Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
-Original Message-
From: Mahmoud Mehyar via RT
In my case taint test always fail on all platforms I tried to install on,
ubuntu and freeBSD
I don't remember if that was the same with windows
I don't think I've ever seen a report of it having failed on Windows -
though I suppose it may be possible to set things up on Windows so that the
failure happens.
but I started to use force install every time I update or install Inline
as a habit :)
That's probably another reason we should turn off testing of t/08taint.t.
One day something more important than t/08taint.t might also fail and you
won't notice ... and Inline will still be installed anyway. (I guess if it's
something important you'll *eventually* discover the failure ;-)
I don't know of anyone that wants this taint handling fixed so that they can
actually make use of it. AFAICT people want it fixed only so that they can
avoid using force when installing Inline with any of the cpan tools.
So I think I *will* turn t/08taint.t testing off unless $ENV{INLINE_TT_ON}
is set ... and see what results/reactions that produces.
I should never have added t/08taint.t in the first place. I should have just
left the taint handling in its completely broken state. (No-one would ever
have known.)
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Mon Jun 09 11:01:15 2014: Request 96291 was acted upon.
Transaction: Correspondence added by sisyph...@optusnet.com.au
Queue: Inline
Subject: Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291
-Original Message-
From: Mahmoud Mehyar via RT
In my case taint test always fail on all platforms I tried to install on,
ubuntu and freeBSD
I don't remember if that was the same with windows
I don't think I've ever seen a report of it having failed on Windows -
though I suppose it may be possible to set things up on Windows so that the
failure happens.
but I started to use force install every time I update or install Inline
as a habit :)
That's probably another reason we should turn off testing of t/08taint.t.
One day something more important than t/08taint.t might also fail and you
won't notice ... and Inline will still be installed anyway. (I guess if it's
something important you'll *eventually* discover the failure ;-)
I don't know of anyone that wants this taint handling fixed so that they can
actually make use of it. AFAICT people want it fixed only so that they can
avoid using force when installing Inline with any of the cpan tools.
So I think I *will* turn t/08taint.t testing off unless $ENV{INLINE_TT_ON}
is set ... and see what results/reactions that produces.
I should never have added t/08taint.t in the first place. I should have just
left the taint handling in its completely broken state. (No-one would ever
have known.)
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
On 06/09/2014 12:00 AM, Michael Conrad via RT wrote: Mon Jun 09 01:00:03 2014: Request 96291 was acted upon. Transaction: Correspondence added by NERDVANA Queue: Inline Subject: t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: open Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291 On Mon Jun 09 00:02:51 2014, NERDVANA wrote: Oh, and the perls involved were 5.12.4 and 5.16.3, so it isn't specific to 5.20 I have further discovered that it only happens when I run cpan or cpanm as root. When I run make test manually as a normal user (with the files chown'd to that user) the test passes. This is then a serious user problem. Tests should never be run as root, way too dangerous. The cpan install steps for EUMM and MB have usually the necessary sudo prepended. I haven't checked if cpanm --sudo is broken as I never use it, but the docs day it's used only for install, which is good. In our case I suggest to set the empty tainted PATH to /bin:/usr/bin and make the tests TODO. On cygwin this happens e.g. if those paths are group writable of if you run the tests as root. Skipping is bad, since some user might want to use Inline C with tainted input, and will not see new problems then. -- Reini Working towards a true Modern Perl. Slim, functional, unbloated, compile-time optimizable
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
-Original Message-
From: Ed J via RT
If no-one else wants to, I'll do both the test-possible-skipping and a doc
update?
Ok - thanks for the offer.
See my response (posted just a few minutes ago) to Reini's post in this
thread.
I think, go with your original 4-point plan:
1. Check for existence of $ENV{PATH}
2. If not, set to '/bin:/usr/bin'
3. Test in $ENV{PATH} for 'make' and $Config{cc}
4. If found, continue; if not, skip (since there's nothing else reasonable
to do, and I prefer not to make people force install)
But steps 1 and 2 need to be taken inside Inline.pm (not inside
t/08taint.t).
And replace 'skip' with 'todo' in step 4.
I think there should be no need for any changes to the documentation as a
result of that ... but feel free to make any documentary changes that you
see fit.
If you can do that, I think it would be most helpful. (I'm a bit pressed for
time and also don't have machine that exhibits the problem, for
testing.)
It would probably be a candidate for a fast new release.
Yep - early next week I could make a devel release, followed by a new stable
release a week later, all being well.
(I can always find time to make another release.)
Thanks for pursuing and persisting ;-)
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Mon Jun 09 22:00:02 2014: Request 96291 was acted upon.
