Some new security tests failing (one by removing the j2sdk-image dir!) (Was: changeset in /hg/icedtea6...)
Jonathan Gibbons
Jonathan.Gibbons at Sun.COM
Tue Dec 9 17:43:45 PST 2008
Mark,
FYI, I finally investigated the jtreg issue you describe. It's come up
once before internally.
jtreg is suffering from the simplicities of the java.io.File API, and is
following symbolic links
when cleaning the scratch directory in preparation for each new test to
be run. I have a
patch, but I'll probably leave it till after the holidays before pushing
it, as I will be leaving
for vacation next week. Thanks for pointing out the issue again.
-- Jon
Mark Wielaard wrote:
> Hi Lillian,
> and Hi Jon, read below for a weird issue with jtreg,
>
> On Tue, 2008-12-02 at 13:27 +0000, Lillian Angel wrote:
>
>> changeset a599dbe81c3d in /hg/icedtea6
>> details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=a599dbe81c3d
>> description:
>> 2008-12-02 Lillian Angel <langel at redhat.com>
>>
>> * Makefile.am
>> (ICEDTEA_PATCHES): Added new OpenJDK security patches.
>> * patches/icedtea-4486841.patch,
>> patches/icedtea-6484091.patch,
>> patches/icedtea-6497740.patch,
>> patches/icedtea-6588160.patch,
>> patches/icedtea-6592792.patch,
>> patches/icedtea-6721753.patch,
>> patches/icedtea-6726779.patch,
>> patches/icedtea-6733959.patch,
>> patches/icedtea-6734167.patch,
>> patches/icedtea-6755943.patch,
>> patches/icedtea-6766136.patch: New file
>>
>
> Thanks for getting these applied so quickly. It is good to see you are
> on top of the security issues.
>
> I did find some issues with the newly included tests though.
>
> - closed/sun/security/rsa/TestLimits.java needs two pre-created keystore
> files. It also describes how to create them. I added them to the overlay
> (since you cannot easily add them to the patches files.)
>
> - closed/java/io/File/createTempFile/GuessNext.java had a "@key
> closed-security". closed-security isn't valid key according to our
> TEST.ROOT, so I just removed it.
>
> BTW. Both these new "closed" tests don't have a GPL header.
>
> - tools/launcher/MultipleJRE.sh uses a class ZipMeUp, but was missing an
> @build for that class. I added that.
>
> Now that last issue looks innocent enough, but it isn't! It will DESTROY
> your just build j2sdk-image build dir! Look at the following test script
> fragment:
>
> TestLongMainClass() {
> JVER=$1
> if [ "$JVER" = "mklink" ]; then
> JVER=XX
> JDKXX=jdk/j2re$JVER
> rm -rf jdk
> mkdir jdk
> ln -s $TESTJAVA $JDKXX
> JAVA_VERSION_PATH="`pwd`/jdk"
> export JAVA_VERSION_PATH
> fi
> $JAVAEXE -cp $TESTCLASSES ZipMeUp UglyBetty.jar 4097
> message="`$JAVAEXE -version:$JVER -jar UglyBetty.jar 2>&1`"
> echo $message | grep "Error: main-class: attribute exceeds system limits" > /dev/null 2>&1
> if [ $? -ne 0 ]; then
> printf "Long manifest test did not get expected error"
> exit 1
> fi
> unset JAVA_VERSION_PATH
> rm -rf jdk
> }
>
> where
> $1 = "mklink"
> $TESTJAVA = /path/to/your/just/build/j2sdk-image
>
> What this will do is create a soft link in the JTwork/scratch dir called
> jdk/j2reXX that points to your just build j2sdk-image. If the test
> succeeds this jdk dir with the soft link in it will just be removed and
> everything is fine. (rm -r doesn't follow soft links)
>
> But if this fails (because of the missing ZipMeUp class) the script will
> exit 1 prematurely without removing the softlink from the scratch dir.
> On the next test run jtreg will remove the contents of the
> JTwork/scratch dir. But jtreg does follow soft links!
> So it will remove everything in your shiny new j2sdk-image build.
>
> The fix makes the script not fail. But apparently having tests create
> soft links is a pretty dangerous thing...
>
> Fixed as follows:
>
> 2008-12-02 Mark Wielaard <mark at klomp.org>
>
> * overlays/openjdk/jdk/test/closed/sun/security/rsa/keystore.bad,
> overlays/openjdk/jdk/test/closed/sun/security/rsa/keystore.good:
> New keystore files.
> * patches/icedtea-6497740.patch: Remove binary file diffs.
> * patches/icedtea-6721753.patch: Remove @key closed-security.
> * patches/icedtea-6733959.patch: Add @build ZipMeUp.
>
> Cheers,
>
> Mark
>
> diff -r b7a8b3f766db -r 7eca1fba7ef1 patches/icedtea-6497740.patch
> --- a/patches/icedtea-6497740.patch Tue Dec 02 19:20:50 2008 +0100
> +++ b/patches/icedtea-6497740.patch Wed Dec 03 00:45:09 2008 +0100
> @@ -1546,8 +1546,6 @@
> + }
> + }
> +}
> -Binary files /tmp/dnlaqOr and new/test/closed/sun/security/rsa/keystore.bad differ
> -Binary files /tmp/dxQaGis and new/test/closed/sun/security/rsa/keystore.good differ
> --- /dev/null Fri Aug 22 18:59:31 2008
> +++ openjdk/jdk/test/closed/sun/security/rsa/sunpkcs11-solaris_enableSHA1withRSAsig.cfg Fri Aug 22 18:59:29 2008
> @@ -0,0 +1,36 @@
> diff -r b7a8b3f766db -r 7eca1fba7ef1 patches/icedtea-6721753.patch
> --- a/patches/icedtea-6721753.patch Tue Dec 02 19:20:50 2008 +0100
> +++ b/patches/icedtea-6721753.patch Wed Dec 03 00:45:09 2008 +0100
> @@ -88,10 +88,9 @@
> /**
> --- /dev/null Thu Oct 9 16:12:28 2008
> +++ openjdk/jdk/test/closed/java/io/File/createTempFile/GuessNext.java Thu Oct 9 16:12:25 2008
> -@@ -0,0 +1,26 @@
> +@@ -0,0 +1,25 @@
> +/* @test
> + * @bug 6721753
> -+ * @key closed-security
> + * @summary Test that temporary files don't use incrementing counter
> + */
> +
> diff -r b7a8b3f766db -r 7eca1fba7ef1 patches/icedtea-6733959.patch
> --- a/patches/icedtea-6733959.patch Tue Dec 02 19:20:50 2008 +0100
> +++ b/patches/icedtea-6733959.patch Wed Dec 03 00:45:09 2008 +0100
> @@ -112,6 +112,14 @@
> +}
> --- MultipleJRE.sh 2008-11-21 14:18:54.000000000 -0500
> +++ openjdk/jdk/test/tools/launcher/MultipleJRE.sh 2008-11-21 14:23:48.000000000 -0500
> +@@ -2,6 +2,7 @@
> + # @bug 4811102 4953711 4955505 4956301 4991229 4998210 5018605 6387069
> + # @build PrintVersion
> + # @build UglyPrintVersion
> ++# @build ZipMeUp
> + # @run shell MultipleJRE.sh
> + # @summary Verify Multiple JRE version support
> + # @author Joseph E. Kowalski
> @@ -48,10 +48,23 @@
> exit 1
> fi
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20081209/18527fc3/attachment.html
More information about the distro-pkg-dev
mailing list