This is an automated email from the ASF dual-hosted git repository. djwang pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cloudberry.git
commit 29019ad6eb12e27647b2f17a03f4fbbc46f01b5d Author: Dianjin Wang <[email protected]> AuthorDate: Tue Jan 20 14:59:57 2026 +0800 Fix: pgcrypto regression test failures on Rocky 8 This commit fixes two issues preventing the `ic-contrib` regression tests from passing on Rocky Linux 8 environments (FIPS enabled). 1. Fixed regex matching for "Some PX error": The previous `init_file` rule missed a space in the error message pattern (`ERROR: Cannot use...`), causing FIPS error masking to fail. Added the missing space to correctly match the output. 2. Masked ephemeral line numbers: Different compilation environments (Rocky 8 vs 9) produce different line number references in error messages (e.g., pgcrypto.c:213 vs 215). Added `matchsubs` rules to mask these line numbers with `(pgcrypto.c:XXX)` and updated `expected/fips_2.out` to match, ensuring consistent test results across platforms. Changes: * Modified src/test/regress/init_file * Updated contrib/pgcrypto/expected/fips_2.out See: https://github.com/apache/cloudberry/issues/1539 --- contrib/pgcrypto/expected/fips_2.out | 12 ++++++------ src/test/regress/init_file | 10 ++++++++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/contrib/pgcrypto/expected/fips_2.out b/contrib/pgcrypto/expected/fips_2.out index 51957b898da..19ba00f8bf8 100644 --- a/contrib/pgcrypto/expected/fips_2.out +++ b/contrib/pgcrypto/expected/fips_2.out @@ -55,7 +55,7 @@ SELECT 'Test gen_salt : EXPECTED FAIL FIPS' as comment; (1 row) UPDATE fipstest SET salt = gen_salt('md5'); -ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:213) +ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:XXX) SELECT 'Test crypt : EXPECTED FAIL FIPS' as comment; comment --------------------------------- @@ -63,9 +63,9 @@ SELECT 'Test crypt : EXPECTED FAIL FIPS' as comment; (1 row) UPDATE fipstest SET res = crypt(data, salt); -ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:266) +ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:XXX) SELECT res = crypt(data, res) AS "worked" FROM fipstest; -ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:266) +ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:XXX) SELECT 'Test pgp : EXPECTED PASS' as comment; comment -------------------------- @@ -73,7 +73,7 @@ SELECT 'Test pgp : EXPECTED PASS' as comment; (1 row) select pgp_sym_decrypt(pgp_sym_encrypt('santa clause', 'mypass', 'cipher-algo=aes256'), 'mypass'); -ERROR: requested functionality not allowed in FIPS mode (openssl.c:772) +ERROR: requested functionality not allowed in FIPS mode (openssl.c:XXX) SELECT 'Test pgp : EXPECTED FAIL FIPS' as comment; comment ------------------------------- @@ -89,7 +89,7 @@ SELECT 'Test raw encrypt : EXPECTED PASS' as comment; (1 row) SELECT encrypt('santa claus', 'mypass', 'aes') as raw_aes; -ERROR: requested functionality not allowed in FIPS mode (openssl.c:772) +ERROR: requested functionality not allowed in FIPS mode (openssl.c:XXX) SELECT 'Test raw encrypt : EXPECTED FAIL FIPS' as comment; comment --------------------------------------- @@ -97,5 +97,5 @@ SELECT 'Test raw encrypt : EXPECTED FAIL FIPS' as comment; (1 row) SELECT encrypt('santa claus', 'mypass', 'bf') as raw_blowfish; -ERROR: requested functionality not allowed in FIPS mode (openssl.c:772) +ERROR: requested functionality not allowed in FIPS mode (openssl.c:XXX) DROP TABLE fipstest; diff --git a/src/test/regress/init_file b/src/test/regress/init_file index 728f6d8ea42..3220ef7bfa6 100644 --- a/src/test/regress/init_file +++ b/src/test/regress/init_file @@ -134,8 +134,14 @@ s/ERROR: FIPS enabled OpenSSL is required for strict FIPS mode .*/ERROR: FIPS # Mask out OpenSSL behavior change in different version m/ERROR: Cannot use "md5": No such hash algorithm/ s/ERROR: Cannot use "md5": No such hash algorithm/ERROR: Cannot use "md5": / -m/ERROR: Cannot use "md5": Some PX error \(not specified\)/ -s/ERROR: Cannot use "md5": Some PX error \(not specified\)/ERROR: Cannot use "md5": / +m/ERROR: Cannot use "md5": Some PX error \(not specified\)/ +s/ERROR: Cannot use "md5": Some PX error \(not specified\)/ERROR: Cannot use "md5": / + +# Mask out FIPS error line numbers +m/ERROR: requested functionality not allowed in FIPS mode \(pgcrypto.c:\d+\)/ +s/ERROR: requested functionality not allowed in FIPS mode \(pgcrypto.c:\d+\)/ERROR: requested functionality not allowed in FIPS mode (pgcrypto.c:XXX)/ +m/ERROR: requested functionality not allowed in FIPS mode \(openssl.c:\d+\)/ +s/ERROR: requested functionality not allowed in FIPS mode \(openssl.c:\d+\)/ERROR: requested functionality not allowed in FIPS mode (openssl.c:XXX)/ # Mask out gp_execution_segment() m/One-Time Filter: \(gp_execution_segment\(\) = \d+/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
