Bug 1200798 - missing tests for contrib [NEEDINFO]
Summary: missing tests for contrib
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: postgresql
Version: postgresql92
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 2.2
Assignee: Honza Horak
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks: 1327618
TreeView+ depends on / blocked
 
Reported: 2015-03-11 12:08 UTC by Karel Volný
Modified: 2016-04-15 13:31 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1327618 (view as bug list)
Environment:
Last Closed: 2016-04-12 11:37:47 UTC
Target Upstream Version:
kvolny: needinfo? (jprokes)


Attachments (Terms of Use)

Description Karel Volný 2015-03-11 12:08:31 UTC
Description of problem:
Looking for a way to test CVE-2015-0243, I have found that it is covered already by the upstream testsuite. However, these tests are not included in our packages, neither in -test and neither in -contrib (or not yet existing -contrib-test if you prefer).

Version-Release number of selected component (if applicable):
postgresql92-postgresql-test-9.2.10-2.el6

How reproducible:
always

Steps to Reproduce:
1. rpm -ql postgresql92-postgresql-test postgresql92-postgresql-contrib | grep pgp-decrypt.sql ; echo $?
2.
3.

Actual results:
1

Expected results:
/opt/rh/postgresql92/root/usr/lib64/pgsql/test/contrib/pgcrypto/sql/pgp-decrypt.sql
0

Additional info:
While at it, shouldn't the tests be installed rather into /usr/share as they aren't libraries, and pg_regress binary into /usr/bin?

Comment 1 Karel Volný 2015-03-11 12:12:35 UTC
(oops, I've meant 'pgp-pubkey-decrypt.sql', not 'pgp-decrypt.sql', to be correct about the CVE)

Comment 3 Pavel Raiskup 2015-03-12 12:28:27 UTC
Thanks for the question.  The postgresql-test subpackage is kind of hacky and
brittle stuff which I would be against touching in production, however.

(In reply to Karel Volný from comment #0)
> Description of problem:
> Looking for a way to test CVE-2015-0243, I have found that it is covered
> already by the upstream testsuite. However, these tests are not included in
> our packages, neither in -test and neither in -contrib (or not yet existing
> -contrib-test if you prefer).

Its in our packages, its in src.rpm.  Those contrib tests should be run during
package build.  Do you observe any problem with particular build-time
testcase?  You're free to pick that sql file and reuse it, however.

> Additional info:
> While at it, shouldn't the tests be installed rather into /usr/share as they
> aren't libraries,
> and pg_regress binary into /usr/bin?

Even the "main" testsuite in src/test/regress are not designed to be
distributed.  Files in postgresql-test have hard-wired relative paths for
dependencies etc.  End, IIRC %_libdir was choosen because it is architecture
dependant stuff.  The way it is packaged is really hacky and historically, we
distribute only core testsuite.

I don't agree that 'postgresql-contrib-tests' or something like that would be
material for production (for RHEL, RHSCL i tend to WONTFIX).  I would agree
with Fedora Rawhide bug and following precise communication with upstream how
to make testsuite distributed out of the box.

Pavel


Note You need to log in before you can comment on or make changes to this bug.