* per-file (or, really, per buffer) allowing/disallowing code block execution @ 2022-09-05 23:50 Fedja Beader 2022-09-06 13:33 ` Ihor Radchenko 2022-09-06 19:05 ` Greg Minshall 0 siblings, 2 replies; 20+ messages in thread From: Fedja Beader @ 2022-09-05 23:50 UTC (permalink / raw) To: emacs-orgmode@gnu.org Hello, Pressing C-c C-c in a code block asks the user whether to execute that code block or not. This soon becomes annoying. To remedy this, org-mode provides us the variable org-confirm-babel-evaluate. But this is not very user friendly. Additionally, as per documentation, this variable only controls whether org-mode (babel? Forgive me, I am sort of a new user of Emacs) will execute the code block without asking, or ask. What I would like to have, to safely and easily use org-mode as an interactive notebook, is to not have to overload this function and to be asked only once per buffer/file whether to: 1) Unconditionally allow executing all code blocks 2) Unconditionally disallow executing all code blocks 3) Ask for every block. Particularly the second case is the one that cannot be supported by simply defining org-confirm-babel-evaluate. This is what I cooked up as a solution, with help and advice from Ian Eure: #+BEGIN_SRC elisp (defvar-local org-babel-code-execute-mode nil) (defun org-babel-check-confirm-evaluate-wrapper (orig-fun &rest args) (pcase org-babel-code-execute-mode ("always" t) ("never" nil) ("query" (apply orig-fun args)) (- (progn (setq org-babel-code-execute-mode (completing-read ; can also return "" "Allow execution of code blocks in this buffer (always, never, query)?" '(always never query) nil ; predicate t ; require match to one of the three options ) ) (apply orig-fun args) ) ) ) ) (advice-add 'org-babel-check-confirm-evaluate :around #'org-babel-check-confirm-evaluate-wrapper) #+END_SRC I would like this functionality to become part of org-mode in the future. Sincerely, Fedja ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-05 23:50 per-file (or, really, per buffer) allowing/disallowing code block execution Fedja Beader @ 2022-09-06 13:33 ` Ihor Radchenko 2022-09-06 19:05 ` Greg Minshall 1 sibling, 0 replies; 20+ messages in thread From: Ihor Radchenko @ 2022-09-06 13:33 UTC (permalink / raw) To: Fedja Beader; +Cc: emacs-orgmode@gnu.org Fedja Beader <fedja@protonmail.ch> writes: > Pressing C-c C-c in a code block asks the user whether to > execute that code block or not. This soon becomes annoying. > To remedy this, org-mode provides us the variable > org-confirm-babel-evaluate. But this is not very user friendly. > > Additionally, as per documentation, this variable only controls > whether org-mode (babel? Forgive me, I am sort of a new user of > Emacs) will execute the code block without asking, or ask. > > What I would like to have, to safely and easily use org-mode > as an interactive notebook, is to not have to overload this > function and to be asked only once per buffer/file whether to: > 1) Unconditionally allow executing all code blocks > 2) Unconditionally disallow executing all code blocks > 3) Ask for every block. > > Particularly the second case is the one that cannot be > supported by simply defining org-confirm-babel-evaluate. 1) You can set org-confirm-babel-evaluate buffer-locally 2) Same or set :eval no header arg. (see https://orgmode.org/org.html#Evaluating-Code-Blocks) 3) You can set :eval query header arg. -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92 ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-05 23:50 per-file (or, really, per buffer) allowing/disallowing code block execution Fedja Beader 2022-09-06 13:33 ` Ihor Radchenko @ 2022-09-06 19:05 ` Greg Minshall 2022-09-07 0:17 ` Steven Harris 2022-09-08 5:53 ` Ihor Radchenko 1 sibling, 2 replies; 20+ messages in thread From: Greg Minshall @ 2022-09-06 19:05 UTC (permalink / raw) To: Fedja Beader; +Cc: emacs-orgmode@gnu.org Fedja, > What I would like to have, to safely and easily use org-mode > as an interactive notebook, is to not have to overload this > function and to be asked only once per buffer/file whether to: > 1) Unconditionally allow executing all code blocks > 2) Unconditionally disallow executing all code blocks > 3) Ask for every block. i think that is an interesting idea, and maybe a more pleasant user interface than what we currently have. probably, for me, it would allow me to drop a number of buffer-local variable customizations, as i'm typically evaluating code in a given buffer over and over again (and, so, would be happy to pay the price of saying "yes" once per buffer (per emacs instance). i'd be curious to hear what the downsides might be, especially anyone who sees security-related downsides. Ihor, > 1) You can set org-confirm-babel-evaluate buffer-locally > 2) Same or set :eval no header arg. (see > https://orgmode.org/org.html#Evaluating-Code-Blocks) > 3) You can set :eval query header arg. for me the use case is 1) disabling all (or setting to "query") when, e.g., you are exporting some file you received via e-mail and so trust *none* of the code blocks; 2) enabling all for some file that you yourself maintain, and so trust *all* the code blocks. at least initially, this seems a nice direction. cheers, Greg ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-06 19:05 ` Greg Minshall @ 2022-09-07 0:17 ` Steven Harris 2022-09-07 8:49 ` Greg Minshall 2022-09-08 5:53 ` Ihor Radchenko 1 sibling, 1 