I'm tangling my early-init/init.el with the :tangle-mode header arg set to (identity (#o444)). The idea behind this was to prevent myself from accidentally editing the tangled source files instead of the Org files. Unfortunately, since a3cb9b853 there seems to be a behavior change for org-babel-tangle which prevents this. An abbreviated stacktrace which shows the error when I try to tangle my files: Debugger entered--Lisp error: (file-error "Opening output file" "Permission denied" "/home/n/.emacs.d/early-init.el") write-region("" nil "~/.emacs.d/early-init.el" nil 0) Any way to work around this? Emacs : GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.17.4, Xaw3d scroll bars) of 2021-05-03 Package: Org mode version 9.4.5 (9.4.5-gbc2659 @ /home/n/.emacs.d/straight/build/org/)
Hi, No Wayman writes: > I'm tangling my early-init/init.el with the :tangle-mode header arg > set to (identity (#o444)). This should be `(identity #o444)` I believe ? > The idea behind this was to prevent myself from accidentally editing > the tangled source files > instead of the Org files. > Unfortunately, since a3cb9b853 there seems to be a behavior change for > org-babel-tangle which prevents this. File permissions are now set before writing to the file, for security reasons. In this case, you remove write permission so emacs fails to write to the file. Perhaps we should try to support this use case. However, even with the previous version, it seems that subsequent tangles should have failed (emacs should fail to delete the previous tangled file). Can you confirm this and explain how you dealt with it ? As a workaround, you could use a file-local `org-babel-post-tangle-hook` to set file permission. Although subsequent tangles will still fail. -- Sébastien Miquel
Sébastien Miquel <sebastien.miquel@posteo.eu> writes: > Hi, > > No Wayman writes: >> I'm tangling my early-init/init.el with the :tangle-mode header >> arg set to >> (identity (#o444)). > This should be `(identity #o444)` I believe ? > Apologies, I transcribed that incorrectly. I do have `(identity #o444)`. > File permissions are now set before writing to the file, for > security > reasons. In this case, you remove write permission so emacs > fails to > write to the file. Perhaps we should try to support this use > case. > > However, even with the previous version, it seems that > subsequent > tangles should have failed (emacs should fail to delete the > previous > tangled file). Can you confirm this and explain how you dealt > with it ? Subsequent tangles did not fail for me. I just tested by building Org from a2cb9b853's parent: f84033b08. Multiple tangles work with no permission errors on subsequent tangles. Here's my init.org, if that's useful: https://raw.githubusercontent.com/progfolio/.emacs.d/master/init.org > As a workaround, you could use a file-local > `org-babel-post-tangle-hook` to set file permission. Although > subsequent tangles will still fail. Unfortunately, I don't have much use for the workaround if subsequent tangles will fail. I currently have an after-save-hook function which tangles the files if I've edited any of the src blocks. It's very convenient and I often will edit/tangle files set up like this multiple times.
[-- Attachment #1: Type: text/plain, Size: 337 bytes --] No Wayman writes: > Subsequent tangles did not fail for me. Ah yes, I understand, it is possible to delete a file without write permission. I'll see if I can fix this bug and keep the security improvements. In the meantime, you can apply the attached patch that should fix your issue. Thank you for the report. -- Sébastien Miquel [-- Attachment #2: 0001-fix-readonly-tangle.patch --] [-- Type: text/x-patch, Size: 794 bytes --] diff --git a/lisp/ob-tangle.el b/lisp/ob-tangle.el index 36144d6ae..c041ff4b3 100644 --- a/lisp/ob-tangle.el +++ b/lisp/ob-tangle.el @@ -270,9 +270,10 @@ matching a regular expression." (make-directory fnd 'parents)) ;; erase previous file and set permissions on empty ;; file before writing - (write-region "" nil file-name nil 0) - (mapc (lambda (mode) (set-file-modes file-name mode)) modes) + (when (file-exists-p file-name) + (delete-file file-name)) (write-region nil nil file-name) + (mapc (lambda (mode) (set-file-modes file-name mode)) modes) (push file-name path-collector)))))) (if (equal arg '(4)) (org-babel-tangle-single-block 1 t)
Hi Sébastien,
Sébastien Miquel <sebastien.miquel@posteo.eu> writes:
> I'll see if I can fix this bug and keep the security improvements. In
> the meantime, you can apply the attached patch that should fix
> your issue.
I tried to apply this (transitory?) patch against maint and it did not
apply. It applies okay on master. For bug fixes, please make patches
againt the maint branch.
Thanks!
PS: While Org 9.5 is (slowly) maturing, we will have time to release yet
another bugfix release.
