Hi all, just finished creating a fairly simple plugin here that allows you to load arbitrary kak files. It also supports loading machine/project specific configuration out of the box. This typically presents security issues, because loading files based on their location could allow someone to inject said files into your projects and execute arbitrary code on your machine. The plugin also leverages
gpg to sign and verify these configuration files, hopefully addressing those concerns. It’s a bit less convenient, but hopefully worth the extra peace of mind.
Let me know what you think and feel free to raise issues about concerns/potential improvements
What happens if the file you verify requires other files?
You know that’s a great question, in theory it should work but I can’t say I’ve tried it though
Can you override the
source command to recursively verify files?
Thank you so much, I didn’t realize there was a
source command haha. Overriding the existing command somehow is interesting, I’ll definitely look into it!
That got my imagination thinking as well. How about a data structure like
Map<K, List<V>> by parsing a
.properties, .xml, or
.json file. Perhaps a unix pipeline that makes use of commands to name a few;
grep, sed, tr. On the module keywords
provide-module, require-module to populate a data structure. Or break out into your favorite general purpose programming language to do the job.
Anyway, theirs my two cents. Bye