Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

Complicated systems are surprising! Somehow each little step wasn't completely crazy and yet there must be a lesson in here somewhere. :) Robby On Mon, Jan 4, 2021 at 6:45 PM 'William J. Bowman' via Racket Users < racket-users@googlegroups.com> wrote: > Ah! I didn’t know about the

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

Ah! I didn’t know about the module browser, thanks! And I guess this chain makes sense. -- Sent from my phoneamajig > On Jan 4, 2021, at 16:27, Robby Findler wrote: > >  > If you open a file that requires scribble/manual with the module browser > (available via the Racket menu item in

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

If you open a file that requires scribble/manual with the module browser (available via the Racket menu item in DrRacket), you'll see that ssl is needed by the code that opens urls (presumably to do https) which is needed by the code that handles planet requires (since planet requires may involve

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

I don't know if Scribble needs OpenSSL, but a dependency probably does. The only precondition of that error is that openssl/mzssl appears *somewhere* among the dependencies. I run into that same error for evaluators that have nothing to do with Scribble. ~slg ‐‐‐ Original Message ‐‐‐

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

Thanks for the explanation. I can't figure out why scribble/manual needs openssl, but oh well. After reading through openssl, I've gone with a slightly less blunt instrument: > (require/expose openssl/mzssl (X509_get_default_cert_file)) > > ... > [sandbox-path-permissions (append `((exists >

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

Heads up: My earlier example was missing a closing paren. Also just saw that your subject line asked "Why", so I checked. openssl/mzssl provides a parameter called `ssl-default-verify-sources'. See [1]. The parameter is created during module instantiation with a OS-dependent default value.

Re: [racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

If you just want to silence the error with a blunt instrument, then you could try a parameterization where sandbox-path-permissions is set to: (append (map (λ (p) `(exists ,p)) (filesystem-root-list) (sandbox-path-permissions))) This suffices since it is an existential check, not a file

[racket-users] Why is my sandbox trying to access /etc/ssl/certs.pem?

I have a sandbox that loads scribble/manual (indirectly) to render some HTML. But it crashes with the following error: > racket -e "(require racket/sandbox)" -e "((make-evaluator 'racket/base) > '(require scribble/manual))" file-exists?: `exists' access denied for /etc/ssl/cert.pem