reply; 20+ messages in thread From: Steven Harris @ 2022-09-07 0:17 UTC (permalink / raw) To: emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 1709 bytes --] There is a neat solution to this problem using * Local Variables :noexport: see the discussion at stackoverflow <https://stackoverflow.com/questions/20033467/setting-a-local-file-variable-in-emacs-org-mode> Cheers, Steven On Wed, 7 Sept 2022 at 05:07, Greg Minshall <minshall@umich.edu> wrote: > Fedja, > > > What I would like to have, to safely and easily use org-mode > > as an interactive notebook, is to not have to overload this > > function and to be asked only once per buffer/file whether to: > > 1) Unconditionally allow executing all code blocks > > 2) Unconditionally disallow executing all code blocks > > 3) Ask for every block. > > i think that is an interesting idea, and maybe a more pleasant user > interface than what we currently have. > > probably, for me, it would allow me to drop a number of buffer-local > variable customizations, as i'm typically evaluating code in a given > buffer over and over again (and, so, would be happy to pay the price of > saying "yes" once per buffer (per emacs instance). > > i'd be curious to hear what the downsides might be, especially anyone > who sees security-related downsides. > > Ihor, > > > 1) You can set org-confirm-babel-evaluate buffer-locally > > 2) Same or set :eval no header arg. (see > > https://orgmode.org/org.html#Evaluating-Code-Blocks) > > 3) You can set :eval query header arg. > > for me the use case is 1) disabling all (or setting to "query") when, > e.g., you are exporting some file you received via e-mail and so trust > *none* of the code blocks; 2) enabling all for some file that you > yourself maintain, and so trust *all* the code blocks. at least > initially, this seems a nice direction. > > cheers, Greg > > [-- Attachment #2: Type: text/html, Size: 4307 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-07 0:17 ` Steven Harris @ 2022-09-07 8:49 ` Greg Minshall 0 siblings, 0 replies; 20+ messages in thread From: Greg Minshall @ 2022-09-07 8:49 UTC (permalink / raw) To: Steven Harris; +Cc: emacs-orgmode Steven, > There is a neat solution to this problem using > > * Local Variables :noexport: > > see the discussion at stackoverflow > <https://stackoverflow.com/questions/20033467/setting-a-local-file-variable-in-emacs-org-mode> thanks. yes, if one has to do local variables, that is a very nice way of doing it; i appreciate seeing that. cheers, Greg ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-06 19:05 ` Greg Minshall 2022-09-07 0:17 ` Steven Harris @ 2022-09-08 5:53 ` Ihor Radchenko 2022-09-08 12:34 ` Fedja Beader 1 sibling, 1 reply; 20+ messages in thread From: Ihor Radchenko @ 2022-09-08 5:53 UTC (permalink / raw) To: Greg Minshall; +Cc: Fedja Beader, emacs-orgmode@gnu.org Greg Minshall <minshall@umich.edu> writes: > for me the use case is 1) disabling all (or setting to "query") when, > e.g., you are exporting some file you received via e-mail and so trust > *none* of the code blocks; 2) enabling all for some file that you > yourself maintain, and so trust *all* the code blocks. at least > initially, this seems a nice direction. Then, what about the following: 1. Set org-confirm-babel-evaluate globally to t 2. In the files you maintain, you can always put file-local/directory-local value of org-confirm-babel-evaluate to nil. 3. We can modify org-babel-confirm-evaluate _function_ to accept four possible answers: yes, no, yes for all in buffer, no for all in buffer. The extra 2 options will set buffer-local value of org-confirm-babel-evaluate in the current Emacs session. -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92 ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-08 5:53 ` Ihor Radchenko @ 2022-09-08 12:34 ` Fedja Beader 2022-09-08 17:41 ` tomas 2022-09-09 5:50 ` Ihor Radchenko 0 siblings, 2 replies; 20+ messages in thread From: Fedja Beader @ 2022-09-08 12:34 UTC (permalink / raw) To: Ihor Radchenko; +Cc: minshall@umich.edu, emacs-orgmode@gnu.org Hello Richard, Ihor and Steven, I'm aware that file-local variables exist, but it seems that all documentation for them put them *into the file*, which is not secure for files downloaded from the internet. What is to stop a malicious file from setting an "yes, execute me automatically" variable? Anyway, the point of my email was to suggest a change to org-mode such that it provides a pleasant out-of-the-box user experience for people like me. I want to use org-mode as a python/octave/R/whatever interactive notebook without having to spend several days learning elisp and the internal workings of Emacs. I have spent these days, days that could be better (sorry!) used working on actual projects of mine. But I spent this time and the time to articulate what I want and to write these emails in the hope that I will be the last person having to do so. I would also like to suggest org-mode to other people instead of Jupyter notebook without having to add "oh, btw, you might want to add these three pages of alien code to your init.el to make it usable". To go a bit further off-thread, this change might seem unnecessary. However, the other changes I want is also auto-executing all modified code blocks on file save and/or when the cursor moves out of it, auto-executing dependent blocks when their dependency changes (e.g. blocks full of constants) or marking blocks as stale. But I will make suggestions to improve these things in later emails, once I know what I want. Hello Greg, Agreed, just yesterday I must have pressed C-c C-c "yes" three times a minute evaluating an embedded Octave script. The current default configuration is not pleasant at all. Hello Ihor, > Then, what about the following: > 1. Set org-confirm-babel-evaluate globally to t > 2. In the files you maintain, you can always put > file-local/directory-local value of org-confirm-babel-evaluate to > nil. > 3. We can modify org-babel-confirm-evaluate _function_ to accept four > possible answers: yes, no, yes for all in buffer, no for all in > buffer. The extra 2 options will set buffer-local value of > org-confirm-babel-evaluate in the current Emacs session Don't know about option (1), (2) seems insecure at first glance, for the reasons mentioned above. (3) sounds good (yes/no/always/never?) and what I want. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-08 12:34 ` Fedja Beader @ 2022-09-08 17:41 ` tomas 2022-09-09 5:50 ` Ihor Radchenko 1 sibling, 0 replies; 20+ messages in thread From: tomas @ 2022-09-08 17:41 UTC (permalink / raw) To: emacs-orgmode [-- Attachment #1: Type: text/plain, Size: 619 bytes --] On Thu, Sep 08, 2022 at 12:34:25PM +0000, Fedja Beader wrote: > Hello Richard, Ihor and Steven, > > I'm aware that file-local variables exist, but it seems that > all documentation for them put them *into the file*, which is not secure for files downloaded from the internet. What is to stop a malicious file from setting an "yes, execute me automatically" variable? While loading the file, only "safe variables" are set without warning (actually it's a bit more complex: specific variable- value pairs can be marked as "safe". See e.g. "12.12 File Local Variables" in the elisp manual. Cheers -- t [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-08 12:34 ` Fedja Beader 2022-09-08 17:41 ` tomas @ 2022-09-09 5:50 ` Ihor Radchenko 2022-09-10 0:19 ` Fedja Beader 1 sibling, 1 reply; 20+ messages in thread From: Ihor Radchenko @ 2022-09-09 5:50 UTC (permalink / raw) To: Fedja Beader; +Cc: minshall@umich.edu, emacs-orgmode@gnu.org Fedja Beader <fedja@protonmail.ch> writes: > I'm aware that file-local variables exist, but it seems that > all documentation for them put them *into the file*, which is not secure for files downloaded from the internet. What is to stop a malicious file from setting an "yes, execute me automatically" variable? As Tomas pointed out, Emacs has a concept of safe and non-safe file-local variables. org-confirm-babel-evaluate in particular is only safe when it is set to t (query execution). If your downloaded file attempts to set org-confirm-babel-evaluate to nil, Emacs will show a warning and ask you whether you want to use this unsafe nil value. > Anyway, the point of my email was to suggest a change to org-mode such that it provides a pleasant out-of-the-box user experience for people like me. I want to use org-mode as a python/octave/R/whatever interactive notebook without having to spend several days learning elisp and the internal workings of Emacs. I have spent these days, days that could be better (sorry!) used working on actual projects of mine. But I spent this time and the time to articulate what I want and to write these emails in the hope that I will be the last person having to do so. I would also like to suggest org-mode to other people instead of Jupyter notebook without having to add "oh, btw, you might want to add these three pages of alien code to your init.el to make it usable". I am sorry if any of the answers to your suggestion sounded hostile. Note that Org mode already has a large number of customizations, which is why we are trying to not introduce unnecessary customizations. Too many options is not always a good thing. The above does not mean that we reject your suggestion. Rather we try to weigh on the available options in Org and Emacs itself and then try to integrate the new feature into the existing concepts/functionalities. > To go a bit further off-thread, this change might seem unnecessary. However, the other changes I want is also auto-executing all modified code blocks on file save and/or when the cursor moves out of it, auto-executing dependent blocks when their dependency changes (e.g. blocks full of constants) or marking blocks as stale. But I will make suggestions to improve these things in later emails, once I know what I want. Feel free to do so. Suggestions are always welcome. > Hello Ihor, > >> Then, what about the following: >> 1. Set org-confirm-babel-evaluate globally to t >> 2. In the files you maintain, you can always put >> file-local/directory-local value of org-confirm-babel-evaluate to >> nil. >> 3. We can modify org-babel-confirm-evaluate _function_ to accept four >> possible answers: yes, no, yes for all in buffer, no for all in >> buffer. The extra 2 options will set buffer-local value of >> org-confirm-babel-evaluate in the current Emacs session > > Don't know about option (1), (2) seems insecure at first glance, for the reasons mentioned above. (3) sounds good (yes/no/always/never?) and what I want. (1) is what Org uses by default. I mentioned it just in case if you have org-confirm-babel-evaluate set to nil. (Many people do use this unsafe setting). (2) Is safe because file-local nil value of org-confirm-babel-evaluate will trigger Emacs to show you a