My Students Don't have Permission to run "cmd" thus can't compile their code in Arduino IDE 1.8.x on school PC's

[hogfanboy]

My school locks the students out of a lot of permissions on the school's PCs. That includes running "cmd"

The students "can" compile programs for the ESP8266 using the board definitions from ESP8266 community's. (ESP32 fails just like the MegaTinyCore with permissions)

When compiling with the MegaTinyCore they get an error that there permission group doesn't allow them to run cmd.

So I was wondering if you could take a look on how it works with the ESP8266 boards and apply that to the MegaTinyCore

Thanks

[SpenceKonde]

I don't need to look at their core to see where the issue comes from, it's from the hacky way that we get the memory map and assembly listing, because for some reason, doing it the obvious way didn't work (this is years ago). If you can make platform.txt work without invoking cmd without losing the assembly listing and memory map generation on exporting compiled binary, I'd love to know how!

The lines are

## Create disassembler listing
recipe.hooks.objcopy.postobjcopy.1.pattern.windows=cmd /C echo. && "{compiler.path}{compiler.objdump.cmd}" {compiler.objdump.flags} "{build.path}/{build.project_name}.elf" > "{build.path}/{build.project_name}.lst"

## Create memory map
recipe.hooks.objcopy.postobjcopy.2.pattern.windows=cmd /C echo. && "{compiler.path}{compiler.nm.cmd}" {compiler.nm.flags}  "{build.path}/{build.project_name}.elf" > "{build.path}/{build.project_name}.map"

## Save assembly listing
recipe.hooks.savehex.presavehex.1.pattern.windows=cmd /C echo. && copy "{build.path}\{build.project_name}.lst" "{sketch_path}\{build.extraassetname}.lst"

## Save memory map
recipe.hooks.savehex.presavehex.2.pattern.windows=cmd /C echo. && copy "{build.path}\{build.project_name}.map" "{sketch_path}\{build.extraassetname}.map"

Note that while the two presave ones on linux don't require invoking bash, the preobjcopy ones do. No, I don't remember why the naive approach didn't work.

And, no, I would not remove that feature entirely from the codebase over this; this is the feature I miss most when using other cores. I think removing those 4 lines from platform.txt would make it work though...

[hogfanboy]

Thanks for the quick reply. I'm a high school teacher, and don't have a grasp on writing cores. But I hope you can appreciate there is a market for using the ATtinys in educational settings, and schools often limit permissions of students on schools PCs

[SpenceKonde]

Sure the change is trivial, but it's not something that can be easily pushed into a userconfigurable option (it needs one different file, and you can't make the thing depend on an option, because you don't get to perform logic anywhere in those files, only select 1 of X. So that is mutually exclusive with the functionality it provides, we can't have one core that lets you choose.

More people want the listings and maps, which we cannot coerce the IDE to create without invoking CMD (I normally do most "testing" without executing the code but just by examining the asm, since I generally know what it was doing and what I want it to look like now.), so we're not going to sacrifice them for compatibility with a seriously dubious security practice

(I classify the practice of blocking cmd as "We don't know a thing about cybersecurity, but that's okay because neither do our students"). I'm frankly surprised you don't run into more problems with it, as it is just so common to call out to cmd to process an os command, and since there are a lot of other ways to pass commands, and it's kinda hard to get them all - and with properly implemented security policies, you don't care what they do with command, or anything else, because without a privilege escalation exploit, they don't have permission to break anything. But that's not something that's likely on a highschool network, where triaging sabotaged and intentionally damaged computers is likely one of the major duties of the tech person (or fraction thereof - most places had a tech guy only 1-4 days a week), and the main issue is not the usual cyber threats, but vandalism by students (It sure was when I did my senior year community service (they ran out of meaningful classes by senior year, and all the administrators were overworked, so they called being pressed into service as some adminis

Anyway, so to help you with this, that would mean:
A second copy of each core is created ("nocmd").
As a second step after creating the first tar file during build_.sh (from release-scripts) to run an additional sed pass over the platform.txt and snip off all the hooks on windows, and then create the nocmd tar.
Then perform all the normal steps on the normal tar and on the nocmd tar, including adding the entry to the json file.
Host both files.

Is this something I could do? Yes. It's not even notably hard. But it's also a commitment to maintaining second line of the cores to handle what I believe to be a tiny portion of the userbase. So uh - like It's something I'd be happy to do if you paid me, but in the absence of payment, I'm not going to split off a nocmd version of the cores unless there's a much broader demand for it.