bib2gls
bib2gls copied to clipboard
nlct
Relative output directory not working
I'm using bib2gls version 3.9 (2024-01-30) and found a situation where I can't execute bib2gls from a certain directory.
I've tested this with the following structure:
├── out
│ ├── av.artifact
│ ├── av.atfi
│ ├── av.aux
│ ├── av.glstex
│ ├── av.log
│ ├── av.out
│ ├── av.pdf
│ ├── av.xmpdata
└── src
├── build.sh
└── project.yaml
The definition file is located in $TEXMFHOME/bibtex/bib and is being found.
The issue here is when I execute build.sh which contains bib2gls --dir ../out av.
This results in the following error message:
bib2gls 3.9 (2024-01-30)
Error: Write access forbidden for file: ../out/av.glg
When executing bib2gls --dir out av from the root directory, it executes fine, so my guess is that it can't handle relative paths which go back a level.
That's a security feature. bib2gls honours TeX Live's openin_any and openout_any settings. It sounds like you have openout_any set to p which prohibits write access to paths outside the current directory (unless they are specified by the $TEXMFOUTPUT environment variable). Try
kpsewhich --var-value=openout_any
The possible return values are a (any), r (restricted) or p (paranoid). The setting is in texmf.cnf which can be found with:
kpsewhich -a texmf.cnf
You could adjust your build script so that it sets $TEXMFOUTPUT to the desired output directory before running bib2gls.
Thanks, that explains a lot! For lualatex, however, when using option --output-directory ../out, it does honor the relative output directory. Would lualatex therefore lack in security measures, as the behavior you've described should be the expected behavior according to TeX Live? On the other hand, I wouldn't be surprised if the option --dir implicates setting $TEXMFOUTPUT to its value, as it looked like the equivalent option --output-directory of lualatex, when I read the man page.
Thank you. It looks as though pdflatex also allows --output-directory to be outside the current directory with openout_any and openin_any set to p. Presumably that needs to be treated as a special case, so I'll make --dir behave in the same way.
I've got a minimal working fix:
diff --git a/src/java/bib2gls/Bib2Gls.java b/src/java/bib2gls/Bib2Gls.java
index 2b80bc2..d222449 100644
--- a/src/java/bib2gls/Bib2Gls.java
+++ b/src/java/bib2gls/Bib2Gls.java
@@ -611,7 +611,7 @@ public class Bib2Gls extends BibGlsTeXApp
// Not absolute path. Is it on the cwd path?
- if (path.toAbsolutePath().normalize().startsWith(cwd))
+ if (path.toAbsolutePath().normalize().startsWith(texmfoutput))
{
return true;
}
@@ -5857,7 +5857,8 @@ public class Bib2Gls extends BibGlsTeXApp
getMessage("error.missing.value", arg));
}
- dirName = returnVals[0].toString();
+ texmfoutput = new File(returnVals[0].toString()).getAbsoluteFile().toPath().normalize();
+// dirName = returnVals[0].toString();
}
else if (isListArg(deque, arg, "-m", "--map-format", returnVals))
{
@@ -6087,7 +6088,7 @@ public class Bib2Gls extends BibGlsTeXApp
File dir = null;
- auxFile = new File(auxFileName);
+ auxFile = new File(texmfoutput.toFile(), auxFileName);
if (dirName != null)
{
@@ -6118,7 +6119,7 @@ public class Bib2Gls extends BibGlsTeXApp
else
{
dir = auxFile.getParentFile();
- basePath = cwd;
+ basePath = texmfoutput;
}
if (!auxFile.exists())
Now it finds output related files, like .glstex and .aux based on the texmfoutput member instead of the cwd, which is meant for (TeX) source files, like .bib and .tex.
While this already does the trick, I think it's nicest to parse command line arguments in advance and base the texmfoutput on option --output-dir (or --dir, if you don't mind changing the behavior of it) in the initSecuritySettings method. If there wasn't a command line argument, the TEXMFOUTPUT might still give an answer, as now is implemented, and lastly, if none of these were supplied, the output directory is simply equal to the current working directory, as was also already the default behavior.
I'm still unsure if the .bib file still works in other directories like $TEXMF/bibtex/bib/my-bib.bib. Haven't tested that case yet.
Thank you for the feedback
You're more than welcome!
I'll have a look at it when I have time.
Thanks! For sharing purposes I chose to address it as an issue. If you'd like a PR instead in order to navigate the changes, I'd happily provide one. I didn't, because it may require some extra investigation on security level and may introduce API changes, which IMO have to be carefully evaluated. In short, I was afraid for it being merged to soon ;)
Also, if you'd like some assistance on the matter, I'd be happy to help out — Java is quite a natural language for me to read and write.
I'm sorry I've lost track of bib2gls for a bit. I think it may need different directory search paths for different types of files.
-
bibfiles may be in the current directory (or relative to it) or in TEXMF or the document may have created abibfile on-the-fly with, for example, thefilecontentsenvironment. -
auxandlogfiles, which are input files forbib2glsbut output files for TeX (andauxis also an input file for TeX) so the search path shouldn't include TEXMF but should include TEXMFOUTPUT. -
styfiles can also be an input file forbib2glsif--custom-packagesis used so the search path needs to be the current directory and TEXMF but not TEXMFOUTPUT.
I need to finish off datatool and datatooltk first. Then I'll have more time to investigate further.
needs to be the current directory and TEXMF but not TEXMFOUTPUT
TEXMF theoretically already contains the current working directory, thanks to TEXMFDOTDIR, given that it is left untouched.
So that makes it easy for the sty types, i.e. kpsewhich my-pkg.sty.
~~I also wonder, aren't there any bindings written for kpathsea to Java with JNI?~~ I've created a repository which demonstrates this. Please let me know if it would be beneficial for bib2gls.