From 29c605031929da4acb2754c923cd1cb99c8820ef Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Fri, 2 Mar 2018 17:19:34 +0900 Subject: [PATCH 2/2] Add PG_TEST_EXTRA to control optional test suites By default, SSL and LDAP test suites are not allowed to run as they are not secure for multi-user environments, which is why they are not part of check-world. This commit adds an extra make variable which can be used to optionally enable them if wanted. The user can make use of the variable like that for example: make -C src/test check PG_TEST_EXTRA='ssl ldap' PG_TEST_EXTRA needs to be a list of items separated by whitespaces, and supports two values for now: 'ssl' and 'ldap' to be able to run respectively tests in src/test/ssl and src/test/ldap. In consequence, the SSL and LDAP test suites are added to check-world but they are skipped except if the user has asked for them to be enabled. If the build does not support SSL or LDAP, those tests are automatically ignored. --- configure.in | 1 + doc/src/sgml/regress.sgml | 17 +++++++++++++++++ src/Makefile.global.in | 1 + src/test/Makefile | 16 +++++++++++++++- 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 4d26034579..aee3ab0867 100644 --- a/configure.in +++ b/configure.in @@ -682,6 +682,7 @@ PGAC_ARG_BOOL(with, ldap, no, [build with LDAP support], [AC_DEFINE([USE_LDAP], 1, [Define to 1 to build with LDAP support. (--with-ldap)])]) AC_MSG_RESULT([$with_ldap]) +AC_SUBST(with_ldap) # diff --git a/doc/src/sgml/regress.sgml b/doc/src/sgml/regress.sgml index ca2716a6d7..0a5946203c 100644 --- a/doc/src/sgml/regress.sgml +++ b/doc/src/sgml/regress.sgml @@ -211,6 +211,23 @@ make installcheck-world option . This is recommended for development, but can be omitted if there is no suitable Perl installation. + + + TAP tests under src/test/ssl and + src/test/ldap are not secure to run on a multi-system + environment. You can decide which test suites to additionally allow by + setting the make variable + PG_TEST_EXTRA to define a list of tests separated + by a whitespace. + +make -C src/test check PG_TEST_EXTRA='ssl ldap' + + As of now, two test types are supported: ssl to allow + tests in src/test/ssl to be run, and + ldap for src/test/ldap. Those + tests will not be run if the build does not support respectively + SSL and LDAP even if listed. + diff --git a/src/Makefile.global.in b/src/Makefile.global.in index d980f81046..dcb8dc5d90 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in @@ -186,6 +186,7 @@ with_tcl = @with_tcl@ with_openssl = @with_openssl@ with_selinux = @with_selinux@ with_systemd = @with_systemd@ +with_ldap = @with_ldap@ with_libxml = @with_libxml@ with_libxslt = @with_libxslt@ with_system_tzdata = @with_system_tzdata@ diff --git a/src/test/Makefile b/src/test/Makefile index 73abf163f1..2fa3463c87 100644 --- a/src/test/Makefile +++ b/src/test/Makefile @@ -14,10 +14,24 @@ include $(top_builddir)/src/Makefile.global SUBDIRS = perl regress isolation modules authentication recovery subscription +# Test suites which are not safe by default, but can be run if enforced +# by the users via the whitespace-separated list in variable PG_TEST_EXTRA. +ifeq ($(with_ldap),yes) +ifneq (,$(filter ldap,$(PG_TEST_EXTRA))) +SUBDIRS += ldap +endif +endif +ifeq ($(with_openssl),yes) +ifneq (,$(filter ssl,$(PG_TEST_EXTRA))) +SUBDIRS += ssl +endif +endif + # We don't build or execute examples/, locale/, or thread/ by default, # but we do want "make clean" etc to recurse into them. Likewise for # ldap/ and ssl/, because these test suites are not secure to run on a -# multi-user system. +# multi-user system, still those can be enforced if wanted using +# PG_TEST_EXTRA. ALWAYS_SUBDIRS = examples ldap locale thread ssl # We want to recurse to all subdirs for all standard targets, except that -- 2.16.2