Revert -out option checks #6033
Conversation
Test writing to the null device. This should be successful. Test writing to a writable file in a write protected directory. This should be successful. Also, refactor so the planned number of tests is calculated. [extended tests]
levitte
force-pushed
the
revert-out-option-checks
branch
from
dbc0ad6
to
90cca54
Compare
|
@petrovr, I know this has been a pet peeve. Your comments would be appreciated. |
richsalz
added
the
approval: done
|
There appveyor failure seems relevant: |
|
also the travis mingw test is failing in a similar way: |
levitte
force-pushed
the
revert-out-option-checks
branch
from
90cca54
to
a9826e2
Compare
|
@bernd-edlinger, I've added a fixup that should help. |
levitte
force-pushed
the
revert-out-option-checks
branch
from
a9826e2
to
e0aedb2
Compare
|
Hmmm, is it just me, or does MSVC's |
Hmmm... It apparently varies with CRT version... I don't know that it changed, but latest CRT apparently returns EINVAL upon attempt to _access("NUL"). On the other hand default CRT, c:\windows\system32\msvcrt.dll, one mingw links with, acknowledges NUL's existence and recognizes it as writable... I suppose MSC's _access is not to be trusted... |
|
So basically, we (and any application, really) have to handle the magic file "nul" ourselves. That's kinda crappy... But ok, I can add that. Do we have to be equally attentive with the rest of the "POSIX API" (thinking of |
|
Why do we have to ask first if we can open NUL? |
|
Because the check of |
|
and "con", "com1", etc...? |
|
Good question, and I would rather not have to, so alternate solutions are welcome. |
|
Me neither.... |
|
Ready for another surprise? If I may. First step is done, user is claimed to be ultimately responsible for actions. Just make the next step, omit the test. It's user responsibility even to pick the suitable file name for the environment, it's really between user and underlying OS. To be completely honest, I'd even go as far as arguing for omitting whole recipe. What is it that is tested really? OS ability to tell apart files from directories? Ability to note non-existing directory? Are these actually our problems? Ability to chmod 0555 to make directory non-writable? Well, even on Linux it's actually file-system-specific. For example, you can chmod 0555 a directory on vfat as much as you like, it won't make any difference... You can argue that nobody would run test on vfat file system, but then nobody would use /dev/null as output for key generation either.... |
Same can be said about Windows, either FAT or NTFS. chmod 0555 adds read-only attribute to directory, but it has no effect on your ability to create files in the directory. |
|
I wouldn't remove the test yet, I wanna see that our code can handle what the user throws at us correctly (i.e in a manner that a user should be able to expect, such as "nul" on the command prompt being correctly interpreted as the null device and not generating a silly error). |
Then for negative testing I'd say one directory is sufficient, ".", and test for file in non-existing directory. I'd also say that there is no need to test for time (it's unreliable anyway), just check for exit code would do.
Do [Windows] users actually have such specific expectations? Besides, you really can't do better than underlying system and systems do perform differently. So that there is no such thing as universal expectations, they have to be adjusted to specifics.
_open can open "nul". Because it actually translates to native system call. But what "POSIX API"? Does POSIX specify "_access" or "_open"? No. It's "access" and "open". What Microsoft provides is a porting aid, not actual POSIX API. It has limitations, and user should be aware of them. Once again, you can't do better than underlying system. |
Exactly, that's why I wrote POSIX API within quotes, because it isn't really.
I don't understand the question... in Unix and on VMS, there is a null device, and users on those platforms expect whatever they send that way to disappear. Are you telling me Windows users don't want to do something like that as well? |
Reduce the amount of testing. We only need to check that one attempt to write to a directory fails, and we can skip checking writability to "protected" directories. Finally, we skip trying to check by timing, and we can further reduce the testing code to make it look less complex.
levitte
force-pushed
the
revert-out-option-checks
branch
from
b9a4482
to
d6821b1
Compare
test/recipes/15-test_out_option.t
Outdated
|
|
||
| foreach (@failure_paths) { | ||
| my $path = File::Spec->canonpath($_); | ||
| ok(!run(app([ 'openssl', 'genrsa', '-out', $path, '2048'])), |
There was a problem hiding this comment.
