[MacPorts] #51905: Bear is broken on 10.11 (.5) because of Library Validation
MacPorts
noreply at macports.org
Tue Jul 26 13:09:58 PDT 2016
#51905: Bear is broken on 10.11 (.5) because of Library Validation
----------------------------+----------------------
Reporter: jlargentaye@… | Owner: cal@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Resolution: | Keywords: upstream
Port: Bear |
----------------------------+----------------------
Changes (by cal@…):
* keywords: => upstream
Comment:
Even though I do not get the message when I run `bear make`, I know quite
well what the problem is; Apple's SIP changes no longer allow
`DYLD_INSERT_LIBRARIES` to affect binaries with the SIP-bit enabled.
Unfortunately Apple's approach to marking binaries with the bit was "stick
it on everything in /usr/bin and /bin", which includes tools used by many
build systems such as the Shell, make, ln, mkdir, mv, rm, rmdir, chmod,
cp, touch, install, and also clang and clang++.
This wouldn't be a problem if Apple's fallback solution for starting a
SIP-binary with `DYLD_INSERT_LIBRARIES` set was disabling the entitlements
(as if you were running a copy of the binary), but it isn't, so there's no
good way around that for now.
The way we've solved that in MacPorts for our own use of
`DYLD_INSERT_LIBRARIES` is hooking `execvp` and `posix_spawn` and
transparently creating a copy of all SIP binaries without the SIP-bit.
Instead of the original binary, we then run the copy (which isn't affected
by the loader restriction) but set up argv[] in such a way that the binary
itself doesn't notice under normal conditions.
A similar approach (or different workaround) would have to be implemented
for Bear upstream. Please report the problem there, if it hasn't been
reported already.
--
Ticket URL: <https://trac.macports.org/ticket/51905#comment:2>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list