exchange

Base system with REST service to issue digital coins, run by the payment service provider
Log | Files | Refs | Submodules | README | LICENSE
commit 4dcbe7bfec4ccc6c2bb323144031f833a311e912
parent 8c915fd5e3f54c86ebb6249f627d43e1a855d5c4
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Fri,  6 Mar 2026 15:17:24 +0100

make typst work in test-mode (without sandbox) and in production with local packages (should fix #11076)

Diffstat:

Msrc/mhd/mhd_typst.c | 53++++++++++++++++++++++++++++++++++-------------------


1 file changed, 34 insertions(+), 19 deletions(-)

diff --git a/src/mhd/mhd_typst.c b/src/mhd/mhd_typst.c
@@ -554,6 +554,7 @@ setup_stage (struct TypstStage *stage,
              const struct TALER_MHD_TypstDocument *doc)
 {
   char *input;
+  bool is_dot_typ;
 
   if (NULL == doc->form_name)
   {
@@ -617,17 +618,17 @@ setup_stage (struct TypstStage *stage,
   {
     char *intyp;
     size_t slen = strlen (doc->form_name);
-    bool is_dot_typ = ( (slen > 4) &&
-                        (0 == memcmp (&doc->form_name[slen - 4],
-                                      ".typ",
-                                      4)) );
 
+    is_dot_typ = ( (slen > 4) &&
+                   (0 == memcmp (&doc->form_name[slen - 4],
+                                 ".typ",
+                                 4)) );
     /* We do not append the ":$VERSION" if a filename ending with ".typ"
        is given. Otherwise we append the version, or ":0.0.0" if no
        explicit version is given. */
     GNUNET_asprintf (&intyp,
                      "#import \"%s/%s%s%s\": form\n"
-                     "#form(json(\"%s/%u/input.json\"))\n",
+                     "#form(json(\"input.json\"))\n",
                      template_path,
                      doc->form_name,
                      is_dot_typ ? "" : ":",
@@ -635,9 +636,7 @@ setup_stage (struct TypstStage *stage,
                      ? ""
                      : ( (NULL == doc->form_version)
                          ? "0.0.0"
-                         : doc->form_version),
-                     tmpdir,
-                     i);
+                         : doc->form_version));
     GNUNET_asprintf (&input,
                      "%s/%u/input.typ",
                      tmpdir,
@@ -660,17 +659,33 @@ setup_stage (struct TypstStage *stage,
 
   /* now setup typst invocation */
   {
-    const char *argv[4];
-
-    argv[0] = "typst";
-    argv[1] = "compile";
-    /* This deliberately breaks the typst sandbox. Why? Because
-       they suck and do not support multiple roots, but we have
-       dynamic data in /tmp and resources outside of /tmp and
-       copying all the time is also bad. Typst should really
-       support multiple roots. */
-    argv[2] = input;
-    argv[3] = NULL;
+    const char *argv[6];
+
+    if (is_dot_typ)
+    {
+      /* This deliberately breaks the typst sandbox. Why? Because Typst sucks
+         and does not support multiple roots, but here we have dynamic data in
+         /tmp and a style file outside of /tmp (and copying is also not
+         practical as we don't know what all to copy). Typst should really
+         support multiple roots. Anyway, in production this path should not
+         happen, because there we use Typst packages. */
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "Bypassing Typst sandbox. You should use Typst packages instead of `%s'.\n",
+                  doc->form_name);
+      argv[0] = "typst";
+      argv[1] = "compile";
+      argv[2] = "--root";
+      argv[3] = "/";
+      argv[4] = input;
+      argv[5] = NULL;
+    }
+    else
+    {
+      argv[0] = "typst";
+      argv[1] = "compile";
+      argv[2] = input;
+      argv[3] = NULL;
+    }
     stage->proc = GNUNET_OS_start_process_vap (
       GNUNET_OS_INHERIT_STD_ERR,
       NULL,