Re: Do not make mksh the default shell on macOS

[Jonathan Perkin <jperkin%joyent.com@localhost>]

* On 2020-07-14 at 12:09 BST, Greg Troxel wrote:

> Jonathan Perkin <jperkin%joyent.com@localhost> writes:
> 
> > * On 2020-07-14 at 01:52 BST, Greg Troxel wrote:
> >
> >> It might be that the pkg_alternatives wrappers should avoid using a
> >> SIP-protected shell, to avoid the environment purging.
> >
> > They now do since the change, and this was another reason to make the
> > switch.  See:
> >
> >   https://github.com/NetBSD/pkgsrc/issues/66
> 
> Great, thanks.  I was just not quite following all the discussion.
> 
> Is it possible to run pbulk on macos now, with SIP enabled?

It's not specifically whether pbulk runs, it's that there are a number
of issues regarding creating sandboxes that SIP prevents.  The most
important one is that DNS resolution does not work inside as it's not
possible to modify mDNSResponder to listen on additional sockets, but
from memory even working around that with static entries in /etc/hosts
still resulted in other problems (I'll probably try again one day).

As I mentioned in my response to the OP, finding a way to create
working sandboxes on SIP-enabled systems would be great, so if anyone
has any ideas...  Currently a lot of my bulk build CPU time is spent
on localhost NFS mounts, so figuring out a way to get fast bind mounts
that support DNS would not only allow SIP-enabled builds but also
likely deliver a decent speed increase to bulk builds.

If you were running macOS in VMWare Fusion or something though and
didn't mind building outside of sandboxes then I don't see why you
couldn't run pbulk, though obviously it would be very slow due to
concurrency=1.

Thanks,

-- 
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com