warning, as I described earlier. (3) Let me elaborate a bit. Yes-for-all/No-for-all may be implemented in multiple ways: - During the current org-babel-execute-buffer call - From now until the buffer is closed - Forever for this file path - Forever for this file path until the file contents is changed - For some period of time Moreover, the above may apply for all the src blocks in buffer or just a particular src block. I doubt that all the options should be implemented in practice. We may probably just allow yes-for-all when running org-babel-execute-buffer but not individual C-c C-c on src blocks. I can see valid reasons to allow (1) in current org-babel-execute-buffer-call; (2) until the buffer is closed; (3) until the file contents is changed + limited by time. However, 3 possible options in the dialogue may be disorienting: yes/no (each src block) Yes/No (all src blocks in current org-babel-execute-buffer cal) * (until the buffer is closed) ! (until the buffer is closed and in the next 30 days, as long as the buffer contents is not changed) WDYT? -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92 ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-09 5:50 ` Ihor Radchenko @ 2022-09-10 0:19 ` Fedja Beader 2022-09-11 9:10 ` Ihor Radchenko 0 siblings, 1 reply; 20+ messages in thread From: Fedja Beader @ 2022-09-10 0:19 UTC (permalink / raw) To: Ihor Radchenko; +Cc: emacs-orgmode@gnu.org > As Tomas pointed out, Emacs has a concept of safe and non-safe > file-local variables. org-confirm-babel-evaluate in particular is only > safe when it is set to t (query execution). If your downloaded file > attempts to set org-confirm-babel-evaluate to nil, Emacs will show a > warning and ask you whether you want to use this unsafe nil value. Can this mechanism be relied upon? I see in https://www.gnu.org/software/emacs/manual/html_node/emacs/Safe-File-Variables.html that user may press ! to mark everything safe. This is less effort than the explicit "yes" required for executing a block on C-c C-c. > I am sorry if any of the answers to your suggestion sounded hostile. > The above does not mean that we reject your suggestion. Rather we try to > weigh on the available options in Org and Emacs itself and then try to > integrate the new feature into the existing concepts/functionalities. Not at all. If anything the reply of mine might have sounded such. Because your and Steven's initial replies focused on how to achieve this with different user-local changes, instead of making it automatic, it felt to me that my first email did not contain enough motivation behind such changes and that I had to clarify it again/further. > Note that Org mode already has a large number of customizations, which > is why we are trying to not introduce unnecessary customizations. Too > many options is not always a good thing. This makes me wonder how many of us have a custom init.el for the purpose discussed here. Surely I am not alone, and surely having such customisation maintained in org-mode itself would be better. > Yes-for-all/No-for-all may be implemented in multiple ways: > - During the current org-babel-execute-buffer call If the user determined that it is safe to execute all blocks once, then why would it not be safe to execute them again? > - From now until the buffer is closed This option is probably closest to what I want. > - Forever for this file path Also fine. But 1) then this would have to be stored somewhere outside of the file, else the user would still be asked if they want to load that unsafe local variable. Meaning that in that case babel could just ask the user directly. 2) As I learn to use Emacs, the number of restarts decreases, meaning that the session just lives forever. In that case the once per open nagging of babel is acceptable. > - Forever for this file path until the file contents is changed What would change the file if not the user, and if the user already approved the existing code, why would the user not approve their own additions to it? > - For some period of time Same response as above. > Moreover, the above may apply for all the src blocks in buffer or just a particular src block. Going through blocks one by one and whitelisting, then executing them seems like a reasonable course of action, so why not. However, it might be a bit difficult to implement? How would babel determine that a block is the same one, even if it changes? Position in file? > I doubt that all the options should be implemented in practice. We may > probably just allow yes-for-all when running org-babel-execute-buffer > but not individual C-c C-c on src blocks. I can see valid reasons to > allow (1) in current org-babel-execute-buffer-call; (2) until the buffer > is closed; (3) until the file contents is changed + limited by time. > However, 3 possible options in the dialogue may be disorienting: I would like the option to mark whole file as trusted without having to execute all blocks in it. > yes/no (each src block) > Yes/No (all src blocks in current org-babel-execute-buffer cal) all/none? always/never? > * (until the buffer is closed) allfornow? alluntilclose? > ! (until the buffer is closed and in the next 30 days, as long as the > buffer contents is not changed) I'd prefer having to type full words, so that it is obvious what the user meant. