[rt-devel] inplace development environment setup issue

Sam Hanes sam at maltera.com
Fri Aug 5 03:57:09 EDT 2016 

On 08/04/2016 11:48 PM, Alex Vandiver wrote:
> ...
> I note that your @INC does not include "." and its "lib" is not an
> absolute one:
>
> ---------------------------------8<--------------------------------------
> #   Failed test 'etc/upgrade/4.0.19/content syntax is OK'
> #   at t/99-policy.t line 105.
> #          got: 'Can't locate lib//RT/Generated.pm in @INC (you may
> need to install the lib::::RT::Generated module) (@INC contains:
> lib /home/sam/code/rt/lib /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base)
> at lib/RT.pm line 786.
> ---------------------------------8<--------------------------------------
>
> I believe this to be because you're running a recently-updated perl,
> which is patched for CVE-2016-1238 [1] by enforcing the removal of "."
> from @INC.  But you'd _also_ have to be running an ExtUtils::Command::MM
> which doesn't make its arguments absolute, which means one from before
> 2002[2]?

I'm on Debian Unstable with Perl 5.22.2-3, into which Debian has indeed
backported the patches for CVE-2016-1238.

However, I have ExtUtils::Command::MM 7.04_01, which should include the
commit you referenced.

> I can replicate this if I run the test with "perl -Ilib t/99-policy.t"
> and explicitly strip "." from @INC.
>
> I've pushed 4.0/dotless-inc-path [3], which addresses the issue.  I
> believe this only affects installs with --layout=inplace (which are used
> almost exclusively for tests), as all other installs already provide a
> fully qualified path to `include`.
>
> You can work around this by cherry-picking that patch onto master.

Cherry-picking `4.0/dotless-inc-path` (0c628220bf8d) onto `master`
(9c9cedebbb63) did indeed fix the issues in `99-policy.t` as well as all
of the 'plaintext'-related tests. Thanks!

Is `4.0/dotless-inc-path` expected to land on `master` any time soon?


Now only `web/cf_groupings.t` and `web/install.t` remain failing; the
failures are identical to the original report.


> [1] http://perl5.git.perl.org/perl.git/commitdiff/cee96d5
> [2] https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/blame/master/lib/ExtUtils/Command/MM.pm#L71
> [3] https://github.com/bestpractical/rt/commit/0c628220bf

More information about the rt-devel mailing list