Difference between revisions of "Score testing"

From Jon's Wiki
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[File:Score_PNG_output_in_dark_theme.png|thumb|Unreadable Score extension output in dark mode]]
 
[[File:Score_PNG_output_in_dark_theme.png|thumb|Unreadable Score extension output in dark mode]]
 
Hopefully I can get the Score extension working to produce SVG output on upstream task [https://phabricator.wikimedia.org/T49578 T49578]. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.
 
Hopefully I can get the Score extension working to produce SVG output on upstream task [https://phabricator.wikimedia.org/T49578 T49578]. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.
;Update December 2022: my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit server, which only supports up to LilyPond 2.22 (I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit?) So I'm testing the SVG Score output over on my [https://mw-master.test.jon.geek.nz test instance] (which is not guaranteed to be up at all times).
+
;Update December 2022: my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit Debian 10 (Buster), which has LilyPond 2.19 (32 bit builds not supported after 2.22). I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit(?) so I'm testing the SVG Score output over on my [https://mw-master.test.jon.geek.nz test instance] (which is not guaranteed to be up at all times).
  
 
== Examples ==
 
== Examples ==
Line 48: Line 48:
 
</score>
 
</score>
  
== CV-2020-17354 ==
+
== CVE-2020-17354 ==
  
See [https://phabricator.wikimedia.org/T259210 T259210]. Looks like either the syntax of the vuln PoC needs updating, and/or they've been fixed. Can't repro as currently stands, with LilyPond 2.19 (Buster), MediaWiki on REL1_39 and Score on master.
+
See [https://phabricator.wikimedia.org/T259210 T259210]. Looks like this has been fixed (assuming we're supposed to see the system id in the rendered music); can't reproduce as currently stands, with LilyPond 2.19 (Buster), MediaWiki on REL1_35 and Score on REL1_35.
  
1. With defined location: <score>
+
1. PoC from task: <score raw=1> \header { tagline = ##f }
 
{
 
{
 
   \relative { c' }
 
   \relative { c' }
Line 66: Line 66:
 
</score>
 
</score>
  
2. and without: <score>
+
2. Notehead stencil hack PoC, contributed in [https://phabricator.wikimedia.org/T259210#6368852 comment] from LilyPond developer Han-wen Nienhuys: <score raw=1> \header { tagline = ##f }
 
{
 
{
  \relative { c' }
 
}
 
 
#(begin
 
  (display "With output-def-scope\n")
 
  (eval '(system "id") (ly:output-def-scope #{ \midi {} #}))
 
  (display "With output-def-lookup\n")
 
  ((ly:output-def-lookup #{ \midi {} #} 'system) "id")
 
)
 
</score>
 
 
3. Variant in comment from Han-wen Nienhuys: <score>
 
{
 
 
 
   \override NoteHead.text = \system
 
   \override NoteHead.text = \system
 
   \override NoteHead.stencil =
 
   \override NoteHead.stencil =

Latest revision as of 02:36, 20 January 2023

Unreadable Score extension output in dark mode

Hopefully I can get the Score extension working to produce SVG output on upstream task T49578. The transparent PNG image normally produced needs white background styling otherwise it's unreadable in dark mode.

Update December 2022
my patch was merged! :) now we wait for it to be tested and deployed into Wikipedia. There are a few other issues, including some security and sandboxing concerns, e.g. CVE-2020-17354 (see below). Also, this wiki is running on a 32-bit Debian 10 (Buster), which has LilyPond 2.19 (32 bit builds not supported after 2.22). I'm not game enough to try and compile LilyPond myself, and I'm not even sure Scheme 2 runs in 32-bit(?) so I'm testing the SVG Score output over on my test instance (which is not guaranteed to be up at all times).

Examples

Range of the contrabass trombone, as used on Wikipedia:


  {
    \new Staff \with { \remove "Time_signature_engraver" }
    \clef bass \key c \major \cadenzaOn
    \ottava #-1 \tweak font-size #-2 fis,,,1 \finger \markup \text "poss."
    \ottava #0  c,,1 \glissando d'1
    \tweak font-size #-2 f'1
  }

The Spear motif from Das Rheingold:


  \layout { ragged-right = ##t \context { \Score \omit BarNumber } }
  \relative g {
    \override DynamicTextSpanner.style = #'none
    \override Hairpin.minimum-length = #5
    \clef bass \key c \major
    g2~ \ff g8 f8 e8. d16
    c4 b a g  f e d c  \break
    b a g f  e1~ \dim\!  << e1~ { s2 s4 s4 \> } >>  e4 \! \p r4 r2
  }

The Summit from Eine Alpensinfonie, which may or may not be a contrabass trombone excerpt, but probably ought to be:


\relative c, {
  \time 4/4
  \clef bass
  \key c \major

  r2 r4\ff g\tenuto
  c2.\tenuto c4\tenuto
  g'2.\tenuto g4\tenuto
  c1
  e2~ e4.. b16
  a1
  g1
  c8 r8 r4 r2
  \bar "|."
}

CVE-2020-17354

See T259210. Looks like this has been fixed (assuming we're supposed to see the system id in the rendered music); can't reproduce as currently stands, with LilyPond 2.19 (Buster), MediaWiki on REL1_35 and Score on REL1_35.

1. PoC from task:

 \header { tagline = ##f } 
{
  \relative { c' }
}

#(begin
  (define location 1)
  (display "With output-def-scope\n")
  (eval '(system "id") (ly:output-def-scope #{ \midi {} #}))
  (display "With output-def-lookup\n")
  ((ly:output-def-lookup #{ \midi {} #} 'system) "id")
)

2. Notehead stencil hack PoC, contributed in comment from LilyPond developer Han-wen Nienhuys:

 \header { tagline = ##f }
{
  \override NoteHead.text = \system
  \override NoteHead.stencil =
  #(lambda (grob)
    ((cdr (assoc 'text
	   (cadr (ly:grob-alist-chain grob '())))) "id")
    #f)
  c4

}