622f4ee354
This is a follow up to #200815 and #184634. The PCRE2 JIT SEAlloc does not support the `fork()` as announced in their README [0]: > If you are enabling JIT under SELinux environment you may also want to add > --enable-jit-sealloc, which enables the use of an executable memory allocator > that is compatible with SELinux. Warning: this allocator is experimental! > It does not support fork() operation and may crash when no disk space is > available. This option has no effect if JIT is disabled. As a result using it in PHP can break apps and tools, it can only be enabled under very specific context where you have a full picture of what the PHP code is doing. This contribution disables again the PCRE2 JIT SEAlloc and extends the existing PHP/PCRE2 tests to make sure we do not enable it again by mistake. [0] https://www.pcre.org/readme.txt
53 lines
1.7 KiB
Nix
53 lines
1.7 KiB
Nix
let
|
|
testString = "can-use-subgroups";
|
|
in
|
|
import ../make-test-python.nix ({ pkgs, lib, php, ... }: {
|
|
name = "php-${php.version}-httpd-pcre-jit-test";
|
|
meta.maintainers = lib.teams.php.members;
|
|
|
|
nodes.machine = { lib, pkgs, ... }: {
|
|
time.timeZone = "UTC";
|
|
services.httpd = {
|
|
enable = true;
|
|
adminAddr = "please@dont.contact";
|
|
phpPackage = php;
|
|
enablePHP = true;
|
|
phpOptions = "pcre.jit = true";
|
|
extraConfig =
|
|
let
|
|
testRoot = pkgs.writeText "index.php"
|
|
''
|
|
<?php
|
|
preg_match('/(${testString})/', '${testString}', $result);
|
|
var_dump($result);
|
|
'';
|
|
in
|
|
''
|
|
Alias / ${testRoot}/
|
|
|
|
<Directory ${testRoot}>
|
|
Require all granted
|
|
</Directory>
|
|
'';
|
|
};
|
|
};
|
|
testScript = let
|
|
# PCRE JIT SEAlloc feature does not play well with fork()
|
|
# The feature needs to either be disabled or PHP configured correctly
|
|
# More information in https://bugs.php.net/bug.php?id=78927 and https://bugs.php.net/bug.php?id=78630
|
|
pcreJitSeallocForkIssue = pkgs.writeText "pcre-jit-sealloc-issue.php" ''
|
|
<?php
|
|
preg_match('/nixos/', 'nixos');
|
|
$pid = pcntl_fork();
|
|
pcntl_wait($pid);
|
|
'';
|
|
in ''
|
|
machine.wait_for_unit("httpd.service")
|
|
# Ensure php evaluation by matching on the var_dump syntax
|
|
response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/index.php")
|
|
expected = 'string(${toString (builtins.stringLength testString)}) "${testString}"'
|
|
assert expected in response, "Does not appear to be able to use subgroups."
|
|
machine.succeed("${php}/bin/php -f ${pcreJitSeallocForkIssue}")
|
|
'';
|
|
})
|