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-10 0:19 ` Fedja Beader @ 2022-09-11 9:10 ` Ihor Radchenko 2022-09-12 13:56 ` Greg Minshall 2022-09-19 9:23 ` Fraga, Eric 0 siblings, 2 replies; 20+ messages in thread From: Ihor Radchenko @ 2022-09-11 9:10 UTC (permalink / raw) To: Fedja Beader; +Cc: emacs-orgmode@gnu.org Fedja Beader <fedja@protonmail.ch> writes: >> As Tomas pointed out, Emacs has a concept of safe and non-safe >> file-local variables. org-confirm-babel-evaluate in particular is only >> safe when it is set to t (query execution). If your downloaded file >> attempts to set org-confirm-babel-evaluate to nil, Emacs will show a >> warning and ask you whether you want to use this unsafe nil value. > > Can this mechanism be relied upon? I see in > https://www.gnu.org/software/emacs/manual/html_node/emacs/Safe-File-Variables.html > that user may press ! to mark everything safe. This is less effort than > the explicit "yes" required for executing a block on C-c C-c. While I agree with you, most people appear to prefer a single char. In fact, it is very popular to replace _all_ the yes/no prompts in Emacs with y/n prompts. If you have an interest to change single-char prompt for buffer-local variables, feel free to file a bug report to Emacs. AFAIK, there is currently no way to customize this prompt. >> Note that Org mode already has a large number of customizations, which >> is why we are trying to not introduce unnecessary customizations. Too >> many options is not always a good thing. > > This makes me wonder how many of us have a custom init.el for > the purpose discussed here. Surely I am not alone, and surely > having such customisation maintained in org-mode itself would > be better. I personally rarely use org-babel-execute-buffer and thus changed org-confirm-babel-evaluate to nil + added default export :eval no-export header arg. Since I run src blocks using C-c C-c, I always see what I am about to execute. >> Yes-for-all/No-for-all may be implemented in multiple ways: >> - During the current org-babel-execute-buffer call > > If the user determined that it is safe to execute all blocks > once, then why would it not be safe to execute them again? Consider a code in Org file that makes dangerous things. It may be useful to keep a query about execution just to stop and think for a moment if you really want to do it. Not for every block in buffer, but once. >> - From now until the buffer is closed > > This option is probably closest to what I want. > >> - Forever for this file path > > Also fine. But > 1) then this would have to be stored somewhere outside > of the file, else the user would still be asked if they > want to load that unsafe local variable. Meaning that in > that case babel could just ask the user directly. > 2) As I learn to use Emacs, the number of restarts > decreases, meaning that the session just lives forever. > In that case the once per open nagging of babel > is acceptable. The second option is a bit more consistent with file-local variable handling and, more importantly, with `org--confirm-resource-safe' - the approach we use to download remote #+SETUPFILE. >> - Forever for this file path until the file contents is changed > > What would change the file if not the user, and if the user > already approved the existing code, why would the user > not approve their own additions to it? > >> - For some period of time > > Same response as above. I was mostly thinking about a file being replaced by a new downloaded version. This is probably an overkill though. >> Moreover, the above may apply for all the src blocks in buffer or just a > particular src block. > > Going through blocks one by one and whitelisting, then executing them > seems like a reasonable course of action, so why not. > However, it might be a bit difficult to implement? > How would babel determine that a block is the same > one, even if it changes? Position in file? We can use the same approach with :cache header argument. However, I feel that it is also an overkill and will rarely be needed. >> I doubt that all the options should be implemented in practice. We may >> probably just allow yes-for-all when running org-babel-execute-buffer >> but not individual C-c C-c on src blocks. I can see valid reasons to >> allow (1) in current org-babel-execute-buffer-call; (2) until the buffer >> is closed; (3) until the file contents is changed + limited by time. >> However, 3 possible options in the dialogue may be disorienting: > > I would like the option to mark whole file as > trusted without having to execute all blocks in it. If we use the approach similar to `org--confirm-resource-safe' and `org-safe-remote-resources', the safe files will be accumulated into a custom variable. That custom variable can be modified by user just as any other custom variable. >> yes/no (each src block) >> Yes/No (all src blocks in current org-babel-execute-buffer cal) > > all/none? always/never? > >> * (until the buffer is closed) > > allfornow? alluntilclose? > >> ! (until the buffer is closed and in the next 30 days, as long as the >> buffer contents is not changed) > > I'd prefer having to type full words, > so that it is obvious what the user meant. I also prefer full words, though it will be slightly inconsistent with file-local variables and remote resource query in Org. Summary: 1. We can modify `org-babel-confirm-evaluate' to allow 3 extra answers: - All (or maybe Yes, consistent with common bash script query) - None (or maybe No, consistent with common bash script