Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/2019/texmf.d/15options.cnf
diff options
context:
space:
mode:
Diffstat (limited to '2019/texmf.d/15options.cnf')
-rw-r--r--2019/texmf.d/15options.cnf152
1 files changed, 152 insertions, 0 deletions
diff --git a/2019/texmf.d/15options.cnf b/2019/texmf.d/15options.cnf
new file mode 100644
index 0000000..0b5f42e
--- /dev/null
+++ b/2019/texmf.d/15options.cnf
@@ -0,0 +1,152 @@
+% Part 2: Options.
+
+% If this option is set to true, `tex a.b' will look first for a.b.tex
+% (within each path element), and then for a.b, i.e., we try standard
+% extensions first. If this is false, we first look for a.b and then
+% a.b.tex, i.e., we try the name as-is first.
+%
+% Both names are always tried; the difference is the order in which they
+% are tried. The setting applies to all searches, not just .tex.
+%
+% This setting only affects names being looked up which *already* have
+% an extension. A name without an extension (e.g., `tex story') will
+% always have an extension added first.
+%
+% The default is true, because we already avoid adding the standard
+% extension(s) in the usual cases. E.g., babel.sty will only look for
+% babel.sty, not babel.sty.tex, regardless of this setting.
+try_std_extension_first = t
+
+% Enable system commands via \write18{...}. When enabled fully (set to
+% t), obviously insecure. When enabled partially (set to p), only the
+% commands listed in shell_escape_commands are allowed. Although this
+% is not fully secure either, it is much better, and so useful that we
+% enable it for everything but bare tex.
+shell_escape = p
+
+% No spaces in this command list.
+%
+% The programs listed here are as safe as any we know: they either do
+% not write any output files, respect openout_any, or have hard-coded
+% restrictions similar to or higher than openout_any=p. They also have
+% no features to invoke arbitrary other programs, and no known
+% exploitable bugs. All to the best of our knowledge. They also have
+% practical use for being called from TeX.
+%
+shell_escape_commands = \
+bibtex,bibtex8,\
+extractbb,\
+gregorio,\
+kpsewhich,\
+makeindex,\
+repstopdf,\
+r-mpost, \
+texosquery-jre8,\
+
+% we'd like to allow:
+% dvips - but external commands can be executed, need at least -R1.
+% epspdf, ps2pdf, pstopdf - need to respect openout_any,
+% and gs -dSAFER must be used and check for shell injection with filenames.
+% pygmentize - but is the filter feature insecure?
+% ps4pdf - but it calls an unrestricted latex.
+% rpdfcrop - maybe ok, but let's get experience with repstopdf first.
+% texindy,xindy - but is the module feature insecure?
+% ulqda - but requires optional SHA1.pm, so why bother.
+% tex, latex, etc. - need to forbid --shell-escape, and inherit openout_any.
+
+% plain "tex" should remain unenhanced.
+shell_escape.tex = f
+shell_escape.initex = f
+
+% This is used by the Windows script wrapper for restricting searching
+% for the purportedly safe shell_escape_commands above to system
+% directories.
+TEXMF_RESTRICTED_SCRIPTS = \
+ {!!$TEXMFLOCAL,!!$TEXMFDIST}/scripts/{$progname,$engine,}//
+
+% Do we allow TeX \input or \openin (openin_any), or \openout
+% (openout_any) on filenames starting with `.' (e.g., .rhosts) or
+% outside the current tree (e.g., /etc/passwd)?
+% a (any) : any file can be opened.
+% r (restricted) : disallow opening dot files
+% p (paranoid) : as `r' and disallow going to parent directories, and
+% restrict absolute paths to be under $TEXMFOUTPUT.
+openin_any = a
+openout_any = p
+
+% Write .log/.dvi/.aux/etc. files here, if the current directory is unwritable.
+%TEXMFOUTPUT = /tmp
+
+% If a dynamic file creation fails, log the command to this file, in
+% either the current directory or TEXMFOUTPUT. Set to the
+% empty string or 0 to avoid logging.
+MISSFONT_LOG = missfont.log
+
+% Set to a colon-separated list of words specifying warnings to suppress.
+% To suppress everything, use TEX_HUSH = all; this is currently equivalent to
+% TEX_HUSH = checksum:lostchar:readable:special
+% To suppress nothing, use TEX_HUSH = none or do not set the variable at all.
+TEX_HUSH = none
+
+% Allow TeX and MF to parse the first line of an input file for
+% the %&format construct.
+parse_first_line = t
+
+% But don't parse the first line if invoked as "tex", since we want that
+% to remain Knuth-compatible. The src_specials and
+% file_line_error_style settings, as well as the options -enctex,
+% -mltex, -8bit, etc., also affect this, but they are all off by default.
+parse_first_line.tex = f
+parse_first_line.initex = f
+
+% Control file:line:error style messages.
+file_line_error_style = f
+
+% Enable the mktex... scripts by default? These must be set to 0 or 1.
+% Particular programs can and do override these settings, for example
+% dvips's -M option. Your first chance to specify whether the scripts
+% are invoked by default is at configure time.
+%
+% These values are ignored if the script names are changed; e.g., if you
+% set DVIPSMAKEPK to `foo', what counts is the value of the environment
+% variable/config value `FOO', not the `MKTEXPK' value.
+%
+%MKTEXTEX = 0
+%MKTEXPK = 0
+%MKTEXMF = 0
+%MKTEXTFM = 0
+%MKTEXFMT = 0
+%MKOCP = 0
+%MKOFM = 0
+
+% Used by makempx to run TeX. We use "etex" because MetaPost is
+% expecting DVI, and not "tex" because we want first line parsing.
+TEX = etex
+
+% Use Japanese eptex for Japanese pmpost.
+TEX.pmpost = eptex
+
+% These variables specify the external program called for the
+% interactive `e' option. %d is replaced by the line number and %s by
+% the current filename. The default is specified at compile-time, and
+% we let that stay in place since different platforms like different values.
+%TEXEDIT = vi +%d '%s' % default for Unix
+%TEXEDIT = texworks --position=+%d "%s" % default for Windows
+%MFEDIT = ${TEXEDIT}
+%MPEDIT = ${TEXEDIT}
+
+% The default `codepage and sort order' file for BibTeX8, when none is
+% given as command line option or environment variable.
+BIBTEX_CSFILE = 88591lat.csf
+
+% This variable is specific to Windows. It must be set to 0 or 1. The
+% default is 0. Setting it to 1 tells the Windows script wrappers to
+% use an already installed Perl interpreter if one is found on the
+% search path, in preference to the Perl shipped with TeX Live. Thus,
+% it may be useful if you both (a) installed a full Perl distribution
+% for general use, and (b) need to run Perl programs from TL that use
+% additional modules we don't provide. The TL Perl does provide all the
+% standard Perl modules.
+%
+%TEXLIVE_WINDOWS_TRY_EXTERNAL_PERL = 0
+