Re: installing Apache::Test via CPAN impossible as root
Am Tue, 26 Aug 2003 16:07:21 + schrieb Stas Bekman:
As you posted in the followup, this is a problem with all Apache:: modules.
The problem originates within Apache, not us.
Didn't know that apache rejects to run as root. Strange (but safe) behaviour.
Ideas how to solve this are *very* welcome.
The best idea I have is to serve the htdocs directory from outside the
~root hierarchy. Apache is initially started as root and thus has no
difficulties to get the configuration stuff needed to start up.
A quick (non MSWormOS compatible) fix would be to patch
lib/Apache/TestConfig.pm as follows:
---CUT
--- TestConfig.pm 2003-06-07 01:43:28.0 +0200
+++ TestConfig.pm.docroot_patched 2003-08-27 12:13:26.0 +0200
@@ -214,7 +214,7 @@
$vars-{t_dir}||= catfile $vars-{top_dir}, 't';
$vars-{serverroot} ||= $vars-{t_dir};
-$vars-{documentroot} ||= catfile $vars-{serverroot}, 'htdocs';
+$vars-{documentroot} ||= /tmp/Apache-Test.$$/htdocs;
$vars-{perlpod} ||= $self-find_in_inc('pods') ||
$self-find_in_inc('pod');
$vars-{perl} ||= $^X;
---CUT
Moving the entire t/ directory to temp is IMHO not necessary, but depending on
the test needs it may also be required to copy a cgi-bin directory to /tmp as
well.
For a better solution of course it would also be reasonable to query the ENV
settings that even exist on MSWorm (IIRC) and even better check that directory's
permissions and fallback again to /tmp, if nothing else is found. But this is maybe
something that File::Spec, which nathan mentioned, already does.
IMHO again the build dir in general should default to /tmp/cpan_$USER (or
/var/tmp/cpan_$USER if you prefer), so it would be a good thing to change the default
setting of CPAN's initial configuration for future CPAN releases.
In some ways CPAN packages are very similar to SRPMS and I think CPAN could learn
a lot from RPM here.
happy hacking
udo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
Udo Rader wrote:
Am Tue, 26 Aug 2003 16:07:21 + schrieb Stas Bekman:
As you posted in the followup, this is a problem with all Apache:: modules.
The problem originates within Apache, not us.
Didn't know that apache rejects to run as root. Strange (but safe) behaviour.
It starts as root alright, but won't spawn workers as root.
Ideas how to solve this are *very* welcome.
The best idea I have is to serve the htdocs directory from outside the
~root hierarchy. Apache is initially started as root and thus has no
difficulties to get the configuration stuff needed to start up.
A quick (non MSWormOS compatible) fix would be to patch
lib/Apache/TestConfig.pm as follows:
---CUT
--- TestConfig.pm 2003-06-07 01:43:28.0 +0200
+++ TestConfig.pm.docroot_patched 2003-08-27 12:13:26.0 +0200
@@ -214,7 +214,7 @@
$vars-{t_dir}||= catfile $vars-{top_dir}, 't';
$vars-{serverroot} ||= $vars-{t_dir};
-$vars-{documentroot} ||= catfile $vars-{serverroot}, 'htdocs';
+$vars-{documentroot} ||= /tmp/Apache-Test.$$/htdocs;
$vars-{perlpod} ||= $self-find_in_inc('pods') ||
$self-find_in_inc('pod');
$vars-{perl} ||= $^X;
---CUT
this is only needed for root-run tests, which most of us don't do.
Moving the entire t/ directory to temp is IMHO not necessary, but depending on
the test needs it may also be required to copy a cgi-bin directory to /tmp as
well.
Other dirs top-level t/ dirs may need to be copied as well, e.g. t/logs if
they have some custom logs written from the handlers. Ideally it should be
configurable by the developer that uses Apache::Test.
But I agree that it's certainly a good idea to copy only the minimal amount of
files.
For a better solution of course it would also be reasonable to query the ENV
settings that even exist on MSWorm (IIRC) and even better check that directory's
permissions and fallback again to /tmp, if nothing else is found. But this is maybe
something that File::Spec, which nathan mentioned, already does.
