MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-15 14:26:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixpkgs/nixos/tests/php/pcre.nix
Thomas Gerbet 622f4ee354 php8*: disable PCRE2 JIT SEAlloc to avoid crashes when forking 
This is a follow up to #200815 and #184634.

The PCRE2 JIT SEAlloc does not support the `fork()` as announced in
their README [0]:
> If you are enabling JIT under SELinux environment you may also want to add
>  --enable-jit-sealloc, which enables the use of an executable memory allocator
>  that is compatible with SELinux. Warning: this allocator is experimental!
>  It does not support fork() operation and may crash when no disk space is
>  available. This option has no effect if JIT is disabled.

As a result using it in PHP can break apps and tools, it can only be
enabled under very specific context where you have a full picture of
what the PHP code is doing.

This contribution disables again the PCRE2 JIT SEAlloc and extends the
existing PHP/PCRE2 tests to make sure we do not enable it again by
mistake.

[0] https://www.pcre.org/readme.txt
2022-11-30 13:22:39 +01:00

52 lines
1.7 KiB
Nix
Raw Blame History

let
testString = "can-use-subgroups";
in
import ../make-test-python.nix ({ pkgs, lib, php, ... }: {
name = "php-${php.version}-httpd-pcre-jit-test";
meta.maintainers = lib.teams.php.members;
nodes.machine = { lib, pkgs, ... }: {
time.timeZone = "UTC";
services.httpd = {
enable = true;
adminAddr = "please@dont.contact";
phpPackage = php;
enablePHP = true;
phpOptions = "pcre.jit = true";
extraConfig =
let
testRoot = pkgs.writeText "index.php"
''
<?php
preg_match('/(${testString})/', '${testString}', $result);
var_dump($result);
'';
in
''
Alias / ${testRoot}/
<Directory ${testRoot}>
Require all granted
</Directory>
'';
};
};
testScript = let
# PCRE JIT SEAlloc feature does not play well with fork()
# The feature needs to either be disabled or PHP configured correctly
# More information in https://bugs.php.net/bug.php?id=78927 and https://bugs.php.net/bug.php?id=78630
pcreJitSeallocForkIssue = pkgs.writeText "pcre-jit-sealloc-issue.php" ''
<?php
preg_match('/nixos/', 'nixos');
$pid = pcntl_fork();
pcntl_wait($pid);
'';
in ''
machine.wait_for_unit("httpd.service")
# Ensure php evaluation by matching on the var_dump syntax
response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/index.php")
expected = 'string(${toString (builtins.stringLength testString)}) "${testString}"'
assert expected in response, "Does not appear to be able to use subgroups."
machine.succeed("${php}/bin/php -f ${pcreJitSeallocForkIssue}")
'';
})
Reference in a new issue View git blame Copy permalink