search

libwww-perl / URI

The Perl URI module
https://metacpan.org/pod/URI
Other
57 stars 48 forks source link

URI test failures when perl built with NO_TAINT_SUPPORT #123

Closed jkeenan closed 1 year ago

jkeenan commented 1 year ago

In perl-5.38.0, whose production release we anticipate for approx. May 20 2023, perl can be built without support for taint. Unfortunately, many CPAN distributions have test files that test taint-related situations.

Last week I built a perl with this configuration:

$ uname -mrs
Linux 5.19.0-41-generic x86_64

$ ./bin/perl -Ilib -v | head -2 | tail -1
This is perl 5, version 37, subversion 12 (v5.37.12 (v5.37.11-5-gcf4572e56a)) built for x86_64-linux

$ ./bin/perl -Ilib -V:config_args
config_args='-des -Dusedevel -Accflags=-DNO_TAINT_SUPPORT -Dprefix=/home/jkeenan/testing/blead -Uversiononly -Dman1dir=none -Dman3dir=none';

I installed cpanm against that perl, then tried to install modules (e.g., Task::CPAN::Reporter) for which URI is a prerequisite. The installation of URI failed.`

$ ./bin/cpanm URI
--> Working on URI
Fetching http://www.cpan.org/authors/id/O/OA/OALDERS/URI-5.17.tar.gz ... OK
Configuring URI-5.17 ... OK
Building and testing URI-5.17 ... FAIL
! Installing URI failed. See /home/jkeenan/.cpanm/work/1682729023.48628/build.log for details. Retry with --force to force install it.

--> Working on URI
Fetching http://www.cpan.org/authors/id/O/OA/OALDERS/URI-5.17.tar.gz
-> OK
Unpacking URI-5.17.tar.gz
Entering URI-5.17
Checking configure dependencies from META.json
Checking if you have ExtUtils::MakeMaker 6.58 ... Yes (7.70)
Configuring URI-5.17
Running Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for URI
...
t/00-report-prereqs.t ..... ok
t/abs.t ................... ok
t/clone.t ................. ok
This perl was compiled without taint support. Cowardly refusing to run with -t or -T flags.
t/cwd.t ...................
Dubious, test returned 29 (wstat 7424, 0x1d00)
No subtests run
t/data.t .................. ok
t/escape-char.t ........... ok
t/escape.t ................ ok
This perl was compiled without taint support. Cowardly refusing to run with -t or -T flags.
t/file.t ..................
Dubious, test returned 29 (wstat 7424, 0x1d00)
No subtests run
t/ftp.t ................... ok
...
Test Summary Report
-------------------
t/cwd.t                 (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
  Non-zero exit status: 29
  Parse errors: No plan found in TAP output
t/file.t                (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
  Non-zero exit status: 29
  Parse errors: No plan found in TAP output
t/mailto.t              (Wstat: 0 Tests: 20 Failed: 0)
  TODO passed:   16
Files=46, Tests=715,  2 wallclock secs ( 0.06 usr  0.02 sys +  1.19 cusr  0.19 csys =  1.46 CPU)
Result: FAIL
Failed 2/46 test programs. 0/715 subtests failed.
make: *** [Makefile:947: test_dynamic] Error 255
-> FAIL Installing URI failed.

I am aware that a number of Perl people have been looking into this problem (e.g., @DrHyde), but I don't know if we have yet established any S.O.P. for addressing it.

DrHyde commented 1 year ago

With NO_TAINTSUPPORT Perl dies loudly as soon as it sees -t. You may have more luck with SILENT NO_TAINT_SUPPORT. Also see the PR I've raised against IPC::System::Simple, you may be able to adapt how I fixed its tests.

genio commented 1 year ago

https://github.com/libwww-perl/URI/pull/129 Can you test against that PR, please?

DrHyde commented 1 year ago

All tests pass, with taint enabled, with it disabled silently, and disabled noisily.

However, all I did was prove -Ilib -r t. Something in Dist::Zilla's dependency chain doesn't like no-taint, so if you do anything funky at build time I couldn't test that.

genio commented 1 year ago

Great! Should be all good to go. I'll close this out as the next release should contain the fix. Thank you!