query) - Always The new version can be modelled after `org--confirm-resource-safe'. Never is futile because user executing org-babel-execute-buffer will not expect the command to be ignored. Always will not be shown if `org-confirm-babel-evaluate' is not set to 'prompt or 'safe. 2. We can add C-h help buffer detailing what the answers to (similar to query-replace prompt) 3. We add a new custom variable org-confirm-babel-evaluate-safe-paths that will hold files marked safe. 4. We add two allowed values to `org-confirm-babel-evaluate': 'prompt and 'safe, just like in `org-resource-download-policy'. The default will be changed to 'prompt 5. We document changes in the manual and in the NEWS. Patches are welcome! -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92 ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-11 9:10 ` Ihor Radchenko @ 2022-09-12 13:56 ` Greg Minshall 2022-09-12 20:38 ` Tim Cross 2022-09-19 18:25 ` Rudolf Adamkovič 2022-09-19 9:23 ` Fraga, Eric 1 sibling, 2 replies; 20+ messages in thread From: Greg Minshall @ 2022-09-12 13:56 UTC (permalink / raw) To: Ihor Radchenko; +Cc: Fedja Beader, emacs-orgmode@gnu.org Ihor, Fedja, et al., i think this is very good. my suggestion would be to *not* permanently mark a file as safe (i.e., i would vote against org-confirm-babel-evaluate-safe-paths); rather, let a local variable do that. i worry about keeping state in "side cars" (if one calls them that), as it may be harder for the user to "grep" to find why some expected behavior is occurring, etc. in the "default" setting, asking to evaluate a src block would ask: - "yes" [y] - "no" [n] - "always this buffer" [Y?] - "never this buffer" [N?] the last two would only survive this buffer; once the buffer is closed and re-opened, you're back to "default" (unless, of course, there's a local variable set). Ihor, you suggested other meanings for "yes +". while they all are useful, i like the simplicity of just the "always for this buffer". and, per-src block seems overkill, and too complicated, too much state for the user to remember (but, i'm old, so memory is *always* an issue! :). when the user responds "always this buffer", maybe a message that, if they want the same behavior for future buffers of this same file, add a local variable. anyway, that's my 2 cents. cheers, Greg ps -- i'm neutral w.r.t. single letter versus word-length, completing read, prompts [the above suggestions notwithstanding]. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-12 13:56 ` Greg Minshall @ 2022-09-12 20:38 ` Tim Cross 2022-09-13 4:47 ` Greg Minshall 2022-09-19 18:25 ` Rudolf Adamkovič 1 sibling, 1 reply; 20+ messages in thread From: Tim Cross @ 2022-09-12 20:38 UTC (permalink / raw) To: Greg Minshall; +Cc: Ihor Radchenko, Fedja Beader, emacs-orgmode Greg Minshall <minshall@umich.edu> writes: > Ihor, Fedja, et al., > > i think this is very good. > > my suggestion would be to *not* permanently mark a file as safe (i.e., i > would vote against org-confirm-babel-evaluate-safe-paths); rather, let a > local variable do that. i worry about keeping state in "side cars" (if > one calls them that), as it may be harder for the user to "grep" to find > why some expected behavior is occurring, etc. > > in the "default" setting, asking to evaluate a src block would ask: > - "yes" [y] > - "no" [n] > - "always this buffer" [Y?] > - "never this buffer" [N?] > > the last two would only survive this buffer; once the buffer is closed > and re-opened, you're back to "default" (unless, of course, there's a > local variable set). > > Ihor, you suggested other meanings for "yes +". while they all are > useful, i like the simplicity of just the "always for this buffer". > and, per-src block seems overkill, and too complicated, too much state > for the user to remember (but, i'm old, so memory is *always* an issue! > :). > > when the user responds "always this buffer", maybe a message that, if > they want the same behavior for future buffers of this same file, add a > local variable. > > anyway, that's my 2 cents. > > cheers, Greg > > ps -- i'm neutral w.r.t. single letter versus word-length, completing > read, prompts [the above suggestions notwithstanding]. All the points listed here seem reasonable at various levels. However, I do think we need to be careful not to go too far in the other direction. If the user wants a foot gun, they should be allowed to have one, we should not give them one by default though. There are valid use cases for a configuration which does not require user interaction (to answer questions on block evaluation), for example, when you want to process many org files in a batch process without user interaction. Likewise, I don'tg want Emacs to become too much of a 'nanny'. If I decide the code in a file is safe and permanently safe, I want to be able to disable the queries on that file permanently. I'm happy using local variables to do this, though I would also like a global option as well. With regard to long or short answers to such questions, I think the default should be the longer yes/no, but the user should be able to set it to y/n (i.e. same as normal Emacs behaviour). Ideally, this would fall under the same setting as the new y-or-n facility in recent emacs versions (replacing the old approaches like defalias). Finally, while I can see there is a use case for being able to have fine grained control over individual block execution, I don't think having it as a prompt is the correct approach. Once you have many of these blocks in a file, that prompt will rapidly become annoying. When I've required this level of control, I've found header arguments work fine and I'm not sure the added complexity is worth it. