OCaml Weekly News

Dear everyone,

We are starting an effort to push security into OCaml. This is based on discussions in the OCaml Software Foundation with industry partners. The main goal is to have best practises similar to those of other programming language ecosystems.

Dear everyone,

we’ve accomplished several tasks:

• https://ocaml.org/security is now live
• The public mailing list for security advisories is sympa.inria.fr/sympa/info/ocsf-ocaml-security-announcements – please subscribe if you’d like to receive security announcements
• There’ll be a brief introduction at Fun OCaml and a talk at OCaml workshop (ICFP) )16:00 - 16:30
• We will have a public meeting for discussions on Oct 22nd 14:00 - 16:00 CEST (online, yet to be announced where)
• There’s already the OCaml security advisory database https://github.com/ocaml/security-advisories (still empty, we’ll fill it over the next weeks)

We will have a public meeting for discussions on Oct 22nd 14:00 - 16:00 CEST (online, yet to be announced where) – save the date if you’re interested

We settled on a platform, and will have the meeting at https://meet.bornhack.dk/OCamlSecurityPublicMeeting

An agenda will be posted before the meeting.

This is an annouce for ocaml-xmlerr.

ocaml-xmlerr version 0.08.2 is available.

This main module of this package is a small module to read xml with errors.

The main purpose was not to really read xml with errors, but to read html from the web.

At the beginning I wrote in the read-me file that I wrote it in one afternoon, but this is without considering that in fact it was the third time I was trying to make something like this.

One of the first attempt even probably took me almost a day. So we can not say that I succeed easily.

In the .zip archive of ocaml-xmlerr version 0.08.2, you will find the different modules re-organized with dirs.

And there are also two additional commands build on top of the first module.

htmlxtr is a simple extractor for HTML from a simple template. Please read the man page for more description about how to use it:

$ man ./htmlxtr.1

There is also htmluxtr - a simple extractor for .html using a simple un-template / re-template method. Please read the man page for more informations :

$ man ./htmluxtr.1

There is a new example of use provided in the 'using' directory.

There is a script to help you writing your pattern matching of xml fragments. The base module providing a list for tags and contents, the pattern matching is not done based on a tree-structure.

And there is now an additional module to convert this flat-list structure into a tree structure, inside the addon directory. The report module has not been widely tested yet.

This is not professional quality.

If I'm not mistaken "amateur" is both pejorative, in both french and in english languages, exept if it's associated with "astronomer".

http://decapode314.free.fr/ocaml/xmlerr/

PS: if you edit my posts, I would prefer you edit the links with normal links (like above), please.

PS-2 : I haven't been able to pattern-match all the opam packages with uxtr, the total doesn't match, I only find 38_000.

Terrateam (https://terrateam.io) is looking for an experienced OCaml engineer to join us on a 3-month contract.

About us Terrateam is an open-source tool for GitOps-based Terraform automation. We are a small, bootstrapped team building infrastructure automation software used by enterprises.

The role We are extending our OCaml codebase to support new functionality around Terraform state and plan execution. The work is primarily in OCaml, with a focus on systems programming, concurrency, and backend development. You’ll work directly with the founding team on scoped engineering projects and help push forward the internals of how Terraform can be used at scale.

Details

• Contract length: 3 months (with potential extension)
• Compensation: competitive, commensurate with experience
• Location: remote (EU timezone preferred)
• Start date: as soon as possible

Requirements

• Strong background in OCaml development
• Experience with systems programming or infrastructure tooling (Terraform or related) is a plus
• Ability to work independently in a fast-moving environment

If you are interested, please contact me directly at josh@terrateam.io.

Mk-man tries to provide a simple way to write a man page, http://decapode314.free.fr/ocaml2/mk_man/ and also with a similare module to produce the web page.

Gil-scm is not really an scm, (source management control), http://decapode314.free.fr/ocaml2/gil/ it takes its inspiration from an scm, but it should more be considerated as a "snapshot-management-script". It can output an .html interface of the following versions: example

The release "0.03.13" has been deleted, because chat-gpt informed me that the repository replicating some mondrian art hosted at github has been deleted. The rel-0.03.13 was also containing some pop-art replications, with random additions.

So these elements have been deleted, and are not there in "0.03.13b" anymore.

Sorry for the inconveniance.

PS: mini-svg

PS2: mini-svg is not professional quality.

PS3: To the extent permitted by law, you can use mini-svg with any spdx license.

Hello,

I am happy to announce the release of intPQueue, a package that offers (two variants of) an efficient priority queue, which is restricted to scenarios where the priorities are low integers. See the documentation.

opam update && opam install intPQueue

Happy queueing, François.

Hello,

It is my pleasure to announce the release of cmdliner 2.0.0.

Cmdliner is a library that allows the declarative definition of command line interfaces with outstanding support for command line interface user conventions and standards.

The main points of this release are:

• ANSI styled error and deprecation messages (details)
• Support for manpage installation (details)
• Support for shell auto-completion (details)

The latter was made possible by good initial ground work of @andreypopp who can now claim to have unblocked my mind and the very first and 11 years old Cmdliner issue. Many thanks to him!

This addition has the following consequences:

1. The problematic feature that allowed you to specify command names, option names and enumerant values by a prefix if the prefix was unambiguous has now been removed. See this issue for the rationale. Set CMDLINER_LEGACY_PREFIXES=true in your environment if you find yourself in need of a quick backward compatibility fix because one of your scripts is failing due to a prefix being used (but do eventually correct the script!).
2. It finally triggered making the type Arg.conv abstract as announced it would become in 2017. See this issue for details.

