[MacPorts] #53629: Failure during destroot, due to not privs
MacPorts
noreply at macports.org
Wed Feb 22 20:23:51 UTC 2017
#53629: Failure during destroot, due to not privs
----------------------+----------------------
Reporter: cbarrett | Owner:
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Keywords: | Port: carthage
----------------------+----------------------
When running `sudo port install carthage`:
{{{
:notice:destroot ---> Staging carthage into destroot
:debug:destroot Can't run destroot under sudo without elevated privileges
(due to mtree).
:debug:destroot Run destroot without sudo to avoid root privileges.
:debug:destroot Going to escalate privileges back to root.
:debug:destroot euid changed to: 0. egid changed to: 0.
}}}
This causes the call to `:info:destroot git submodule update --init
--recursive` to fail with, e.g.
{{{
:info:destroot Cloning into
'/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_devel_carthage/carthage/work/Carthage-0.18.1/Carthage/Checkouts/Commandant'...
:info:destroot fatal: unable to access
'https://github.com/Carthage/Commandant.git/': SSL certificate problem:
Couldn't understand the server certificate format
}}}
Sure enough, sandboxing violations like in #50469
{{{
default 15:09:52.374632 -0500 kernel SandboxViolation: git-remote-
http(70759) deny(1) file-write-data /private/var/db/mds/system/mds.lock
}}}
My config doesn't have `macportsuser root` in it, or anything like that
from the other ticket.
Perhaps whatever's causing ports to run mtree (I haven't looked in detail
there yet) should drop privs afterwards? I'm going to keep digging—years
and years ago I was a contributor! :)
--
Ticket URL: <https://trac.macports.org/ticket/53629>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list