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-12 20:38 ` Tim Cross @ 2022-09-13 4:47 ` Greg Minshall 0 siblings, 0 replies; 20+ messages in thread From: Greg Minshall @ 2022-09-13 4:47 UTC (permalink / raw) To: Tim Cross; +Cc: Ihor Radchenko, Fedja Beader, emacs-orgmode hi, Tim, > There are valid use cases for a configuration which does not require > user interaction (to answer questions on block evaluation), for example, > when you want to process many org files in a batch process without user > interaction. Likewise, I don'tg want Emacs to become too much of a > 'nanny'. If I decide the code in a file is safe and permanently safe, I > want to be able to disable the queries on that file permanently. I'm > happy using local variables to do this, though I would also like a > global option as well. sorry, i don't think i was clear. i wasn't suggesting changing the behavior if =org-confirm-babel-evaluate= is =nil= (either as a buffer-local, or globally). the trigger for prompting for "[y,n,Y,N,?]" or long/short some such would be if it were =t= (i think?). > With regard to long or short answers to such questions, I think the > default should be the longer yes/no, but the user should be able to set > it to y/n (i.e. same as normal Emacs behaviour). Ideally, this would > fall under the same setting as the new y-or-n facility in recent emacs > versions (replacing the old approaches like defalias). ah, i didn't realize there was this configuration possibility. that makes sense. thanks. > Finally, while I can see there is a use case for being able to have fine > grained control over individual block execution, I don't think having it > as a prompt is the correct approach. Once you have many of these blocks > in a file, that prompt will rapidly become annoying. When I've required > this level of control, I've found header arguments work fine and I'm not > sure the added complexity is worth it. last time i tried to export a file with no buffer-local setting of org-confirm-babel-evaluate, i was prompted on each code block. and, yes, it *is* annoying! eliminating this behavior, while "preserving a query", is what i find attractive in Fejda's proposal. i apologize that i'm not sure of the header argument override? but, still, i wouldn't argue for any new per-src-block-level configuration. cheers, Greg ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-12 13:56 ` Greg Minshall 2022-09-12 20:38 ` Tim Cross @ 2022-09-19 18:25 ` Rudolf Adamkovič 2022-09-19 19:28 ` Greg Minshall 1 sibling, 1 reply; 20+ messages in thread From: Rudolf Adamkovič @ 2022-09-19 18:25 UTC (permalink / raw) To: Greg Minshall, Ihor Radchenko; +Cc: Fedja Beader, emacs-orgmode@gnu.org Greg Minshall <minshall@umich.edu> writes: > - "always this buffer" [Y?] I would deeply appreciate this option for my Org notebook that contains two kinds of source blocks: (1) workers for on-demand execution and (2) reproducible examples for anytime execution. I cannot figure out how to make Org work with both, meaning it would execute just the reproducible examples on 'org-babel-execute-buffer', leaving the workers alone. As a workaround, I configure workers with ':eval query' and then lean against the 'n' key during 'org-babel-execute-buffer'. :) Rudy -- "Be especially critical of any statement following the word 'obviously.'" -- Anna Pell Wheeler, 1883-1966 Rudolf Adamkovič <salutis@me.com> [he/him] Studenohorská 25 84103 Bratislava Slovakia ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-19 18:25 ` Rudolf Adamkovič @ 2022-09-19 19:28 ` Greg Minshall 2022-09-21 20:56 ` Rudolf Adamkovič 0 siblings, 1 reply; 20+ messages in thread From: Greg Minshall @ 2022-09-19 19:28 UTC (permalink / raw) To: Rudolf Adamkovič; +Cc: Ihor Radchenko, Fedja Beader, emacs-orgmode@gnu.org Rudy, > I would deeply appreciate this option for my Org notebook that contains > two kinds of source blocks: (1) workers for on-demand execution and (2) > reproducible examples for anytime execution. I cannot figure out how to > make Org work with both, meaning it would execute just the reproducible > examples on 'org-babel-execute-buffer', leaving the workers alone. As a > workaround, I configure workers with ':eval query' and then lean against > the 'n' key during 'org-babel-execute-buffer'. :) i'm a bit unclear. does your (single?) Org notebook consist of *one* file (and thus, [normally? always? my ignorance precedes me], one buffer), or two files (thus, two buffers). in the former case (one buffer), i don't know if these proposals will help. though, maybe as they are flushed out (precedence of the buffer-local and/or global-local with header line constructs), it would? in the latter case (two buffers), then, yes. cheers, Greg ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-19 19:28 ` Greg Minshall @ 2022-09-21 20:56 ` Rudolf Adamkovič 2022-09-22 14:17 ` Max Nikulin 0 siblings, 1 reply; 20+ messages in thread From: Rudolf Adamkovič @ 2022-09-21 20:56 UTC (permalink / raw) To: Greg Minshall; +Cc: Ihor Radchenko, Fedja Beader, emacs-orgmode@gnu.org Greg Minshall <minshall@umich.edu> writes: > i'm a bit unclear. does your (single?) Org notebook consist