[pkgsrc/trunk]: pkgsrc/bootstrap boostrap: Enable mksh by default on macOS 10...

To: source-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/bootstrap boostrap: Enable mksh by default on macOS 10...
From: jperkin <jperkin%pkgsrc.org@localhost>
Date: Mon, 06 Jul 2020 11:45:51 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d77823003e29
branches:  trunk
changeset: 435332:d77823003e29
user:      jperkin <jperkin%pkgsrc.org@localhost>
date:      Mon Jul 06 10:43:47 2020 +0000

description:
boostrap: Enable mksh by default on macOS 10.11+.

El Capitan (10.11) introduced System Integrity Protection (SIP), and one of
the side effects of this protection is that system shells (i.e. /bin/*sh)
unset any variables that may affect the security of the system.  This causes
problems with packages that rely on e.g. LD_LIBRARY_PATH.

Using a shell outside of the system paths allows us to work around this, at
least for now.

Tested in bulk builds on macOS Catalina, though with SIP disabled (as there
is no way to run sandboxed builds with SIP enabled).

diffstat:

 bootstrap/bootstrap |  11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r ffd8d80a6956 -r d77823003e29 bootstrap/bootstrap
--- a/bootstrap/bootstrap       Mon Jul 06 10:25:29 2020 +0000
+++ b/bootstrap/bootstrap       Mon Jul 06 10:43:47 2020 +0000
@@ -1,6 +1,6 @@
 #! /bin/sh
 
-# $NetBSD: bootstrap,v 1.285 2020/07/06 10:25:29 jperkin Exp $
+# $NetBSD: bootstrap,v 1.286 2020/07/06 10:43:47 jperkin Exp $
 #
 # Copyright (c) 2001-2011 Alistair Crooks <agc%NetBSD.org@localhost>
 # All rights reserved.
@@ -589,6 +589,15 @@
                need_sed=yes
        fi
 
+       # Avoid system shells on macOS versions that enable System Integrity
+       # Protection (SIP) as it affects packages that rely on variables such
+       # as LD_LIBRARY_PATH.  SIP unsets any variables that may affect
+       # security when using system binaries, i.e. /bin/*sh, but using a
+       # non-system shell is unaffected, at least for now.
+       if [ $macos_version -ge 1011 ]; then
+               need_mksh=yes
+       fi
+
        case "$macos_version" in
        100[7-9])
                packagemaker=/Applications/PackageMaker.app/Contents/MacOS/PackageMaker

Prev by Date: [pkgsrc/trunk]: pkgsrc/bootstrap bootstrap: Switch SunOS to mksh.
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/ninja-build ninja-build: Support mksh-enabled ma...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/bootstrap bootstrap: Switch SunOS to mksh.
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/ninja-build ninja-build: Support mksh-enabled ma...
Indexes:

Home | Main Index | Thread Index | Old Index