Secure whitelist skeleton templates #584
Conversation
There was a problem hiding this comment.
You probably should be able to do something cleaner using curl and the sftp://... URL scheme that curl supports -- with that, you probably don't need to modify project.rkt and can just modify templates.rkt. If there's time, I'd prefer if you did that. If not, I'm OK with merging this now and coming back to this later.
| (define/contract (scp-whitelist-project name source) | ||
| (-> project-name? remote-path-string? path-string?) | ||
| (define zip-path (path->string (make-temporary-file (string-append "rkttmp~a-" name ".zip")))) | ||
| (if (system* (find-executable-path "scp") |
There was a problem hiding this comment.
Put the path in seashell-config.rkt.in?
| ;; Returns the path of the file copied locally | ||
| (define/contract (scp-whitelist-project name source) | ||
| (-> project-name? remote-path-string? path-string?) | ||
| (define zip-path (path->string (make-temporary-file (string-append "rkttmp~a-" name ".zip")))) |
There was a problem hiding this comment.
Maybe instead of creating a temporary file pipe it into a racket port? Something like ssh cs136@... cat <path> or curl sftp://cs136@.../path/to/file?
|
I should have time to change it to use curl |
|
Looks like curl doesn't support sftp:// or scp:// out of the box, so the binary on the linux.student.cs environment won't work with it. Instead I used ssh to clean things up. I still need to test the behaviour of this when authentication fails, so wait to merge. |
| (define-values (sshproc sshout sshin ssherr) | ||
| (subprocess #f #f #f (read-config 'ssh-binary) | ||
| host (string-append "cat " file))) | ||
| (thunk sshout)] |
There was a problem hiding this comment.
Make sure you close sshout/ssherr and you use dynamic-wind (see below) to close sshout when thunk returns.
Uses a system call to SCP to copy the files from the course account instead of downloading them from a publicly readable URL.