go: no need of heavy latex distribution just to crop some pdf.
It has been considered to add pdfcrop to the list of applications allowed in restricted mode, and the code contains some preparation for this (and the texmf.cnf some comments). Perhaps this will be revived at some time, so I'm wary to add a call to a basically unknown external application.
But meanwhile it looks not so complicated to add a support here.
Well I don't have tectonic and I'm on windows so it is not a question of simply downloading a binary to test something.
The last post here was almost two years ago. Since then, tectonic
has added the --untrusted
option, which disables-Z shell-escape
(the equivalent of --shell-escape
).
Well, I don't have tectonic, and I'm on Windows, so it's not a matter of just downloading a binary to test something.
@u-fischer I'm on Windows too (and on Mac and on Linux). On Windows it is no problem to just drop a binary in the PATH and access it from anywhere. With Tectonic it's as simple as that.
It will be nice if you could add support for the tectonic compiler.
Why ?
tectonic
is basing fast.I succeed to use it with
pdfcrop
in the following way: 1) I created a script that skipxetex
flags-no-shell-escape -interaction=nonstopmode
and add.tex
to the source:2) I run
pdfcrop -xetex -xetexcmd="./tec.sh" in.pdf out.pdf