Transaction: Correspondence added by sisyph...@optusnet.com.au
Queue: Inline
Subject: Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291
-Original Message-
From: Ed J via RT
If no-one else wants to, I'll do both the test-possible-skipping and a doc
update?
Ok - thanks for the offer.
See my response (posted just a few minutes ago) to Reini's post in this
thread.
I think, go with your original 4-point plan:
1. Check for existence of $ENV{PATH}
2. If not, set to '/bin:/usr/bin'
3. Test in $ENV{PATH} for 'make' and $Config{cc}
4. If found, continue; if not, skip (since there's nothing else reasonable
to do, and I prefer not to make people force install)
But steps 1 and 2 need to be taken inside Inline.pm (not inside
t/08taint.t).
And replace 'skip' with 'todo' in step 4.
I think there should be no need for any changes to the documentation as a
result of that ... but feel free to make any documentary changes that you
see fit.
If you can do that, I think it would be most helpful. (I'm a bit pressed for
time and also don't have machine that exhibits the problem, for
testing.)
It would probably be a candidate for a fast new release.
Yep - early next week I could make a devel release, followed by a new stable
release a week later, all being well.
(I can always find time to make another release.)
Thanks for pursuing and persisting ;-)
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
-Original Message-
From: Ed . via RT
Per the discussion with mst on #perl (ex pumpkin holder), I propose (and
will do if you haven't already) that at the top of 08taint.t:
1. Check for existence of $ENV{PATH}
2. If not, set to '/bin:/usr/bin'
3. Test in $ENV{PATH} for 'make' and $Config{cc}
4. If found, continue; if not, skip (since there's nothing else reasonable
to do, and I prefer not to make people force install)
Yes, CPAN.pm and friends are quite deficient in the way they handle test
failures. I don't like them and avoid them (except for very long dependency
chains) for that and other reasons.
IMO, if there's a test failure, they should prompt you as to whether the
module should be installed - not just make you re-run the process with
force.
Perhaps there's already an option for them to do that. If there's not such
an option, then maybe you should complain to the developers of those
modules.
Do you approve of this strategy?
Not sure about step 2.
If the test succeeds only because 08taint.t sets $PATH to '/bin:/usr/bin',
then it has passed because we've rigged the test. We have deceived the user
into thinking that taint enabling in Inline works straight out of the box -
which is not the case (as he must first set $PATH appropriately).
Can we do just steps 3 and 4 ? If we can detect that the 08taint.t test is
bound to fail because 'make' and/or $Config{cc} are not going to be found,
then I'll accept that we skip the test.
If you've got a patch that performs that detection and then skips the tests,
send it out and I'll apply it.
In those cases where 08taint.t is then skipped, we need to bellow out that
INLINE WILL NOT RUN UNDER -T ON THIS SYSTEM ... and we probably also need
to alter the documentation.
But I can take care of those aspects.
It's not really the right thing to do.
I mean, the idea is that if 08taint.t fails then the user should make the
call on whether the module gets installed. With your proposed changes, the
decision to install has already been made for him and he doesn't even
know that his Inline is not capable of running under -T (unless he was
paying close attention to the build output).
But I'm ready to go with that approach anyway :-)
Alternatively, if you like, I'm now prepared to turn off the 08taint.t by
default, and have it run only if $ENV{INLINE_TT_ON} is set.
That's not the right thing to do either, but I simply don't want to continue
having to devote attention to a feature of Inline that no-one uses, and that
should never have been created in the first place.
It has been ongoing for way too long.
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Sun Jun 08 05:09:33 2014: Request 96291 was acted upon.
Transaction: Correspondence added by sisyph...@optusnet.com.au
Queue: Inline
Subject: Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291
-Original Message-
From: Ed . via RT
Per the discussion with mst on #perl (ex pumpkin holder), I propose (and
will do if you haven't already) that at the top of 08taint.t:
1. Check for existence of $ENV{PATH}
2. If not, set to '/bin:/usr/bin'
3. Test in $ENV{PATH} for 'make' and $Config{cc}
4. If found, continue; if not, skip (since there's nothing else reasonable
to do, and I prefer not to make people force install)
Yes, CPAN.pm and friends are quite deficient in the way they handle test
failures. I don't like them and avoid them (except for very long dependency
chains) for that and other reasons.
IMO, if there's a test failure, they should prompt you as to whether the
module should be installed - not just make you re-run the process with
force.
Perhaps there's already an option for them to do that. If there's not such
an option, then maybe you should complain to the developers of those
modules.
Do you approve of this strategy?
Not sure about step 2.
If the test succeeds only because 08taint.t sets $PATH to '/bin:/usr/bin',
then it has passed because we've rigged the test. We have deceived the user
into thinking that taint enabling in Inline works straight out of the box -
which is not the case (as he must first set $PATH appropriately).
