nixos/tests/postgresql: test plv8 hardening on non-JIT variants only
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd get an evaluation failure for each `nixosTests.postgresql.postgresql.postgresql_jit_X`. This should be restructured in the future (less VM tests for custom extensions, but a single VM test for this case to cover). For now, we should get this fix out and this is a good-enough approach.
This commit is contained in:
parent
e198536d26
commit
68d9643388
@ -14,32 +14,41 @@ let
|
|||||||
postgresql-clauses = makeEnsureTestFor package;
|
postgresql-clauses = makeEnsureTestFor package;
|
||||||
};
|
};
|
||||||
|
|
||||||
test-sql = pkgs.writeText "postgresql-test" ''
|
test-sql =
|
||||||
CREATE EXTENSION pgcrypto; -- just to check if lib loading works
|
enablePLv8Test:
|
||||||
CREATE TABLE sth (
|
pkgs.writeText "postgresql-test" (
|
||||||
id int
|
''
|
||||||
|
CREATE EXTENSION pgcrypto; -- just to check if lib loading works
|
||||||
|
CREATE TABLE sth (
|
||||||
|
id int
|
||||||
|
);
|
||||||
|
INSERT INTO sth (id) VALUES (1);
|
||||||
|
INSERT INTO sth (id) VALUES (1);
|
||||||
|
INSERT INTO sth (id) VALUES (1);
|
||||||
|
INSERT INTO sth (id) VALUES (1);
|
||||||
|
INSERT INTO sth (id) VALUES (1);
|
||||||
|
CREATE TABLE xmltest ( doc xml );
|
||||||
|
INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
|
||||||
|
''
|
||||||
|
+ lib.optionalString enablePLv8Test ''
|
||||||
|
-- check if hardening gets relaxed
|
||||||
|
CREATE EXTENSION plv8;
|
||||||
|
-- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
|
||||||
|
DO $$
|
||||||
|
let xs = [];
|
||||||
|
for (let i = 0, n = 400000; i < n; i++) {
|
||||||
|
xs.push(Math.round(Math.random() * n))
|
||||||
|
}
|
||||||
|
console.log(xs.reduce((acc, x) => acc + x, 0));
|
||||||
|
$$ LANGUAGE plv8;
|
||||||
|
''
|
||||||
);
|
);
|
||||||
INSERT INTO sth (id) VALUES (1);
|
|
||||||
INSERT INTO sth (id) VALUES (1);
|
|
||||||
INSERT INTO sth (id) VALUES (1);
|
|
||||||
INSERT INTO sth (id) VALUES (1);
|
|
||||||
INSERT INTO sth (id) VALUES (1);
|
|
||||||
CREATE TABLE xmltest ( doc xml );
|
|
||||||
INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled
|
|
||||||
-- check if hardening gets relaxed
|
|
||||||
CREATE EXTENSION plv8;
|
|
||||||
-- try to trigger the V8 JIT, which requires MemoryDenyWriteExecute
|
|
||||||
DO $$
|
|
||||||
let xs = [];
|
|
||||||
for (let i = 0, n = 400000; i < n; i++) {
|
|
||||||
xs.push(Math.round(Math.random() * n))
|
|
||||||
}
|
|
||||||
console.log(xs.reduce((acc, x) => acc + x, 0));
|
|
||||||
$$ LANGUAGE plv8;
|
|
||||||
'';
|
|
||||||
|
|
||||||
makeTestForWithBackupAll =
|
makeTestForWithBackupAll =
|
||||||
package: backupAll:
|
package: backupAll:
|
||||||
|
let
|
||||||
|
enablePLv8Check = !package.pkgs.plv8.meta.broken;
|
||||||
|
in
|
||||||
makeTest {
|
makeTest {
|
||||||
name = "postgresql${lib.optionalString backupAll "-backup-all"}-${package.name}";
|
name = "postgresql${lib.optionalString backupAll "-backup-all"}-${package.name}";
|
||||||
meta = with lib.maintainers; {
|
meta = with lib.maintainers; {
|
||||||
@ -47,13 +56,17 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
nodes.machine =
|
nodes.machine =
|
||||||
{ ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
inherit package;
|
inherit package;
|
||||||
enable = true;
|
enable = true;
|
||||||
enableJIT = lib.hasInfix "-jit-" package.name;
|
enableJIT = lib.hasInfix "-jit-" package.name;
|
||||||
extensions = ps: with ps; [ plv8 ];
|
# plv8 doesn't support postgresql with JIT, so we only run the test
|
||||||
|
# for the non-jit variant.
|
||||||
|
# TODO(@Ma27) split this off into its own VM test and move a few other
|
||||||
|
# extension tests to use postgresqlTestExtension.
|
||||||
|
extensions = lib.mkIf enablePLv8Check (ps: with ps; [ plv8 ]);
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
@ -80,7 +93,7 @@ let
|
|||||||
|
|
||||||
with subtest("Postgresql is available just after unit start"):
|
with subtest("Postgresql is available just after unit start"):
|
||||||
machine.succeed(
|
machine.succeed(
|
||||||
"cat ${test-sql} | sudo -u postgres psql"
|
"cat ${test-sql enablePLv8Check} | sudo -u postgres psql"
|
||||||
)
|
)
|
||||||
|
|
||||||
with subtest("Postgresql survives restart (bug #1735)"):
|
with subtest("Postgresql survives restart (bug #1735)"):
|
||||||
|
Loading…
Reference in New Issue
Block a user