Easy to fix, thanks. And yes, having a way of testing on Windows would be extremely useful. I might try a VM, but I'd rather have a way that can be used for automated testing. I just took a look at getting it working with Wine again, and while the last time I tried I had issues getting git to work, it's working now. Unfortunately while running git manually works, importing GitPython causes an error when running the git command, I don't really know why.walkingwounded wrote: ↑02 Dec 2019, 11:40 -If I comment out lines for missing features in C:\Program Files\Python37\Lib\site-packages\portmod\safemodules\os\__init__.py
I understand your access to windows platforms may be limited, but if you are proficient with virtualization you could fire up a windows 10 trial VM and use it for testing until it expires, then rinse and repeat. I think you can slmgr.exe to extend the time (google it).
I also just saw that AppVeyor does Windows CI, so maybe I'll try setting that up at some point.
This is an issue with the RestrictedPython sandbox environment. I forgot that the morrowind build file was accessing the registry, so at the moment the winreg module is being blocked. Probably the best fix (I'll try to throw something together, though I don't have a lot of time at the moment) is to move the read_reg function defined in the morrowind pybuild into portmod and add it to the sandbox whitelist. There really isn't a need for arbitrary registry access anyway.walkingwounded wrote: ↑02 Dec 2019, 13:03 -after masking out unsupported platform features in __init.py__ (C:\Program Files\Python36\Lib\site-packages\portmod\safemodules\os\__init__.py)
>omwmerge --update --deep --newuse @world
WARNING: Unable to load restricted module winreg
WARNING: Could not load pybuild "morrowind-1.6.1820-r1"
ERROR: Unable to find mod for atom base/morrowind
No suggestions were provided basically because I didn't know of any good tool at the time that I would want to endorse (basically, as you say, "open source all the things"). Fortunately, that appears to be changing. Sandboxie has been made freeware and the makers have announced plans to release the source code. When I get the chance, I'll take a look at it and try to figure out how to get it to work, but it should be able to be integrated like bubblewrap and sandbox-exec are on Linux/OSX so that all you need to do is install it.walkingwounded wrote: ↑02 Dec 2019, 13:03 -the wiki says to find a command line sandbox tool, but no suggestions (I get it, open source all the things), even a single "this is an example, but up to you if you trust them or not" might help. Windows users consider closed source to be 'normal', and are not allergic to it. Probably not be related to the issue.
You basically can already. I think that if you leave "SANDBOX_COMMAND" empty it should just execute the commands without a binary sandbox. The python side of the sandbox on the other hand should work, it's just that apparently I made a number of mistakes when setting up the sandbox.walkingwounded wrote: ↑02 Dec 2019, 13:03 -consider bypassing the security/sandbox stuff for windows with big old "at your own risk, are you really sure you trust it?" warnings. I get and TRULY appreciate the reason, but square pegs do not fit round holes (unless you use a bigger hammer)
This is actually already being done on the python side of things, or at least the path whitelisting (there's no log). The separate sandbox tool is necessary so that we can execute non-python programs as part of the build process. A good example where executing arbitrary code like this is useful is project atlas (which I haven't actually finished adding to the repo) which comes with scripts that can be used to generate atlases (or at least it comes with windows scripts, but there are bash scripts available elsewhere). I've got a WIP project atlas pybuild that will automatically generate atlases using textures from the mods you have installed.walkingwounded wrote: ↑02 Dec 2019, 13:03 -perhaps a windows 'read/write path whitelist' file and validate reads and writes against it (placed in the "my games\openmw" user folder in case users have edge cases)? might be slow, but for one-time hits not terrible, things will only need to be written to a few places (\download, staging/temp and \mods folders, "<docs path>\my games\openmw", maybe a few more). Alert the user for anything 'unexpected' (or anything outside of the %userprofile% path).
-perhaps if reading and writing can be monitored just dump reads/writes to an audit log that is launched at the end? won't prevent what happened but if you can see it you can report it
Thanks for the feedback and debugging work!