of *one* > file (and thus, [normally? always? my ignorance precedes me], one > buffer), or two files (thus, two buffers). One file, two kinds of "src" blocks. > in the former case (one buffer), i don't know if these proposals will > help. though, maybe as they are flushed out (precedence of the > buffer-local and/or global-local with header line constructs), it > would? Interesting. Suppose I have 'org-confirm-babel-evaluate' set to 'nil' and I answer "no to all" during 'org-babel-execute-buffer'. I would expect that to mean "answer 'no' to every :eval query" block and execute the rest as usual. If so, that would save me from having to answer "no" dozen times. Good point! Rudy -- "I love deadlines. I love the whooshing noise they make as they go by." -- Douglas Adams, The Salmon of Doubt, 2002 Rudolf Adamkovič <salutis@me.com> [he/him] Studenohorská 25 84103 Bratislava Slovakia ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-21 20:56 ` Rudolf Adamkovič @ 2022-09-22 14:17 ` Max Nikulin 2022-09-23 2:31 ` Ihor Radchenko 0 siblings, 1 reply; 20+ messages in thread From: Max Nikulin @ 2022-09-22 14:17 UTC (permalink / raw) To: emacs-orgmode On 22/09/2022 03:56, Rudolf Adamkovič wrote: > Greg Minshall writes: > >> i'm a bit unclear. does your (single?) Org notebook consist of *one* >> file (and thus, [normally? always? my ignorance precedes me], one >> buffer), or two files (thus, two buffers). > > One file, two kinds of "src" blocks. > >> in the former case (one buffer), i don't know if these proposals will >> help. though, maybe as they are flushed out (precedence of the >> buffer-local and/or global-local with header line constructs), it >> would? > > Interesting. Suppose I have 'org-confirm-babel-evaluate' set to 'nil' > and I answer "no to all" during 'org-babel-execute-buffer'. I would > expect that to mean "answer 'no' to every :eval query" block and execute > the rest as usual. If so, that would save me from having to answer "no" > dozen times. Good point! Since `org-confirm-babel-evaluate' may be customized to a function, every participant of this thread may implement their preferred policies with no modification of Org code or even an advice to the default function. If proven by some usage period convenient variants emerged during such activity then they may be polished to handle corner cases (indirect buffers, etc.) and added to Org. However some functions will likely specific to particular users, e.g. consider documents in some folder safe as created by the user, but execution of code blocks from other files are suppressed because they may be received from less trusted sources. ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-22 14:17 ` Max Nikulin @ 2022-09-23 2:31 ` Ihor Radchenko 0 siblings, 0 replies; 20+ messages in thread From: Ihor Radchenko @ 2022-09-23 2:31 UTC (permalink / raw) To: Max Nikulin; +Cc: emacs-orgmode Max Nikulin <manikulin@gmail.com> writes: > Since `org-confirm-babel-evaluate' may be customized to a function, > every participant of this thread may implement their preferred policies > with no modification of Org code or even an advice to the default > function. Not that easy. `org-confirm-babel-evaluate' only knows about currently executed src block. It has no access to its callers, like `org-babel-execute-buffer'. While `org-confirm-babel-evaluate' can be used to disable queries in buffer during current Emacs session, it will be hard to do something like "yes, for all the next queries in the current `org-babel-execute-buffer' call". -- Ihor Radchenko, Org mode contributor, Learn more about Org mode at https://orgmode.org/. Support Org development at https://liberapay.com/org-mode, or support my work at https://liberapay.com/yantar92 ^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: per-file (or, really, per buffer) allowing/disallowing code block execution 2022-09-11 9:10 ` Ihor Radchenko 2022-09-12 13:56 ` Greg Minshall @ 2022-09-19 9:23 ` Fraga, Eric 1 sibling, 0 replies; 20+ messages in thread From: Fraga, Eric @ 2022-09-19 9:23 UTC (permalink / raw) To: Ihor Radchenko; +Cc: Fedja Beader, emacs-orgmode@gnu.org On Sunday, 11 Sep 2022 at 17:10, Ihor Radchenko wrote: > In fact, it is very popular to replace _all_ the yes/no prompts in > Emacs with y/n prompts. I had to laugh. The oldest line in my Emacs init is (fset 'yes-or-no-p 'y-or-n-p) ;I hate typing... and this dates back to the 80s... (sorry for off-topic post) -- : Eric S Fraga, with org release_9.5.4-768-g5bb699 in Emacs 29.0.50 ^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2022-09-23 2:32 UTC | newest] Thread overview: 20+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-09-05 23:50 per-file (or, really, per buffer) allowing/disallowing code block execution Fedja Beader 2022-09-06 13:33 ` Ihor Radchenko 2022-09-06 19:05 ` Greg Minshall 2022-09-07 0:17 ` Steven Harris 2022-09-07 8:49 ` Greg Minshall 2022-09-08 5:53 ` Ihor Radchenko 2022-09-08 12:34 ` Fedja Beader 2022-09-08 17:41 ` tomas 2022-09-09 5:50 ` Ihor Radchenko 2022-09-10 0:19 ` Fedja Beader 2022-09-11 9:10 ` Ihor Radchenko 2022-09-12 13:56 ` Greg Minshall 2022-09-12 20:38 ` Tim Cross 2022-09-13 4:47 ` Greg Minshall 2022-09-19 18:25 ` Rudolf Adamkovič 2022-09-19 19:28 ` Greg Minshall 2022-09-21 20:56 ` Rudolf Adamkovič 2022-09-22 14:17 ` Max Nikulin 2022-09-23 2:31 ` Ihor Radchenko 2022-09-19 9:23 ` Fraga, Eric
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).