New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃悰 deno
v1.13 breaks shims using --allow-plugin
#11819
Comments
# [why] Deno v1.13+ breaks prior correct shims using `--allow-plugin` by replacing it with `--allow-ffi` without deprecation. This changes fixes the shim for all v1.x versions of Deno at the cost of decreased security. A more narrow change replacing `--allow-plugin` with `--allow-ffi` for Deno versions if v1.13+ would still allow broken shims when/if the user upgraded from a Deno version less than v1.13. ref: denoland/deno#11819
Plugins and FFI are unstable. That said, it seems like something could be added to Line 1277 in df084b9
|
# [why] Deno v1.13+ breaks prior correct shims using `--allow-plugin` by replacing it with `--allow-ffi` without deprecation. This changes fixes the shim for all v1.x versions of Deno at the cost of decreased security. A more narrow change replacing `--allow-plugin` with `--allow-ffi` for Deno versions if v1.13+ would still allow broken shims when/if the user upgraded from a Deno version less than v1.13. ref: denoland/deno#11819
Unfortunately, it's a bit more problematic. For my installs, using And if |
They should make the |
They cannot be aliased because they are not the same thing: One is a native plugin API, the other is a FFI API. They are not compatible.
Yes, it's unstable, it may break. Deno's stability is described in more detail in the manual: https://deno.land/manual@v1.13.2/runtime/stability "You should be aware that many unstable APIs have not undergone a security review, are likely to have breaking API changes in the future, and are not ready for production." PS: If you are not sure about the stability of an unstable API, sometimes it helps to check the roadmap (#11168). Usually, if an unstable API is mentioned, it's either "stabilize" or "remove". For example, "Remove native plugins API, introduce FFI API" has been the number 1 item on the roadmap for a while now. An example of an unstable API being stabilized is the new HTTP server which is mentioned as "Stabilize native HTTP server API". |
I get it, and I agree with the process. But you're missing the point that normal use of |
You need both
|
@MarkTiedemann , thanks for taking the time to look at this issue. I do feel that I'm not correctly communicating the problem to you; I'll try to restate it and improve my explanation... I understand that But the important point here is that % generated by deno install %
@deno "run" "--allow-read" "--allow-write" "--allow-net" "--allow-env" "--allow-run" "--allow-plugin" "--allow-hrtime" "https://deno.land/x/..." %* and #!/bin/sh
# generated by deno install
deno "run" "--allow-read" "--allow-write" "--allow-net" "--allow-env" "--allow-run" "--allow-plugin" "--allow-hrtime" "https://deno.land/x/..." "$@" This is not specifically requested by the user installing the app and is for the most part opaque to casual users. And, then, this acts as a future trip mine which, without any warning, breaks all those shims when upgrading from v1.12 to v1.13, blocking use of all the apps installed using that installation directive.
Again, I see this as a bug which needs to be addressed going forward to avoid tripping up ordinary users. Likely, a good solution going forward is to never add unstable flags when installing using |
@rivy Thanks for clarifying! I was not aware that This seems like a design issue IMO, too. I would have expected |
@MarkTiedemann , expanding the |
I don't think there's such a thing as "unintended permission expansion" when using
In this respect In I think that's unexpected and should be fixed. |
Yes, @MarkTiedemann, I believe we're saying the same thing... When I say "unintended permission expansion" for a later version of I'm suggesting that the bug is that the expansion of |
No, we're not.
I'm saying that the bug is that There should not be a difference between |
Thanks for clarifying. Hmm, I don't really agree; the current creation of a shim with individual You could argue that, by using But, it would be a simpler implementation. |
Using I don't understand the argument that you might want all flags now, but not a potential future flag. In that case, I think, you should specify all flags one by one rather than using |
If you have -A and that expands to include --allow-run what precisely could a future flag add that would be more powerful than --allow-run? I get what it is trying to do, but I don't think it's reasonable. If a user says they want -A then we should trust they want -A. (Maybe we can print a warning to say "you installed with -A but we strongly recommend enumerating the permissions...") |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
Not stale. This should be addressed at least as a policy statement going forward so that it doesn't happen again... |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
Not stale; not addressed as of yet. |
@rivy what is the expected solution for this issue? |
Opened #13325 |
@bartlomieju , the problem is that automatically adding unstable flags when installing potentially breaks future executions with a newer
edit I see @dsherret just added issue #13325 with a resolution similar to the noted suggestion. I think that will work as a solution. |
I believe requirement for |
With the change in v1.13 from
--allow-plugin
to--allow-ffi
(PR #11152), prior shims using--allow-plugin
are now broken...IMO,
--allow-plugin
should have been deprecated but allowed until a later date (maybe v2). Changing the command line API like this can suddenly break working setups (as it did mine). To me, this seems to be the definition of a semver API change requiring a major version update.The text was updated successfully, but these errors were encountered: