skip taint tests when perl was built without taint support

[DrHyde]

If perl is built without taint support (ie using -Accflags=-DSILENT_NO_TAINT_SUPPORT or -Accflags=-DNO_TAINT_SUPPORT) the existing tests fail. This patch makes the taint tests skip if taint-mode isn't supported.

[shlomif]

👍 looks great

[jkeenan]

If perl is built without taint support (ie using -Accflags=-DSILENT_NO_TAINT_SUPPORT or -Accflags=-DNO_TAINT_SUPPORT) the existing tests fail. This patch makes the taint tests skip if taint-mode isn't supported.

I built a perl from blead with NO_TAINT_SUPPORT:

$ ./bin/perl -Ilib -v | head -2 |tail -1
This is perl 5, version 37, subversion 12 (v5.37.12 (v5.37.11-5-gcf4572e56a)) built for x86_64-linux
$ ./bin/perl -Ilib -V:config_args
config_args='-des -Dusedevel -Accflags=-DNO_TAINT_SUPPORT -Dprefix=/home/jkeenan/testing/blead -Uversiononly -Dman1dir=none -Dman3dir=none';
$ ./bin/perl -Ilib -V | grep -i taint
    config_args='-des -Dusedevel -Accflags=-DNO_TAINT_SUPPORT -Dprefix=/home/jkeenan/testing/blead -Uversiononly -Dman1dir=none -Dman3dir=none'
    ccflags ='-DNO_TAINT_SUPPORT -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64'
    cppflags='-DNO_TAINT_SUPPORT -fwrapv -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include'
    NO_TAINT_SUPPORT

I then fetched your pull request onto my local machine and ran it against this taint-less perl.

commit ae5c5abc40c4709d7405387d9bae684cc7910c7e (HEAD -> drhyde-taint-support)
Author:     David Cantrell <[email protected]>
AuthorDate: Sat Apr 22 18:26:51 2023 +0100
Commit:     David Cantrell <[email protected]>
CommitDate: Sat Apr 22 18:26:51 2023 +0100

    skip taint tests when perl was built without taint support
...

$ bleadperl -V:config_args
config_args='-des -Dusedevel -Accflags=-DNO_TAINT_SUPPORT -Dprefix=/home/jkeenan/testing/blead -Uversiononly -Dman1dir=none -Dman3dir=none';

$ bleadperl Makefile.PL && make
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for IPC::System::Simple
Writing MYMETA.yml and MYMETA.json
cp lib/IPC/System/Simple.pm blib/lib/IPC/System/Simple.pm

$ make test
PERL_DL_NONLAZY=1 "/home/jkeenan/testing/blead/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01_load.t ........... ok   
t/02_exit.t ........... ok     
t/03_signal.t ......... ok   
t/04_capture.t ........ ok     
t/05_multi_capture.t .. ok     
t/06_fail.t ........... ok   
t/07_taint.t .......... This perl was compiled without taint support. Cowardly refusing to run with -t or -T flags.
t/07_taint.t .......... Dubious, test returned 29 (wstat 7424, 0x1d00)
No subtests run 
t/08_core.t ........... skipped: BSD::Resource required for coredump tests
t/09_system.t ......... ok     
t/10_formatting.t ..... This perl was compiled without taint support. Cowardly refusing to run with -t or -T flags.
t/10_formatting.t ..... Dubious, test returned 29 (wstat 7424, 0x1d00)
No subtests run 
t/11_newlines.t ....... ok   
t/12_systemx.t ........ ok   
t/13_exports.t ........ ok   
t/14_uninitialised.t .. skipped: Test::NoWarnings required for testing undef warnings
t/args.t .............. ok     
t/internal.t .......... ok   
t/win32.t ............. skipped: Win32 only tests

Test Summary Report
-------------------
t/07_taint.t        (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
  Non-zero exit status: 29
  Parse errors: No plan found in TAP output
t/10_formatting.t   (Wstat: 7424 (exited 29) Tests: 0 Failed: 0)
  Non-zero exit status: 29
  Parse errors: No plan found in TAP output
Files=17, Tests=163,  1 wallclock secs ( 0.04 usr  0.01 sys +  0.50 cusr  0.11 csys =  0.66 CPU)
Result: FAIL
Failed 2/17 test programs. 0/163 subtests failed.
make: *** [Makefile:887: test_dynamic] Error 255

Your commit message stated, This patch makes the taint tests skip if taint-mode isn't supported. But these tests printed out a message indicating skipping but two test files nonetheless FAILed. That's confusing.

Additional note: This time last year @neilb had submitted #39 on the same problem. We closed it then because it ran into other problems. We'll need to evaluate this p.r. in light of those problems.

[DrHyde]

That's odd, I thought I'd tested it with both -DSILENT_NO_TAINT_SUPPORT and -DNO_TAINT_SUPPORT. Let me try again ...

[DrHyde]

Ah-ha, I had two builds with SILENT_NO_TAINT_SUPPORT! I'll update the PR to also work with the noisy version of NO_TAINT_SUPPORT

[DrHyde]

IIRC @neilb's work in blead was about adding a question in Configure to ask whether to build perl without taint support. That was reverted. Then more recently some patches went in to at least make perl pass its own tests without taint support, even though there's still no question for it in Configure, and also for Config.pm to know about it - see Perl/perl5#20983.

Now that perl passes its own tests if you disable taint support via -Accflags=..., I'm running a CPAN smoker with it, and slowly working my way through all the "up river" modules that fail on it - hence this PR.

[jkeenan]

On 4/23/23 10:24, David Cantrell wrote: [snip] Now that perl passes its own tests if you disable taint support via |-Accflags=...|, I'm running a CPAN smoker with it, and slowly working my way through all the "up river" modules that fail on it - hence this PR.

My initial reaction to your second commit was, "Wow, that's an awfully big lot of new code just to maintain the same functionality! And now a diligent CPAN maintainer has to test any taint-related code against one (or possibly two) different Perl builds!" Thanks for undertaking this investigation. I will hope to get to studying it for this distro soon. I just wonder how many CPAN maintainers will be willing to undertake similar adaptive work in their distros.

[DrHyde]

It's actually very little code, the contents of 07_taint.t and 10_formatting.t have been moved into non-.t files so that a perl built with the noisy version of NO_TAINT_SUPPORT won't ever see them and so won't blow chunks. The new versions of 07_taint.t and 10_formatting.t just check to see if taint-mode is supported and either exec() those renamed files or say "nope, skipping".