Yup, this is going to be the hardest part. We need a good portable test.
Currently I do this check. I have no idea how portable it is. Please tell me
if there is some problem with it.
You can find it in Apache-Test/lib/Apache/TestRun.pm of the current
modperl-2.0 cvs:
sub check_perms {
my ($self, $user, $uid, $gid) = @_;
# test that the base dir is rwx by the selected non-root user
my $vars = $self-{test_config}-{vars};
my $dir = $vars-{t_dir};
my $perl = $vars-{perl};
my $check = qq[sudo -u '#$uid' $perl -e ] .
qq['print -r $dir -w _ -x _ ? OK : NOK'];
warning $check\n;
my $res = qx[$check] || '';
warning result: $res;
unless ($res eq 'OK') {
#$self-restore_t_perms;
error(EOI) die \n;
You are running the test suite under user 'root'.
Apache cannot spawn child processes as 'root', therefore
we attempt to run the test suite with user '$user' ($uid:$gid).
The problem is that the path:
$dir
must be 'rwx' by user '$user', so Apache can read and write under that
path.
There several ways to resolve this issue. For example move
'$dir' to '/tmp/' and repeat the 'make test' phase.
You can test whether the location is good by running the following test:
% $check
EOI
}
}
IMHO again the build dir in general should default to /tmp/cpan_$USER (or
/var/tmp/cpan_$USER if you prefer), so it would be a good thing to change the default
setting of CPAN's initial configuration for future CPAN releases.
In some ways CPAN packages are very similar to SRPMS and I think CPAN could learn
a lot from RPM here.
Well, that is the wrong forum to discuss the CPAN issues, at least because
those who control CPAN.pm aren't listening ;)
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
installing Apache::Test via CPAN impossible as root
hi all, I'm trying to setup Apache::Test with our apaches and have run into major troubles. CPAN refuses to install the mod without force, because all tests completely fail. t/logs/error_log then contained error messages like these: -error_log-- [...] [Tue Aug 26 14:23:47 2003] [error] [client 127.0.0.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path [...] -error_log-- never saw such an apache error message ... ? search permissions are missing ? what kind of stuff is that? But a google search quickly pointed me to the source of the problem: In a default linux perl installation Apache::Test is very unlikely to be installable by root (http://dbforums.com/t859484.html). I tried to make make test the package as a normal user and I succeded. Depending on my security settings this is however just luck: If the above posting on dbforums is correct, then the problem is because the unpacking and building is done by user root whereas all files below t/ are chowned to the actual apache test user. Now this works fine as long as the _apache test user_ is allowed to access root's .cpan build area at all, and I doubt that on most systems a normal user (such as the apache test user) will be allowed to access anything within ~root and thus make test will fail. Are there arguments against running those tests as root? for the record: get this for apache 1.3.28 and mp1.28 as well as with apache 2.0.47 and mp1.99_09. udo -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
hmm, and as I just found out, the same applies for many other Apache:: mods (libapreq ...) This looks like a major problem to me. Temporary workaround is to give read access to all users for ~root, but that makes me a bit nervous ... udo -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
Udo Rader wrote: hi all, I'm trying to setup Apache::Test with our apaches and have run into major troubles. CPAN refuses to install the mod without force, because all tests completely fail. t/logs/error_log then contained error messages like these: -error_log-- [...] [Tue Aug 26 14:23:47 2003] [error] [client 127.0.0.1] (13)Permission denied: access to /index.html failed because search permissions are missing on a component of the path [...] -error_log-- As you posted in the followup, this is a problem with all Apache:: modules. The problem originates within Apache, not us. FWIW, the cvs version of Apache::Test warns you early whether this is going to work or not, rather than just failing during 'make test'. Ideas how to solve this are *very* welcome. As of this moment per your observation you need to either put the data in the directory readable by the apache user, or build/run the tests as a non-root. If you configure your CPAN to put the build dir not under /root, but let's say /tmp/ (probably can come up with a better choice), it'll work. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
