Skip Menu |
 

This queue is for tickets about the Module-Runtime CPAN distribution.

Report information
The Basics
Id: 118768
Status: resolved
Priority: 0/
Queue: Module-Runtime

People
Owner: Nobody in particular
Requestors: jkeenan [...] cpan.org
KENTNL [...] cpan.org
Cc: DBOOK [...] cpan.org
ether [...] cpan.org
PLICEASE [...] cpan.org
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Attachments
0001-Account-for-removal-of-default-.-from-INC.patch



Subject: Future-proof Module-Runtime tests against removal of default '.' from @INC.
Download (untitled) / with headers
text/plain 184b
See discussion referenced in commit message of patch attached. Patch was drawn against HEAD of master at git://git.fysh.org/zefram/Module-Runtime.git. Thank you very much. Jim Keenan
Subject: 0001-Account-for-removal-of-default-.-from-INC.patch
From e65daf341af12b32016d327d70182be5bc4f7d8e Mon Sep 17 00:00:00 2001 From: James E Keenan <jkeenan@cpan.org> Date: Mon, 14 Nov 2016 16:48:01 -0500 Subject: [PATCH] Account for removal of default '.' from @INC. See: http://www.nntp.perl.org/group/perl.perl5.porters/2016/11/msg241020.html: "In Perl 5.26, it will no longer be a safe assumption to assume . is in @INC. This is a good move towards a more secure Perl, but will break the installation of many CPAN modules." This patch adds '.' to @INC for those test programs which need to locate t/Simple.pm. --- t/rm.t | 1 + t/um.t | 1 + t/upo.t | 1 + t/upo_overridden.t | 1 + 4 files changed, 4 insertions(+) diff --git a/t/rm.t b/t/rm.t index eb236d4..db50661 100644 --- a/t/rm.t +++ b/t/rm.t @@ -1,5 +1,6 @@ use warnings; use strict; +use lib ('.'); use Test::More tests => 26; diff --git a/t/um.t b/t/um.t index a4c225a..c43db91 100644 --- a/t/um.t +++ b/t/um.t @@ -1,5 +1,6 @@ use warnings; use strict; +use lib ('.'); use Test::More tests => 37; diff --git a/t/upo.t b/t/upo.t index eeea528..87a9e7a 100644 --- a/t/upo.t +++ b/t/upo.t @@ -1,5 +1,6 @@ use warnings; use strict; +use lib ('.'); use Test::More tests => 42; diff --git a/t/upo_overridden.t b/t/upo_overridden.t index 2cd9cc1..4eb9e6e 100644 --- a/t/upo_overridden.t +++ b/t/upo_overridden.t @@ -1,5 +1,6 @@ use warnings; use strict; +use lib ('.'); if("$]" < 5.007002) { require Test::More; -- 2.7.4
Download (untitled) / with headers
text/plain 248b
I really don't like blanket additions of '.' into lib... much better, I think, would be to put these test modules into t/lib and then "use lib 't/lib'" instead. That also requires renaming the modules to remove 't::' from beginning of their names.
Download (untitled) / with headers
text/plain 549b
On 2016-11-14 15:31:21, ETHER wrote: Show quoted text
> I really don't like blanket additions of '.' into lib... much better, > I think, would be to put these test modules into t/lib and then "use > lib 't/lib'" instead. That also requires renaming the modules to > remove 't::' from beginning of their names.
I prepared a patch for that here -- https://github.com/karenetheridge/Module-Runtime/tree/topic/no_dot_lib i.e. commit https://github.com/karenetheridge/Module-Runtime/commit/1cad56afdb7a3fba11e3fdba868ee6269df80ca1 (I can attach as a patch if desired).
Download (untitled) / with headers
text/plain 1.2k
On Mon Nov 14 18:31:21 2016, ETHER wrote: Show quoted text
> I really don't like blanket additions of '.' into lib... much better, > I think, would be to put these test modules into t/lib and then "use > lib 't/lib'" instead. That also requires renaming the modules to > remove 't::' from beginning of their names.
I don't believe there is any real distinction here. Both are adding a relative path to @INC, and thus rely on the current directory being the base of the distribution, and are susceptible to anything that changes directory before a module is loaded. There is no more or less vulnerability from adding 't/lib' to the list than '.'. One practice I do prefer is to absolutize the directory at use-lib time based on the file's current location so that the current directory has no bearing. But it is a bit wordy for a general recommendation to throw in every test file. use File::Basename 'dirname'; use File::Spec::Functions 'catdir', 'rel2abs'; use lib catdir rel2abs(dirname(__FILE__)), 'lib'; # assuming __FILE__ is in t/ and you want t/lib/ or to clean up the file paths (as rel2abs does not resolve symlinks or backreferences, but does that really matter for this?): use Cwd 'abs_path'; use File::Basename 'dirname'; use File::Spec::Functions 'catdir'; use lib catdir abs_path(dirname(__FILE__)), 'lib';
Download (untitled) / with headers
text/plain 944b
On Mon Nov 14 16:56:02 2016, JKEENAN wrote: Show quoted text
> See discussion referenced in commit message of patch attached. Patch > was drawn against HEAD of master at git://git.fysh.org/zefram/Module- > Runtime.git. > > Thank you very much. > Jim Keenan
Zefram, would it be possible to apply this patch -- or something similar based on the discussion in this ticket -- and release a new version to CPAN? Module::Runtime is *very* popular and much other code depends upon it (http://deps.cpantesters.org/depended-on-by.pl?dist=Module-Runtime-0.014). Granted, the short-term modifications to CPAN installers -- which add '.' to @INC so that modules will install even if they still have code or tests which assume that '.' in @INC -- will permit Module::Runtime to be installable on 5.26.0 release day. But it would better if we could get all the key CPAN distributions to be fully installable with PERL_USE_UNSAFE_INC=0. Thank you very much. Jim Keenan
Fixed in M:R-0.015, just released to CPAN.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.