awesome, thank you! By ‘all info.rkt’, you mean even in directories referenced by dependencies, or just the one in the initial directory? (I’m now wondering if I didn’t misunderstand your previous message)

Anyone know how to do a simple (read-line) , but that’s for passwords (won’t echo what’s typed)?

See my answer at https://stackoverflow.com/questions/60847280/how-to-get-command-line-password-input-in-racket/60847858#60847858

ty :slightly_smiling_face:

ah, looks like i’ll be diving deeper, but ty (in my particular case, it’s via a tcp socket)

but the answer is still good

perhaps a simple ansi escape seq will work

That’s what stty does pretty much iirc

Anyone happen to know what this error means? eval-linklet: cannot use linklet loaded with non-original code inspector

Probably that error message should have “unsafe” in it somewhere. The code inspector has been changed (probably for a sandbox) so that it disallows running unsafe code, and some module that uses unsafe operations was loaded with that code inspector, so it’s not allowed to be run.

ah ok.

continuing w/ my sandbox woes, I have an interesting situation now where I have a file (e.g. A.rkt) that is capable of creating a sandbox evaluator with permissions to read a directory on disk. If I run A.rkt, I can call the “run-script” function just fine, it loads and runs perfectly.

Now, if I make B.rkt, which requires A.rkt and calls the same function, it fails saying that it doesn’t have permission to read the file in question. However, the path it displays with the permission error is the project path - not the path of the script.

If I had to guess, it’s not allowing the evaluator to read the module of functions I want exposed to the evaluator which are in A.rkt since it’s executing B.rkt.

Not sure how to get past this, though. Sorry, but the documentation on the sandboxes doesn’t have a lot in the way of examples for usage. :disappointed:

I got the eval-linklet error when - just to try something - I added privs to read the project directory, too.

The default sandbox configuration allows reading installed collections/packages and disallows file access elsewhere. So, if your project is not installed in that sense, then you would have to add access, as you say.

I don’t immediately remember what unsafe modules are allowed by default. That, again, might be tied to installation, and it might be different than allowing modules to be loaded.

Meanwhile, it’s not very practical these days to expect a module to have no unsafe components. In the early days, that looked possible, but macros and optimizer passes have gradually introduced more and more unsafe operations into modules.

So: Is your project installed as a package? If not, does installing it that way help with these kinds of problems?

It isn’t installed, and installing it wouldn’t make much sense — certainly not for development anyway. There’s a configuration file that’s loaded, which basically says where to allow reading of scripts from, etc. Right now I feel like I’m relegated to making the entire program in a single file, sadly.

When you say you enabled read access, was that just plain read or was it read-bytecode?

just plain read `((read ,script-path))

Does read a script (from source?) load any modules in the project (i.e., not installed) that are compiled to bytecode?

currently, for dev, script-path is just defined as (build-path (current-directory) "scripts"), but later will be read from a config file and could be anywhere

> Does read a script (from source?) load any modules in the project No. They are just simple, vanilla scheme code. They just have access to a few functions I expose in that submodule.

Are the scripts compiled to bytecode, or are they just in source form?

source form

That sounds like something that should work, so I must be missing a piece. Can you provide an example again?

As an example, the configuration file loaded at startup would have things like: DB credentials and a directory where the scripts are located. The submodule would contain a function like “run-query” that the script could call, but the script would never have access to the credentials itself.

So, the script might be something like… (for/list ([email (run-query "SELECT email FROM ...")]) (send-email email ...)) Where send-email is also exposed from the project.

Let me put together a sample real quick

That will help a lot - thanks.

So (barring any stupid typo), this would be a good summary of script-runner.rkt: #lang racket (require racket/sandbox) (require syntax/modresolve) (provide (all-defined-out)) (module* efuns #f (provide run-query)) (define (run-query) (displayln "Hello, world!")) (define efuns-path-index (let* ([ref (#%variable-reference)] ; submodule path and this module's index [path-index '(submod "." efuns)] [base-index (variable-reference->module-path-index ref)] ; join them together for the complete module path [path (module-path-index-join path-index base-index)]) (resolve-module-path-index path))) (define namespace-specs (append (sandbox-namespace-specs) (list efuns-path-index))) (define script-path (build-path (current-directory) "src")) (define script-perms (list* (list 'read script-path) (sandbox-path-permissions))) (define (run-script script-filename) (let ([e (parameterize ([sandbox-input current-input-port] [sandbox-output current-output-port] [sandbox-namespace-specs namespace-specs] [sandbox-path-permissions script-perms] [sandbox-gui-available #f]) (displayln (sandbox-path-permissions)) (make-evaluator 'racket/base))]) ; initialize the new object (e `(namespace-require ',efuns-path-index)) (e `(load ,(build-path script-path script-filename))) (e '(run))))

And this code works just fine! If I run it from DrRacket, it’s all good. I can call run-script with a script in the src directory and it executes just fine.

Now, if I have my main.rkt file (in the same directory as script-runner.rkt: (require "script-runner.rkt") (define (test) (run-script "test-script.rkt")) This fails with: (exn:fail "current-load-relative-directory: `exists' access denied for E:\\racket-projects\\runner-project\\" #<continuation-mark-set>)

Note: it never even attempts to load the script file. It’s dying in make-evaluator from what I can tell (if I put a displayln after the call to make-evaluator it never displays.

If you need something for yourself to test with, test-script.rkt is just the following: (define (run) (run-query))

I see that error if I run in DrRacket (which automatically compiles programs to bytecode) or if I raco make main.rkt before. But if I run without compiled bytecode, I don’t get the error.

If I add 'read permission for the directory that has main.rkt and script-runner.rkt, then I get the unsafe-linklet error. And if I add 'read-bytecode permission instead, then the unsafe-linklet error goes away.

Interesting. thanks for the 2nd pair of eyes.