I don't know if Scribble needs OpenSSL, but a dependency probably does. The only precondition of that error is that openssl/mzssl appears *somewhere* among the dependencies. I run into that same error for evaluators that have nothing to do with Scribble.
~slg
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, January 4, 2021 7:10 PM, 'William J. Bowman' via Racket Users <
racket...@googlegroups.com> wrote:
> Thanks for the explanation.
>
> I can't figure out why scribble/manual needs openssl, but oh well.
>
> After reading through openssl, I've gone with a slightly less blunt instrument:
>
> > (require/expose openssl/mzssl (X509_get_default_cert_file))
> > ...
> > [sandbox-path-permissions (append `((exists
> > ,(X509_get_default_cert_file)))
> > (sandbox-path-permissions))]
> > ...
>
> --
>
> William J. Bowman
>
> On Tue, Jan 05, 2021 at 12:07:12AM +0000, Sage Gerard wrote:
>
> > Heads up: My earlier example was missing a closing paren. Also just saw that your subject line asked "Why", so I checked.
> > openssl/mzssl provides a parameter called `ssl-default-verify-sources'. See 1. The parameter is created during module instantiation with a OS-dependent default value.
> > When you create a sandboxed evaluator, it is impacted by several parameters. The default values of those parameters have little to no trust in the code, and will deny ALL filesystem access. Also, all Racket modules that are not shared with the evaluator are instantiated again. So you need to account for what happens as a side effect of all instantiations needed to get the evaluator up and running. If some module somewhere happens to require openssl/mzssl (even if you don't need it), then you are impacted by the permissions on the evaluator.
> > My earlier example was crude precisely because it is a blanket grant of existential checks for all filesystem paths. For better security habits, you can just add one `exists' permission to`(sandbox-path-permissions)' based on the value of `(ssl-default-verify-sources)'.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/racket-users/X/OuXgfbHhAeNQn8%40williamjbowman.com.