On Tue, 26 Aug 2003 09:07:21 -0700, Stas Bekman wrote: [snip] As you posted in the followup, this is a problem with all Apache:: modules. The problem originates within Apache, not us. FWIW, the cvs version of Apache::Test warns you early whether this is going to work or not, rather than just failing during 'make test'. Ideas how to solve this are *very* welcome. [snip] Stas, One thing we're working on implementing in Apache::PAR to solve this kind of problem is to use File::Spec's tmpdir to get the platform specific temp directory. This function appears to be available in File::Spec at least as of Perl 5.6.0 as part of the distribution. This could be used (maybe overridable via a env variable, etc) to determine a temporary directory to copy the t/ directory to in cases where permissions would deny reading from the working directory or a parent directory. Of course, it would still have to fail in cases where a temp directory isn't available (either File::Spec doesn't support the platform or a new enough version of File::Spec isn't available on an old version of Perl) and the env variable isn't set, but should handle almost all common cases. Once the content is copied, Apache::Test would then use that directory to serve test files, scripts, etc out of. This temporary directory could then also be cleaned up when the Apache server is shutdown. Of course, I haven't looked at the code for Apache::Test enough to know whether this would be easily implemented, but just thought I would throw out the idea. Thanks, Nathan Byrd -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
Re: installing Apache::Test via CPAN impossible as root
[EMAIL PROTECTED] wrote:
On Tue, 26 Aug 2003 09:07:21 -0700, Stas Bekman wrote:
[snip]
As you posted in the followup, this is a problem with
all Apache:: modules.
The problem originates within Apache, not us.
FWIW, the cvs version of Apache::Test warns you early
whether this is going to
work or not, rather than just failing during 'make
test'.
Ideas how to solve this are *very* welcome.
[snip]
Stas,
One thing we're working on implementing in Apache::PAR
to solve this kind of problem is to use File::Spec's
tmpdir to get the platform specific temp directory.
This function appears to be available in File::Spec at
least as of Perl 5.6.0 as part of the distribution.
This could be used (maybe overridable via a env
variable, etc) to determine a temporary directory to
copy the t/ directory to in cases where permissions
would deny reading from the working directory or a
parent directory. Of course, it would still have to
fail in cases where a temp directory isn't available
(either File::Spec doesn't support the platform or a
new enough version of File::Spec isn't available on an
old version of Perl) and the env variable isn't set,
but should handle almost all common cases.
Once the content is copied, Apache::Test would then use
that directory to serve test files, scripts, etc out
of. This temporary directory could then also be
cleaned up when the Apache server is shutdown.
Of course, I haven't looked at the code for
Apache::Test enough to know whether this would be
easily implemented, but just thought I would throw out
the idea.
Thanks Nathan,
We have discussed this idea at the dev list, and will probably resort to it if
no better solution is found. I didn't mention it on purpose in hope to get
some new, better ideas.
The problem with copy and cleanup to a temp dir is that some project may have
a pretty big t/ directory (mp2's one is almost 2MB and growing), so copying is
going to be quite slow. Another problem is the cleanup, which may not always
work very well.
Moreover, let's say that you run under 'root'. Most likely
File::Temp/File::Spec::tmpdir will return /root/tmp as the temp dir, so it
solves nothing. What we really want is an equivalent of /tmp.
What we could do is prompt root for two inputs: a username of a real user
(e.g. 'stas' on my machine) and a dir where 'stas' can write to (e.g.
/home/stas/tmp) and then copy the files there and use that username to run the
test with.
In my original reply the best advise so far to avoid this problem is to
configure your .cpan dir to be under /tmp in which case running tests as root
is not a problem. However /tmp is often setup to be cleaned up on reboot, so
you may want to configure only 'build_dir' to be on that filesystem, e.g.:
#~/.cpan/CPAN/MyConfig.pm
#
$CPAN::Config = {
'cpan_home' = q[/root/.cpan],
'build_dir' = q[/tmp/.cpan/build],
...
};
__
Stas BekmanJAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide --- http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