Does it have be such expensive operation? Of course it's hardly noticeable on your desktop, but do you have to make Raspberry Pi user suffer [more than necessary]? rand -out $path would do... Or why not convert something from pem to der?
There was a problem hiding this comment.
Well, I suppose it applies more to success tests. That is if we assume that failure test would fail early....
There was a problem hiding this comment.
The reason for it is that this was already in the recipe before I started fiddling with it, and I simply didn't think further. Of course we can change that to something better suited for quick checks...
use "openssl rand" rather than "openssl genrsa"
levitte
force-pushed
the
revert-out-option-checks
branch
from
d6821b1
to
cd7dcc6
Compare
test/recipes/15-test_out_option.t
Outdated
| # For example, if cross compiled and tested on the build host, perl will | ||
| # generate an incorrect NULL device name. | ||
| # We might expand the exceptions... | ||
| unless (config('target') =~ m|^mingw| && $^O ne 'msys') { |
There was a problem hiding this comment.
Even though it's possible to test Linux cross-compiled targets with qemu-user (since they use same file system), it's not really inappropriate to simply assume that perl's devnull has no meaning to any cross-compiled target. Incidentally this will work out even for mingw builds performed under Linux and Cygwin. Because they are customarily performed with --cross-compile-prefix. In other words one can wonder if simple check for cross-compile prefix would be adequate. Do note "adequate", as this is really what it's about. I mean it's effectively impossible to specify condition that is guaranteed to work in all circumstances, you can only go for what has best chances to work in most cases. Of course it has to work with CIs, but as long as _access is out of picture check for cross-compile prefix should do the trick...
There was a problem hiding this comment.
Oh, so now I should check config('CROSS_COMPILE')? 'cause back over here, you told me a different story.
... buuuuuuut ok, you say check cross compile prefix, I will check cross compile prefix.
There was a problem hiding this comment.
Oh, so now I should check config('CROSS_COMPILE')?
I said "one can wonder if it would be adequate," which is not same [as to] say "do this" :-)
'cause back over here, you told me a different story.
But then I also said "Grrrr! MSYS2 cheats!" I.e. by that time I didn't actually realize that msys perl would convert "/dev/null" to "nul" when starting native binary such as "mingw". I thought that it would do same as Linux and Cygwin perls, i.e. actually pass "/dev/null".
There was a problem hiding this comment.
"Grrrr! MSYS2 cheats!"
Besides, context is different now. That's what makes it hard to nail, which can be frustrating and appear contradicting at different occasions. It's multi-variable problem with no exact solution. Change one variable, like _access call removal, and suddenly check for cross-compile prefix makes more sense than other possible options. But it's just that it makes more sense, not that it's absolutely "the right thing to do ever"...
There was a problem hiding this comment.
I said "one can wonder if it would be adequate," which is not same [as to] say "do this" :-)
True that... well, it does cover the mingw on Linux cases, and I've been wondering more than once what happens with other explicitly cross compiled environments. I think this covers quite a lot of the cases we commonly test for, though... right?
levitte
force-pushed
the
revert-out-option-checks
branch
from
cd7dcc6
to
63be6d1
Compare
|
As soon as WIP is removed... |
I don't think it's necessary to lower their expectations. Peoply which are stuck with cmd.exe generally have very low expectations about their shell. ;-) |
|
WIP removed. |
test/recipes/15-test_out_option.t
Outdated
| './', | ||
| ); | ||
| my @success_paths = ( | ||
| 'test.pem' |
There was a problem hiding this comment.
Now with rand -out this is no longer suitable name. test.bin perhaps? Or random.bin? Or randomly generated name with .bin extension?
There was a problem hiding this comment.
Ah, thanks for the reminder, that was on my mind before going to sleep yesterday
Test writing to the null device. This should be successful. Also, refactor so the planned number of tests is calculated. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from #6033)
[extended tests] Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from #6033)
open() will take care of the checks anyway Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from #6033)
|
Merged (including commit from #6031) 4522e13 apps/opt.c: Remove the access checks of input and output files |
The checks were over elaborate and became so increasingly the more we kept trying.
This reverses #4008 and #3709, i.e. reinstates that very light checks, but keeps
test/recipes/15-test_out_option.t. This puts us back at where we started with #3404 and allows us to deal with it differently that we have 'til now. This also fixes #5590, and cancels out #5592 and #5638.The first commit is from #6031