[pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or tools functionality to pgrouting

Vicky Vergara vicky at georepublic.de
Sun Aug 7 23:03:55 PDT 2022 

Hello all,

I am happy that this project is getting more and more attention.
And before the comments on the thread.

I would like to ask Manas, in the final report he makes to quote the
statements found in this thread about the cons of using plppythonu3.

Regards

Now onto the comments:

On Sun, Aug 7, 2022 at 1:56 PM Regina Obe <lr at pcorp.us> wrote:

> I concur with Imre Samu.  Most systems do not have plpythonu installed,
> and adding that extra dependency to test pgRouting would not be
> acceptable.  So it has to be an optional dependency if it is one at all.
>
>
>

There might be a misunderstanding, although Manas's GSoC project is for
pgRouting, he is doing it for the spinoff vrpRouting.
vrpRouting was created because not all software for solving vehicle routing
problems that is available its been packaged for the different operative
systems.
VROOM [1] was the first one that is not packaged, and it needs C++14 at
least whereas pgRouting needs C++11 which is the one available on CENTOS 7
for example.
Also in vrpRouting the min version of postgreSQL is 12, whereas for
pgRouting it supports all versions that are not in the EOL.

[1] http://vroom-project.org/



> If it is required for your testing then just don’t run the tests that
> require it if plpython3u is not installed.
>
>
Right now the testing level is on how to execute the following example of
or-tools [2]:

[2] https://developers.google.com/optimization/introduction/python#complete-program




>
>
> Reasons why plpython3u might not want to be installed:
>
>
>
> 1) Is a untrusted language so could allow damage to the operating system
> if used in the wrong hands.
>
> e.g. one could overwrite the operating system completely with such a
> function.  Far beyond mere SQL injection.
>

plpython3u was actually my suggestion.
and I have the same question Manas has about alternatives:
"Do you have any ideas/suggestions on how I could achieve this?"



> 2) Has an extra dependency on python3 (and a specific minor), which is
> sometimes difficult to get the right version or configuration especially on
> older systems.  On a system heavily using python3, it might not even be the
> right version that plpython3u was compiled with.
>
>
>

Currently for the GSoC program, the scope of his project does not include
the merge to the main repository of vrpRouting.
His work will allow the PSC to evaluate:
- possibility
- simplicity
- doability
- security
etc



> As a windows packager, I do not install plpython3u as it’s too messy,
> requires downloading extra stuff setting certain env variables etc. I still
> need to be able to test pgRouting proper before packaging for windows users.
>
>
>

Thanks for letting us know.
We will certainly put this comment on the doability section.



> *From:* pgrouting-dev [mailto:pgrouting-dev-bounces at lists.osgeo.org] *On
> Behalf Of *Manas Sivakumar
> *Sent:* Sunday, August 7, 2022 1:46 PM
> *To:* pgRouting developers mailing list <pgrouting-dev at lists.osgeo.org>
> *Subject:* Re: [pgrouting-dev] GSoC 2022 Week 7 Report : Add Google Or
> tools functionality to pgrouting
>
>
>
> I'm extremely sorry for the late reply. I don't use this mail id
> frequently. For now, I made install plpython3u as a dependency (I wasn't
> aware of your concern). I'll see if there is a way to make it optional
> because the functions that I have written right now need the plpython3u
> extension for testing. May I know how exactly the plpythonu extension is
> dangerous in your case? I mean the users can create their own function and
> run it, this might be a problem as it makes us susceptible to SQL injection
> attacks of sorts. Do you have any ideas/suggestions on how I could achieve
> this?
>
>
>
> Regards
>
>
>
> On Mon, Aug 1, 2022 at 2:00 AM Imre Samu <pella.samu at gmail.com> wrote:
>
> Hi Manas,
>
>
>
> Thank you for working on this topic.
>
>
>
> > figure out how to add python ortools to pgrouting requirements
>
>
>
> I don't know all the details, so apologies if my comment is too early or
> already known.
>
>
>
> if it can be done, it would be ideal for me ( as a user )  if the
> plpython3u system requirement was optional and not mandatory.
>
> Now the plpythonu is an “untrusted” language[1]
>
>   and is not allowed to be installed in many places;  ( ~ strict security
> policy )
>
>
>
> [1] https://www.postgresql.org/docs/14/plpython.html
>
> *"The writer of a function in untrusted PL/Python must take care that the
> function cannot be used to do anything unwanted, since it will be able to
> do anything that could be done by a user logged in as the database
> administrator.  Only superusers can create functions in untrusted languages
> such as plpythonu."   *
>
>
>
>
Be certain that the statement will go to the security section of the list I
mentioned before.

Regards,
>
>  Imre
>
>
>
>
>
> Manas Sivakumar <callmehero350 at gmail.com> ezt írta (időpont: 2022. júl.
> 31., V, 21:09):
>
> Hello Everyone,
>
> This is my week 7 report of the official coding period July 25th - July
> 31th.
>
> This also marks my first report for the second coding period.
>
>
>
> *What have I done this week?*
>
> ·         Implemented multiple_knapsack in PL/Python
>
> ·         Implemented bin_packing in PL/Python
>
> ·         Converted knapsack from c++ to PL/Python
>
> *What do I plan to do next week?*
>
> ·         figure out how to add python ortools to pgrouting requirements
>
> *Am I blocked on anything?*
>
> ·         No
>
> Any feedback, comments and suggestions are welcome.
>
> Pull Request : https://github.com/pgRouting/GSoC-pgRouting/pull/241
>
>
>
> _______________________________________________
> pgrouting-dev mailing list
> pgrouting-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>
> _______________________________________________
> pgrouting-dev mailing list
> pgrouting-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>
> _______________________________________________
> pgrouting-dev mailing list
> pgrouting-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/pgrouting-dev
>


-- 

Georepublic UG (haftungsbeschränkt)
Salzmannstraße 44,
81739 München, Germany

Vicky Vergara
Operations Research

eMail: vicky at georepublic.de
Web: https://georepublic.info

Tel: +49 (089) 4161 7698-1
Fax: +49 (089) 4161 7698-9

Commercial register: Amtsgericht München, HRB 181428
CEO: Daniel Kastl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/pgrouting-dev/attachments/20220808/f8877055/attachment-0001.htm>

More information about the pgrouting-dev mailing list