[OS X TeX] A couple of things about TeX Live 2012

Herbert Schulz herbs at wideopenwest.com
Tue Jun 5 08:06:16 EDT 2012


There are a couple of things that have to do with TeX Live 2012 (installed by MacTeX-2012), which is coming out soon, that may make you change the way you do some things.

FIRST: shell-escape vs restricted-shell-escape

Those of you who have only used TeXShop 2.46 or 3.10 (for Lion only) may have noticed that the the default engines no longer support the --shell-escape flag out of the box. [Previous users won't notice out of the box because TeXShop will not change (possibly customized) preferences so the old behavior will be retained; we recommend removing that flag.

Although I know of no problems which have occurred, the --shell-escape flag represents a security risk because it allows the TeX engines to execute any passed command lines; e.g., someone could delete all the files in your HOME folder. Therefore, we recommend that previous users also remove that flag.

Unfortunately, not having -shell-escape means that packages that require external processing won't, in general, work any more; e.g., converting tiff->png for graphic inclusion or using the tikz-fct fail because the former is usually set to use the convert program (from Imagemagik - supplied by the MacTeX installer) or Apple's sips program to convert tiff to png while the tikz-fct package runs gnuplot to create the required graphs. 

Before TeX Live 2012 the only reasonable way to enable those conversions, etc., to run was to activate --shell-escape. 

Starting in 2010 there were three modes that TeX Live distributions could use when constructed: ``paranoid'' where nothing was allowed to run unless you specifically enabled --shell-escape ---many multi-user systems are set up this by by the sysadmin; ``any'' which essentially always turned on --shell-escape; and finally ``restricted-shell-escape'' which is the default mode and has been used by MacTeX since its inception. The restricted-shell-escape mode allows a small list of approved programs (e.g., a restricted version of epstopdf so that eps to pdf conversion can happen on the fly for graphics inclusion with pdflatex without using the --shell-escape flag). In general it was not easy to extend this restricted program list.

However, in TeX Live 2012 there is now a way to easily extend this list (actually you override the default list so you must include the original approved programs). While this does open the system up for misuse it certainly is safer than the wide-open window supported by --shell-escape. There is an Eps-Tiff-Conversion2012.pdf file included with MacTeX-2012 (see the /Applications/TeX folder) that describes how to do this.

I believe it is this change that has changed the recommended way to run engines in TeXShop although I know Dick Koch has been asked to change that behavior for a while.

SECOND: Personal fonts must be installed in the texmf-local tree for updmap-sys to ``see'' the map files.

The `sudo' command in OS X, as well as several other systems, allows you to `act' like the root (i.e., super-user) but it DOESN'T change to the root's HOME directory. Previously updmap-sys would therefore still ``see'' your personal texmf tree (at ~/Library/texmf when using a MacTeX installed TeX Live). Unfortunately this also opens up a possible security bug. With TeX Live 2012 updmap-sys now will always use root's HOME when run under `sudo' so those map files will no longer be found. 

So, why not just use `updmap' rather than `updmap-sys'? The problem is that when you update your TeX distribution using TeX Live Utility (or tlmgr directly) `updmap-sys' is run so your personal map file will not be updated. You would need to run `updmap' every time an update uses `updmap-sys.'

The simplest solution is to install fonts in the texmf-local tree rather than your personal tree. Then make sure you run

sudo mktexlsr

in Terminal. You can create a special updmap-local.cfg file that tells `updmap-sys' to include the new map files as well as a simple shell script that you run ONCE, just after installing a new MacTeX. The updmap-local.cfg file basically contains lines that are similar to those you might use when running updmap-sys. I've included a sample with this note (a line that starts with # is a comment, to disable a map you put a ! in front of the map name --- see the sample). The updmap-sys.cfg file is placed in /usr/local/texlive/texmf-local/web2c where it will be found by tlmgr when needed.

The first time you set all this up, or right after installing a new version of TeX Live via the MacTeX installer, you need to run the command

sudo tlmgr generate updmap --rebuild-sys

(and give your admin password) so that the TeX distribution rebuilds the complete map file. This is typically done once with a newly installed distribution. I know I'd never remember this so I simply have a one (well, two) line shell script that I make executable and place in /usr/local/texlive/texmf-local/scripts. I've included my script.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: setupmapfiles.sh
Type: application/octet-stream
Size: 53 bytes
Desc: not available
URL: <http://email.esm.psu.edu/pipermail/macosx-tex/attachments/20120605/019598cc/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: updmap-local.cfg
Type: application/octet-stream
Size: 199 bytes
Desc: not available
URL: <http://email.esm.psu.edu/pipermail/macosx-tex/attachments/20120605/019598cc/attachment-0001.obj>
-------------- next part --------------

Good Luck,

Herb Schulz
(herbs at wideopenwest dot com)

More information about the MacOSX-TeX mailing list