Open Caellian opened 12 months ago
I agree that this would be a somewhat more "constrainable" system than shell-escape, and thus very nice from that perspective! Another analogy to keep in mind would be the Rust compiler's "procedural macros", which are basically binary extensions to the compiler. One thing that people are doing in that world is starting to implement these kinds of things using WebAssembly, even in non-browser contexts, because WASM code is basically cross-platform (so, basically doing what the JVM was achieve many years ago ...)
After toying a bit with tiaoma
package, I'm noticing that the WASM plugin API is basically what I wanted. The only missing piece is allowing plugins to return content
instead of just str
. But that can be circumvented with eval
.
The issue with the WASM plugins (for some use cases) is that it's not possible to turn a lot of existing programs into WASM modules so I guess calling so
s/dll
s that can execute commands is still something that would be useful.
I can think of at least three possible ways of doing things: WASM plugins, native binary SO/DLL plugins, or native executable "plugins" (potentially with a non-trivial protocol communicated over pipes or something). They all have their engineering advantages and drawbacks, but I strongly suspect that the right choice is mostly about what people will actually use in practice, which is not quite the same thing as what makes for the cleanest engineering. If everyone wants to use a Python syntax highlighter, or something, that probably isn't great for either WASM or SO/DLLs.
All that is to say, it would probably be good to identify one or two specific example uses to help guide thinking about what kind of implementation would hit a realistic design sweet spot.
This suggestion bounces off of shell-escape issue and basically provides an alternative that's more trustworthy than shell-escape at the cost of being a 🤏 harder to implement.
I propose adding an extension interface that can load dynamic libraries which can register macros for text processing in some specialized manner that requires fine-grained control or better system integration than TeX can offer.
User perspective
User needs to install an extension via
tectonic -X add extension-name
, or add it to the project toml directly.After that, they can use a macros provided by the extension:
Implementation
Tectonic checks for all extensions specified in the document toml, tries finding them in cache or downloads them from a registry.
Extensions would look something like:
MacroRegistry
can use libffi to send functions back to tectonic.Option::unwrap_or
.Args
is aVec<Option<CString>>
.Motivation
This would provide same functionality already provided by
shell-escape
, but the user who's building the document can know that the extensions in official registry won't run malicious code on their machine. It delegates trust requirements from the author of a document to the registry.It also simplifies the document build without
shell-escape
because the user building the document doesn't have to veto and run other executables before tectonic.