Can we do just steps 3 and 4 ? If we can detect that the 08taint.t test is
bound to fail because 'make' and/or $Config{cc} are not going to be found,
then I'll accept that we skip the test.
If you've got a patch that performs that detection and then skips the tests,
send it out and I'll apply it.
In those cases where 08taint.t is then skipped, we need to bellow out that
INLINE WILL NOT RUN UNDER -T ON THIS SYSTEM ... and we probably also need
to alter the documentation.
But I can take care of those aspects.
It's not really the right thing to do.
I mean, the idea is that if 08taint.t fails then the user should make the
call on whether the module gets installed. With your proposed changes, the
decision to install has already been made for him and he doesn't even
know that his Inline is not capable of running under -T (unless he was
paying close attention to the build output).
But I'm ready to go with that approach anyway :-)
Alternatively, if you like, I'm now prepared to turn off the 08taint.t by
default, and have it run only if $ENV{INLINE_TT_ON} is set.
That's not the right thing to do either, but I simply don't want to continue
having to devote attention to a feature of Inline that no-one uses, and that
should never have been created in the first place.
It has been ongoing for way too long.
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Mon Jun 09 00:15:21 2014: Request 96291 was acted upon.
Transaction: Correspondence added by mamod.meh...@gmail.com
Queue: Inline
Subject: Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291
In my case taint test always fail on all platforms I tried to install on,
ubuntu and freeBSD I don't remember if that was the same with windows but I
started to use force install every time I update or install Inline as a
habit :)
On Mon, Jun 9, 2014 at 6:59 AM, Michael Conrad via RT
bug-inl...@rt.cpan.org wrote:
Sun Jun 08 23:59:42 2014: Request 96291 was acted upon.
Transaction: Correspondence added by NERDVANA
Queue: Inline
Subject: t/08taint.t fails on perl 5.20.0
Broken in: 0.55
Severity: (no value)
Owner: Nobody
Requestors: e...@cpan.org
Status: open
Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291
On Fri Jun 06 20:50:00 2014, ETJ wrote:
It says (on my system): sh: make: command not found.
A little instrumentation in the make method indicated its $ENV{PATH}
was empty, which sort of makes sense as a secure thing to do, but
doesn't seem to offer any obvious place for a workaround.
I'd like to report that I'm having this same problem on EVERY gentoo
system I've tried, each of varying architecture and updated-ness. It
worked fine on Linux Mint 15 and 16.
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
-Original Message-
From: Ed J via RT
Confirmation from #perl on irc.perl.org - it's a deliberate change in perl
5.20.0. A quick fix would be either to explicitly set $ENV{PATH} to
'/bin:/usr/bin', or skip the test for 5.20.0.
Really ? I thought it was purely dependent upon system configuration, and
completely independent of perl version.
On my Windows 7, Ubuntu 12.04, and Debian Wheezy systems the 08taint.t tests
pass (for perl-5.20.0 as well as earlier versions of perl).
I hoped there would be a sensible value available in %Config, but there
isn't.
I would happily dismantle Inline's attempted taint handling if:
a) Ingy gives his blessing for that to happen;
b) there's a consensus that this is the right thing to do.
So far neither has happened.
In the meantime, patches are welcome.
I guess there are other things we could do - eg skip the 08taint.t test
script if (eg) $ENV{INLINE_NTT} was set. (NTT being a mnemonic for No
Taint Testing).
I've no objection to doing that. In fact, I think I might do just that - it
comes at no cost to those who don't want to make use of the option.
However, I don't think I would like to force those tests to be skipped for
5.20. Someone might not notice that - and then get really annoyed because
the test suite didn't disclose to them that taint did not work.
Cheers,
Rob
Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0
Fri Jun 06 21:41:09 2014: Request 96291 was acted upon. Transaction: Correspondence added by sisyph...@optusnet.com.au Queue: Inline Subject: Re: [rt.cpan.org #96291] t/08taint.t fails on perl 5.20.0 Broken in: 0.55 Severity: (no value) Owner: Nobody Requestors: e...@cpan.org Status: new Ticket URL: https://rt.cpan.org/Ticket/Display.html?id=96291 -Original Message- From: Ed J via RT It says (on my system): sh: make: command not found. Yes, this happens on some systems. The problem has not yet been fixed - see https://rt.cpan.org/Ticket/Display.html?id=65703 for a fuller discussion. I think there are some workarounds mentioned in there if you're actually wanting to run Inline taint-activated. If you're not wanting to run Inline with taint turned on, just force install the module. Note that this failure simply signifies that you can't run Inline under taint. It doesn't impact on any other aspects of the module. Cheers, Rob