If you are a user of cmdliner based tools. You may want to have at a look how to configure your shell in order to benefit from their completion scripts, especially if said tools are installed via opam. After installing cmdliner you should be able to check that your configuration works correctly on the new cmdliner tool that now gets installed with cmdliner itself.

For other changes that may affect you or your users please head to the release notes which have many other details.

Other than that a full pass was made over the documentation to try to improve and bring it up-to-date with the latest style and additions. Notably the tutorial and examples were updated to make use of the binding operators; however obscure let punning may feel, these are less error prone as your number of cli arguments grow.

I also added a cookbook which tries to distill in shorter snippets some of cmdliner's features and the experience I gathered over the past 14 years of using cmdliner to define dozens of command line interfaces. It includes source code structure tips and a few bootstrapping blueprints to cut and paste for when you start your next command line tool.

For this release I'm very thankful to a private one-time donation[^1], a grant from the OCaml software foundation and, as always, my few but faithfull donors. All of which are essential for these releases to eventually get out. They do take quite a bit longer to devise that one would expect :–)

Home page: https://erratique.ch/software/cmdliner

API docs & manuals: https://erratique.ch/software/cmdliner/doc/ or odig doc cmdliner

Install: opam install cmdliner (once the PR is merged, may take a few days)

Best,

Daniel

[^1]: Which are as nice as recurring donations ;–)

To follow up on the completion feature. It should be stressed that I don't consider it to be fully "done" as it stands. I'm pretty sure the completion API, protocol, features and the generic completion scripts can be improved. The main problem is that it seems shell programmers are more interested in cajoling the look of their prompts than defining sane cross-shell standard protocols for tool/shell interaction. The current completion mecanisms are broken beyond imagination.

Issues about completion are tagged accordingly in the issue tracker. Do not hesitate to chime in if you have ideas or more knowledge than I do for improvements. I'm also happy to add support for more shells but it's better if you help for that because working with shells makes me want to throw my computer out of the window.

Meanwhile I'd like to show two completion feature that I'm quite happy to have support for in this release.

Detrow is a command-line calendar which displays the months of a calendar in colomns.

(So each days of months are aligned in rows)

(With Detris, months are displayed in a similar way than the cal unix command.)

You can download it with the following command:

wget http://decapode314.free.fr/ocaml2/detrow/dl/0.01b/detrow.ml

Then you can call it like this:

$ \ocaml detrow.ml

It will display the first half of the month, Januray until June.

If you want the second half of the year, Jully until December, you can call it again with:

$ \ocaml detrow.ml b

The first half, can also be called with the "a" parameter:

$ \ocaml detrow.ml a

If you call it like this:

$ \ocaml detrow.ml ann-file 2025 b

With the file called "ann-file" containing:

$ cat ann-file
2025-09-27: detrow-ann

You will see the string `"detrow-ann"` displayed in the calendar in front of the day `"2025-09-27"`. (The number of chars that can be displayed is lower than 8 (< 8).)

Hello,

I am pleased to announce the next major version of my library for reading RPM packages, powered by Angstrom.

# #require "rpmfile";;

# let pkg = 
    In_channel.with_open_bin 
      "hello-2.12.2-2.fc43.x86_64.rpm" 
      Rpmfile.Reader.of_channel
    |> Result.get_ok;;

# Rpmfile.View.name pkg;;
- : string = "hello"

# Rpmfile.View.vendor pkg;;
- : string = "Fedora Project"

# Rpmfile.View.version pkg;;
- : string = "2.12.2"

This release has broken the previous API and made it simpler and more compact.

Added capture of the payload of the RPM package body. But it is not effective enough.

# pkg.payload;;
- : string option = None

You can implement this functionality manually using Lwt and angstrom-lwt-unix or something else.

(* examples/extract_payload_by_lwt.ml *)

let default_tags_selector =
  Rpmfile.Reader.
    {
      predicate_signature_tag = Fun.const true;
      predicate_header_tag = Fun.const true;
    }

let pkg_parser =
  Rpmfile.Reader.make_package_parser ~capture_payload:false
    ~tags_selector:default_tags_selector

let () =
  let open Lwt.Syntax in
  Lwt_main.run
  @@
  let* ic = Lwt_io.open_file ~mode:Input "hello.rpm" in
  let* _pkg =
    let* b, r = Angstrom_lwt_unix.parse pkg_parser ic in
    let+ _ = Lwt_io.set_position ic (Int64.of_int b.off) in
    Result.get_ok r
  in
  let* payload = Lwt_io.read ic in

  (* ... *)

… :pie:

Given the current votes, I propose to pick

Friday October 10th UTC 11:00 – UTC 12:30

as the time slot for this test run of OCaml compiler office hours. Save the date!

I propose to try This online meeting room (this is a BigBlueButton instance hosted by the French government for public workers), and take notes on this collaborative pad.

I am planning to join audio-only to save bandwidth, but people are free to do as they prefer.

A reminder on the format, topic:

Format: a synchronous remote meeting (voice with optional video), backed by a collaborative pad to record questions, take notes, share links etc. People can join and leave at any time during the office hours.

Topic: anything related to the development of the OCaml compiler, that is, the github/ocaml/ocaml project. (All topics and questions are welcome, at all levels of knowledge and familiarity with the compiler.)

Here are links from many OCaml blogs aggregated at the ocaml.org blog.

• A second foray into agentic coding
• Model Validation & Time Utilities Sprint: From Basic Models to Proper Validation Layer
• Parsimoni Joins Techstars' Autumn 2025 Programme!
• Retrofitting a build system into a compiler
• Caching opam solutions - part 2
• Upcoming OCaml Events