Iustin Pop [Tue, 24 Jul 2018 21:39:00 +0000 (23:39 +0200)]
Travis: remove python 3.2 from build list
It seems the setuptools libraries that are installed in the travis
environments don't support anymore 3.2, which causes the builds to be
wrongly marked as failed.
Iustin Pop [Tue, 24 Jul 2018 21:20:53 +0000 (23:20 +0200)]
Tests: fix symlink testing
On Linux, non-root users are not allowed to set extended attributes,
so normal testing has hidden this. A fix to the Mac OS support
proposed in #14 uncovered this problem, which led to investigation and
this fix.
Manual testing on Linux with root and namespace=trusted now passes the
tests.
Iustin Pop [Tue, 24 Jul 2018 21:14:37 +0000 (23:14 +0200)]
Tests: introduce an alias for NS_USER
Using NS_USER directly makes it hard to change it for a one-off manual
test, so let's virtualise it, and additionally allow overriding from
the command line.
xwhuang [Fri, 9 Mar 2018 01:56:16 +0000 (09:56 +0800)]
Release GIL when do I/O operations
Release GIL in _list_obj, _get_obj, _set_obj, and _remove_obj. These
functions do I/O operations which take long time. We should release
GIL to allow other threads work.
Iustin Pop [Mon, 14 Nov 2016 21:02:25 +0000 (22:02 +0100)]
Expand the testing of invalid arguments
This is not significant advantage, but it does increase coverage. And
any coverage (even if not testing the logic too much) is better than
no coverage.
Iustin Pop [Tue, 25 Oct 2016 23:27:54 +0000 (01:27 +0200)]
Add a makefile coverage target
And expand a tiny bit the test suite to exercise one more error
path. Current coverage is not bad, ~87% lines coverage. For some
reason, no branch coverage is available :/
Iustin Pop [Tue, 25 Oct 2016 22:34:07 +0000 (00:34 +0200)]
Rework getting and listing attributes
Currently, getting and listing attributes is inconsistent in how it
deals with allocating memory for the data returned by the syscall:
- in most cases, we ask the kernel for the value, allocate memory,
then retrieve the value; if the value changed (increased) in the
meantime, this will lead to what should be preventable failures
- in the single case of getall, there is a loop for getting the
individual values, but not for initially get the list of values
Hence the bug report #12. This rather large change refactors a lot of
the code:
- doing a get/list is abstracted away into a helper function that
always does retries until we can read the value or fail with a
different error than ERANGE; this helper deal with all allocations
and resize operations.
- this means most of the single get/list operations are heavily
simplified
- and also means that we can always start optimistically with an
initial buffer size (currently set to 1K), instead of asking the
kernel first: this saves one out of two syscalls in the case the
value will indeed be smaller, but adds one extra syscall (the failed
initial read) in the case it's not.
The optimisation is a double-edged sword: for small attributes, it
will be a win (e.g. the test suite is ~5% faster now), but for large
attribute/lists, it will be potentially slower (50% more
syscalls). Not sure how to nicely deal with this; it would be good to
have a keyword argument maybe? Or build flag? Left for future
enhancements.
Iustin Pop [Sun, 23 Oct 2016 10:49:42 +0000 (12:49 +0200)]
Initialise target_t members on error paths
This is a no-op from the point of view of the actual code flow, but
not doing so can trigger false positives in some versions of GCC (4.9
from Jessie) at high optimisation levels (-O3). For an interesting
discussion of why this happens at `-O3` vs. at `-O2`, see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60165.
Iustin Pop [Mon, 2 May 2016 20:53:00 +0000 (22:53 +0200)]
Revert "Add build status badge to README"
This reverts commit de9bc00d145874b5a7a63ef382de215b735e8961. First,
it was markdown and README is rst, but that's not the point: sphinx
wants to warn about 'non-local image in URI', and the silencing of
this is only present in 1.4 and later, so for now just revert.
Iustin Pop [Sun, 1 May 2016 02:59:51 +0000 (04:59 +0200)]
Mark OSX build non-experimental
Also override Python list, since we only care about system python (OSX
doesn't support yet multiple Python versions), and the current state
shows a strange build summary (one build with N python versions).
Iustin Pop [Wed, 12 Aug 2009 19:58:36 +0000 (21:58 +0200)]
Fix building on systems which don't have ENODATA
This patch (a modified form of the original patch from Cyril Brulebois
<kibi@debian.org>) fixes building on systems which don't have ENODATA
(e.g. GNU/kFreeBSD).
Iustin Pop [Fri, 1 May 2015 23:25:51 +0000 (01:25 +0200)]
Fix potential name truncation in merge_ns()
It seems I misread the snprintf man page: a return value of exactly
the buffer size means truncation has occurred, so we need to fix the
operator (`>` → `≥`).
