8313357: Revisit requiring SA tests on OSX to either run as root or use sudo #15238
Conversation
|
👋 Welcome back cjplummer! A progress list of the required criteria for merging this PR into |
openjdk
bot
changed the title
|
@plummercj The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
| System.out.print("DevToolsSecurity stdout: " + out); | ||
| if (out.equals("")) System.out.println(); |
There was a problem hiding this comment.
This looks odd - why not just an unconditional println?
There was a problem hiding this comment.
If it is not "", then out will include a newline at the end of the last line, which means you'd end up with an empty line in the output. I considered the following:
if (!out.equals("")) {
System.out.print("DevToolsSecurity stdout: " + out);
}
But it prints nothing in the output if it is "", and I that's not what I was looking for.
| */ | ||
| private static boolean developerModeEnabled() { | ||
| List<String> cmd = new ArrayList<String>(); | ||
| cmd.add("DevToolsSecurity"); |
There was a problem hiding this comment.
Is this tool likely to be in the path?
There was a problem hiding this comment.
It is for my work machine, my home machine, and the CI machines. If not installed then an exception is thrown. It probably requires that xcode be installed, but this is already a requirement to run the tests.
Every SA test uses it except I think one test that doesn't need any special privileges to run. That's about 65 tests. This PR actually reduces the number of processes needed IF developer mode is enabled. Previously launching an SA tool required 3 processes: one to first check if passwordless sudo works, one to launch the SA tool with sudo, and one for the SA tool itself. So now there are 4 IF developer mode is not enabled (added a developer mode check), but there are only two if developer mode is enabled (developer mode check and SA tool launch). BTW, one thing I didn't really call out in the description is that this allows the SA tests to be run when passwordless sudo is not enabled but developer mode is. Previously they would have just all thrown SkippedException. I'm not sure about your caching question. I would assume you are asking how many times it executed per test, which is only once. I can't see caching between test runs because the setting can be changed by the user. |
Okay. That is still unfortunate as I would expect this to be a dynamic property that changes very rarely.
I would not be worried about trying to deal with a user that changes the setting in that way. Test environments are expected to kept in a stable condition. |
So do we expect developer mode to be enabled in our CI testing? |
We don't expect it to be, but it is on a few machines. |
I think it is best to test for developer mode on each test run. The user might change it after a test run after seeing SkippedException, especially if they are aware that developer mode will address it. They may normally run with it disabled, but want it enabled when running SA tests. |
|
@plummercj This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 63 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
Ping! I could use one more review please. Thanks |
|
Thank you Alex and David! /integrate |
|
Going to push as commit 62ca001.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@plummercj Pushed as commit 62ca001. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
On OSX, don't require that sudo be used to launch SA tools if developer mode is enabled. More details are in the CR.
Due to this change, the following tests are no longer being skipped if the host has developer mode is enabled. They previously required running as root because if sudo was used some files were created with root ownership and could not be deleted:
serviceability/sa/ClhsdbDumpclass.java
serviceability/sa/TestClassDump.java
I tested on my home system (M1) with developer mode enabled and also disabled. Also tested with CI, which appears to have developer mode disabled on most hosts, but there are a few where it is enabled.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/15238/head:pull/15238$ git checkout pull/15238Update a local copy of the PR:
$ git checkout pull/15238$ git pull https://git.openjdk.org/jdk.git pull/15238/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 15238View PR using the GUI difftool:
$ git pr show -t 15238Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/15238.diff
Webrev
Link to Webrev Comment