First attempt at supporting encrypted debug_info #1942
Conversation
|
Oh and one more thing - Maybe it's good enough that we just advise users to use |
|
Ugh, sorry about being so noisy, I had one more thing to mention:
|
Yes, let's go down this route. In any case, we don't need to surface everything in the command line. The most complex options are expected to be set via config files.
Yes, let's do it in the retriever, because I am almost sure you can also encode .beam files after the fact too. |
It will be translated to :debug_info_fn
debug_info_key is only used at the beginning to create a debug_info_fn
|
That edoc test is flaky... maybe worth removing. When I was writing tests for edoc, I realized sometimes the docs would be available, but sometimes they wouldn't when tested without crypto_key_fun. The first run usually succeeds and then subsequent runs don't (maybe on the first run the docs are emitted and then encrypted?) |
|
Going to close for now, will re-open with something more orderly. |
|
Do you need to test it with edoc? Could you test by using Elixir own modules? Somehow by using beam_lib or something similar to manually encrypt the debug_info after the fact? Or maybe require Erlang/OTP 27 and test only with the new |
|
Now that I've taken some time to think about this - I'd like to support edoc if at all possible, so I want to have tests for it. I think calling erlc twice would get the intended result. Here's the heart of the issue - I'm concerned that some kind of leak is happening here. That is, something that people thought was being kept secret is not secret. I don't want to encourage people or give them a false sense of security if that's the case. This is, of course, unfounded - I don't know enough about edoc internals to really know for sure. If we do determine it is insecure, what do you think about supporting it, but warning users that they should migrate to EEP59 docs? I will look into also warning if there's a way to check if a module has edocs. Sorry to ping you @garazdawi, but do you have any thoughts on this? Is edoc leaking docs that are supposed to be encrypted here? I was asserting that compiling a module with edocs returns nothing when it is encrypted, but it actually does return docs. |
|
I think there is some confusion. The docs are not encrypted, the debug info (which stores the AST) is. It should really be ortogonal to Edoc and the |
|
🤦♂️ sorry, I get it now - the EEP59 docs being encrypted is incidental. |
Would close #1928
A few things need to be resolved before this can be changed from a draft:
:beam_lib.crypto_key_fun/1would make sense: theRetrievermodule or in the individual language modules. Based on a cursory glance of the Elixir compiler, it doesn't look like{:debug_info_key, ...}is supported as an option. This was the original intent behind calling:beam_lib.crypto_key_fun/1in the Erlang language module. However, either this option really is supported by the Elixir compiler or could be in the future. This is where it might make sense to put it in theRetrievermodule instead. This draft does it both ways for now.debug_info_key/debug_info_fnto the user. I've added these toExDoc.Config. But I'm unsure of the best course of action for CLI options. Supporting just the key in the options and then allowing the user to define a function in a customconfig.exsbreaks the existing order of things (i.e. being able to set the same config options with command line switches as with a config file) since something like--debug_info_fn "fn ..."isn't user friendly. Maybe onlydebug_info_keyshould be supported for now?debug_info_funas a synonym so that Erlang users don't have to worry about translatingfuntofn.(note to self: the test needs to test for the rest of the docs in the erlang module)