[MacPorts] #72482: openssh 10.0p2 fails to setup sandbox (and connections fail)

MacPorts noreply at macports.org
Sat May 31 21:59:14 UTC 2025 

#72482: openssh 10.0p2 fails to setup sandbox (and connections fail)
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  artkiver
      Type:  defect      |     Status:  reopened
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:
      Port:  openssh     |
-------------------------+----------------------

Comment (by iamGavinJ):

 Replying to [comment:13 artkiver]:
 > Replying to [comment:12 iamGavinJ]:
 > > Removing the launchd `-l` flag for ssh-agent, via the patch, has
 completely broken my setup.  I realise I'm likely in the minority by
 configuring my own LaunchAgent plist, but having launchd control the
 SSH_AUTH_SOCK is far superior when utilising the agent across multiple
 apps (git/vscode/ssh), instead of now having to rely on shell startup
 scripts.
 > >
 > > I also can't see how the `-l` switch was actively causing a problem,
 and why it was removed, when the upside is feature parity with the native
 macOS version, with no known downside.
 > >
 > > I would very much appreciate if this change could be rolled back.
 >
 > Thanks for the perspective!
 >
 > I am definitely OK with launchd and sandbox patches being reworked, but
 my previous attempts to do so, were failures. Basically I got as far as
 modifying the previous patches which would fail to apply entirely to the
 10.0p2 source.
 >
 > My efforts should still be attached for reference here:
 https://trac.macports.org/ticket/72317 Unfortunately, while my reworked
 patches did apply "cleanly" to the 10.0p2 source, the patched sources were
 still breaking at compile time. ;-/
 >
 > Rather than rollback to a previous version of OpenSSH, I think a better
 course of action would be to rework my failed patch attempts? But I may
 not be the right person for those fixes, given that I previously tried and
 failed to make them work.

 Agreed, failing forward is better due to the removal of macOS sandboxing
 removal.

 I've attached my patches which work.

-- 
Ticket URL: <https://trac.macports.org/ticket/72482#comment:14>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list