--
Bastien
[-- Attachment #1: Type: text/plain, Size: 634 bytes --] Hi Bastien, Bastien writes: > I tried to apply this (transitory?) patch against maint and it did not > apply. It applies okay on master. For bug fixes, please make patches > againt the maint branch. This fixes a bug introduced by a commit in master. I've attached the same patch here, properly formated. I think it should be applied to master. It reverts a part of a2cb9b853: permissions are no longer set before writing to the tangled file. I've CC'd Tom, which made the original suggestion. I guess we could set the write and execute permissions before writing, and set the read permissions afterwards. -- Sébastien Miquel [-- Attachment #2: 0001-ob-tangle.el-org-babel-tangle-Fix-readonly-tangle.patch --] [-- Type: text/x-patch, Size: 1283 bytes --] From e56a05f4f5a3cce9cfdeb71854475e29aac1a6e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Miquel?= <sebastien.miquel@posteo.eu> Date: Tue, 4 May 2021 22:59:36 +0200 Subject: [PATCH] ob-tangle.el (org-babel-tangle): Fix readonly tangle * lisp/ob-tangle.el (org-babel-tangle): Fix readonly tangle. --- lisp/ob-tangle.el | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lisp/ob-tangle.el b/lisp/ob-tangle.el index 36144d6ae..96a4ef049 100644 --- a/lisp/ob-tangle.el +++ b/lisp/ob-tangle.el @@ -268,11 +268,11 @@ matching a regular expression." lspecs) (when make-dir (make-directory fnd 'parents)) - ;; erase previous file and set permissions on empty - ;; file before writing - (write-region "" nil file-name nil 0) - (mapc (lambda (mode) (set-file-modes file-name mode)) modes) + ;; erase previous file + (when (file-exists-p file-name) + (delete-file file-name)) (write-region nil nil file-name) + (mapc (lambda (mode) (set-file-modes file-name mode)) modes) (push file-name path-collector)))))) (if (equal arg '(4)) (org-babel-tangle-single-block 1 t) -- 2.31.1
Sébastien Miquel <sebastien.miquel@posteo.eu> writes:
> Hi Bastien,
>
> Bastien writes:
>> I tried to apply this (transitory?) patch against maint and it
>> did not
>> apply. It applies okay on master. For bug fixes, please make
>> patches
>> againt the maint branch.
> This fixes a bug introduced by a commit in master. I've attached
> the same
> patch here, properly formated. I think it should be applied to
> master.
>
> It reverts a part of a2cb9b853: permissions are no longer set
> before writing
> to the tangled file.
>
> I've CC'd Tom, which made the original suggestion. I guess we
> could set the
> write and execute permissions before writing, and set the read
> permissions
> afterwards.
Another related bug to the changes:
I have the :tangle header-arg set to evaluate some elisp to return
the file name:
org-babel no longer interprets this elisp. It is being used
literally as the file name:
e.g.
Wrote /home/n/.emacs.d/(concat (file-name-sans-extension
(buffer-file-name)) ".el")
Hi Sébastien,
Sébastien Miquel <sebastien.miquel@posteo.eu> writes:
> It reverts a part of a2cb9b853: permissions are no longer set before writing
> to the tangled file.
Applied to master, thanks a lot.
--
Bastien
[-- Attachment #1: Type: text/plain, Size: 746 bytes --] No Wayman writes: > Another related bug to the changes: > > I have the :tangle header-arg set to evaluate some elisp to return the > file name: > > org-babel no longer interprets this elisp. It is being used literally > as the file name: > e.g. > > Wrote /home/n/.emacs.d/(concat (file-name-sans-extension > (buffer-file-name)) ".el") Here's another patch, to be applied on top of the previous one, that fixes this. The specific case you mention can also be achieved by setting the :tangle argument to `yes`: in this case, the tangled file name is computed using the buffer file name and changing the extension according to the src block language. Thank you again for the report, and sorry for breaking everything. -- Sébastien Miquel [-- Attachment #2: 0001-ob-tangle.el-org-babel-tangle-collect-blocks-Use-cor.patch --] [-- Type: text/x-patch, Size: 1143 bytes --] From b7c5103fdd05c3d30805ebcc5084ef82c44cd8ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Miquel?= <sebastien.miquel@posteo.eu> Date: Wed, 5 May 2021 08:31:43 +0200 Subject: [PATCH] ob-tangle.el: (org-babel-tangle-collect-blocks): Use correct tangle name * lisp/ob-tangle.el: (org-babel-tangle-collect-blocks): Use correct tangle name. The :tangle header argument might be some elisp, to be evaluated. --- Range-diff: -: --------- > 1: b7c5103fd ob-tangle.el: (org-babel-tangle-collect-blocks): Use correct tangle name lisp/ob-tangle.el | 1 + 1 file changed, 1 insertion(+) diff --git a/lisp/ob-tangle.el b/lisp/ob-tangle.el index 96a4ef049..8af03b11a 100644 --- a/lisp/ob-tangle.el +++ b/lisp/ob-tangle.el @@ -377,6 +377,7 @@ be used to limit the collected code blocks by target file." ;; Add the spec for this block to blocks under its tangled ;; file name. (let* ((block (org-babel-tangle-single-block counter)) + (src-tfile (cdr (assq :tangle (nth 4 block)))) (base-name (cond ((string= "yes" src-tfile) ;; buffer name -- 2.31.1
Sébastien Miquel <sebastien.miquel@posteo.eu> writes:
> Here's another patch, to be applied on top of the previous one, that
> fixes this.
Applied, thanks.
--
Bastien
Sébastien Miquel <sebastien.miquel@posteo.eu> writes: > Here's another patch, to be applied on top of the previous one, > that > fixes this. > > The specific case you mention can also be achieved by setting > the > :tangle argument to `yes`: in this case, the tangled file name > is > computed using the buffer file name and changing the extension > according to the src block language. Thanks for the tip. I probably added that years ago and haven't changed it. Updated to keep things simple. > Thank you again for the report, and sorry for breaking > everything. Thanks for the patches. Tested them and everything seems to be working OK.