Additionally, improve slightly the error message raised in such a
case; this shouldn't ever happen.
Iustin Pop [Fri, 1 May 2015 23:17:37 +0000 (01:17 +0200)]
Fix sign-compare warning in merge_ns()
Thanks to travis-ci - the code does what seems an unsafe sign compare,
but actually it is a valid comparison (we test/handle the `< 0` case
as well, which is the only way the comparison could be invalid). To
silence this, do an explicit (safe) cast.
Iustin Pop [Fri, 1 May 2015 01:00:35 +0000 (03:00 +0200)]
Make the code -Wconversion ready: explicit casts only
This patch, while adding lots of extra boilerplate, converts all code
to explicit casts only; it now builds with `-Wconversion` cleanly,
although that's a bit too strong to turn on by default (for now).
Iustin Pop [Thu, 30 Apr 2015 23:02:59 +0000 (01:02 +0200)]
Fix a few int/size_t conversion issues
From https://bugzilla.redhat.com/show_bug.cgi?id=1127310: the
'#'-variats of parsing (s#, et#, etc.) take a size_t if
PY_SSIZE_T_CLEAN is defined (which the code does). On some
architectures (little-endian only?) this doesn't seem to be a problem,
but on PPC this is a failure in unit tests (at least yay).
The patch changes the type of bufsize to Py_ssize_t, and does an
explicit cast to size_t with underflow check in order to make the code
safer (assuming this is the right thing to do). This should result in
no unexpected conversion issues.
Iustin Pop [Thu, 30 Apr 2015 22:52:52 +0000 (00:52 +0200)]
Improve error checking in get_all()
After getting a too big value via ERANGE, making the call with the
proper length could still fail due to other issues, and this check is
missing. A negative value here would be changed into something weird
in the realloc call (which takes size_t), so the error reporting would
be bogus.
Iustin Pop [Thu, 30 Apr 2015 22:43:16 +0000 (00:43 +0200)]
Fix memory leak on get_all OutOfMemory handling path
It's unlikely that the situation is recoverable when failing to
allocate memory, but the current code is clearly buggy: PyMem_Realloc
doesn't clobber the existing buffer on failure, so not deallocating it
will result in a leak.
SELinux systems may have the security.selinux attribute defined for
temporary files upon creation. This can cause problems for the tests,
which assumed that new files have no attributes. Similar problems can
arise in other cases where temporary files created by python start out
with attributes.
To work around this, a comma-separated list of attributes to ignore can
be specified in the environment variable "TEST_IGNORE_XATTRS". Any
attributes specified in this way will be filtered out by tests.
ari edelkind [Tue, 17 Sep 2013 18:20:33 +0000 (14:20 -0400)]
Better handling of files without xattrs
Return an empty list immediately if a file has no xattrs (as most would
not on most systems). The number of system calls for files with no
extended attributes is reduced by (at least) half.
Jonas Borgström [Thu, 13 Jun 2013 20:17:32 +0000 (22:17 +0200)]
Use "surrogateescape" error handler when encoding unicode paths.
On Python 3 functions like os.listdir() always returns unicode
paths. "invalid" byte paths are decoded using the "surrogateescape" error
handler which must also be used when decoding.
See os.fsencodefs() and os.fsdecode().
Iustin Pop [Thu, 3 Jan 2013 20:36:36 +0000 (21:36 +0100)]
Fix string/unicode buffer size parsing
It seems that CPython allows passing "wrong" pointers for et#
(Py_ssize_t instead of int), but PyPy has problems with this, and
wrongly casts the pointers, leading to unsigned/signed conversion
failures.
This bug was introduced in commits 433c5852 and 8aa6fd81; I'm no
longer sure why bufsize was changed from int to Py_ssize_t as well,
but passing an int value to a C function expecting an ssize_t should
be safe as the compiler should do the required conversions behind the
scenes (as long as it has correct information about the types).
Iustin Pop [Tue, 15 May 2012 19:24:04 +0000 (21:24 +0200)]
Rework parsing of the namespace argument
In Python 3, we cannot accept (easily) bytes or None, so we have to
change how we accept the namespace argument.
Previously, if the argument was not passed or it was None, it was
considered missing. Since the None option is no longer possible, we
change it so that if not passed or passed as an empty string, it is
considered missing. This changes the behaviour somewhat, but I hope
that empty namespaces are not used (that's what I understand from
reading various pages on the internet).
Iustin Pop [Mon, 14 May 2012 20:32:07 +0000 (22:32 +0200)]
Fix bugs reported by cpychecker
Thanks to Dave Malcolm's cpychecker tool, this patch fixes a number of
serious issues. All issues that were not deemed false-positives were
fixed; some other issues in the same category that were found only by
a high number of refcount checks are also fixed (I should
split/simplify some parts of the code…).