[plt-scheme] Using planet packages with the Handin server?

From: John Clements (clements at brinckerhoff.org)
Date: Wed Apr 22 18:39:05 EDT 2009

I'm trying to write a handin server checker module that allows  
students to require a planet package. Unfortunately, I can't seem to  
phrase the #:allow-read argument in a way that make this possible.  
This problem doesn't really have anything to do with the handin server  
per se; I can express the problem like this:

#lang scheme

(require scheme/sandbox)

((make-module-evaluator "#lang scheme
(require (planet schematics/schemeunit:3))
(display abc)"
  	 	#:language 'scheme
  	 	#:allow-read '((planet schematics/schemeunit))
                        ) '(display 'ab))


This gives the error:

directory-list: `read' access denied for /Users/clements/Library/PLT  
Scheme/planet/300/4.1.5.4/cache/schematics/schemeunit.plt

... which is the same error that I get if I don't have an #:allow-read  
argument at all. I also tried the extreme ugliness of manually  
supplying the required paths, like this:

((make-module-evaluator "#lang scheme
(require (planet schematics/schemeunit:3))
(display abc)"
  	 	#:language 'scheme
  	 	#:allow-read (list (string->path "/Users/clements/Library/PLT  
Scheme/planet/300/4.1.5.4/cache/schematics/schemeunit.plt/")
                                    (string->path "/Users/clements/ 
Library/PLT Scheme/planet/300/HARD-LINKS/"))
                        ) '(display 'ab))

After getting this far, I got the error

expand-user-path: `exists' access denied for base.ss

... and I was unable to fix this by adding further to the #:allow-read  
argument.

I also tried various variations on the planet specification: old- 
style, changing the id's into strings, etc.  None of these succeeded  
for me.


...  Finally, I went into the sandbox.ss code and decorated compute- 
permissions to print out its result. I then got this result from the  
original program:

XX((read-bytecode #<path:/Users/clements/Library/PLT Scheme/planet/ 
300/4.1.5.4/cache/schematics/schemeunit.plt/3/4/main.ss>) (read- 
bytecode #<path:/Users/clements/Library/PLT Scheme/planet/300/4.1.5.4/ 
cache/schematics/schemeunit.plt/3/4/compiled>) (exists #<path:/Users/ 
clements/Library/PLT Scheme/planet/300/4.1.5.4/cache/schematics/ 
schemeunit.plt/3/4/>))XX
. exception raised by error display handler: cleanse-path: `exists'  
access denied for /private/tmp/foo.ss; original exception raised:  
directory-list: `read' access denied for /Users/clements/Library/PLT  
Scheme/planet/300/4.1.5.4/cache/schematics/schemeunit.plt
 >

(the XX's are explicit in my fprintf)

My interpretation of this is that the sandbox *is* allowing access to  
the directory where the planet files live, but that trying to load the  
planet code also requires access to a number of other directories;  
that, to put it differently, the set of files loaded by the require  
statement is not the same as the set of directories that must be  
readable in order for planet to work correctly.


Is this correct?

Many thanks,

John



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2484 bytes
Desc: not available
URL: <http://lists.racket-lang.org/users/archive/attachments/20090422/23b5130b/attachment.p7s>

Posted on the users mailing list.