+ The restrictions on arbitrary IO when GF is running in restricted mode is now
enforced in the types.
+ This hopefully also solves an intermittent problem when accessing the GF
shell through the web API provided by gf -server. This was visible in the
Simple Translation Tool and probably caused by some low-level bug in the
GHC IO libraries.
This speeds up the compilation of PhrasebookFin.pgf by 12%, mosly by speeding
up calls to lookupModule in calls from lookupParamValues, in calls
from allParamValues.
The invariant "modules are stored in dependency order" is no longer respected!
But the type MGrammar is now abstract, making it easier to maintain this or
other invariants in the future.
This quick fix should make Ctrl-C in the GF shell behave more like it does in
other shells: even if no command is running, Ctrl-C now just gives you a new
prompt instead of terminating the shell.
The command "gf -server" now starts a simple HTTP server on port 41295,
providing a simple web API to the GF compiler. It currently support the
follwing operations:
* creating new temporary directories for grammar uploads,
* uploading grammars files for use in the GF shell,
* executing GF shell commands, and
* accessing static files.
This means that GF now depends on some additional networking related packages,
but they should be available and easy to install on all platforms. There is
also a new configuration flag "server" in gf.cabal, so GF will be compiled
without support for server mode if the extra packages are unavailable.
Note that running gf -server while connected to the internet can be a security
risk. To prevent unauthorized access to the rest of the system, it is
advisable to run the server in GF_RESTRICTED mode and as a user with suitably
restricted file permissions.
By setting the environment variable GF_RESTRICTED before starting GF, the shell
will be run in restricted mode. This will prevent the GF shell from starting
arbitrary system commands (most uses of System.Cmd.system are blocked) and
writing arbitrary files (most commands that use writeFile et al are blocked).
Restricted mode is intended minimize the potential security risks involved
in allowing public access to the GF shell over the internet. It should be used
in conjuction with system level protection mechanisms (e.g. file permissions)
to make sure that a publicly acessible GF shell does not give access to parts
of the system that should not be publicly accessible.
