[MacPorts] #72482: openssh 10.0p2 fails to setup sandbox (and connections fail)
MacPorts
noreply at macports.org
Sat May 31 22:06:33 UTC 2025
#72482: openssh 10.0p2 fails to setup sandbox (and connections fail)
-------------------------+----------------------
Reporter: danielluke | Owner: artkiver
Type: defect | Status: reopened
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: openssh |
-------------------------+----------------------
Comment (by artkiver):
Replying to [comment:14 iamGavinJ]:
> Replying to [comment:13 artkiver]:
> > Replying to [comment:12 iamGavinJ]:
> > > Removing the launchd `-l` flag for ssh-agent, via the patch, has
completely broken my setup. I realise I'm likely in the minority by
configuring my own LaunchAgent plist, but having launchd control the
SSH_AUTH_SOCK is far superior when utilising the agent across multiple
apps (git/vscode/ssh), instead of now having to rely on shell startup
scripts.
> > >
> > > I also can't see how the `-l` switch was actively causing a problem,
and why it was removed, when the upside is feature parity with the native
macOS version, with no known downside.
> > >
> > > I would very much appreciate if this change could be rolled back.
> >
> > Thanks for the perspective!
> >
> > I am definitely OK with launchd and sandbox patches being reworked,
but my previous attempts to do so, were failures. Basically I got as far
as modifying the previous patches which would fail to apply entirely to
the 10.0p2 source.
> >
> > My efforts should still be attached for reference here:
https://trac.macports.org/ticket/72317 Unfortunately, while my reworked
patches did apply "cleanly" to the 10.0p2 source, the patched sources were
still breaking at compile time. ;-/
> >
> > Rather than rollback to a previous version of OpenSSH, I think a
better course of action would be to rework my failed patch attempts? But I
may not be the right person for those fixes, given that I previously tried
and failed to make them work.
>
> Agreed, failing forward is better due to the removal of macOS
sandboxing.
>
> I've attached my patches which work.
Awesome! Testing locally that seems to build OK. Thank you!
I'll prep a PR.
I think it would probably still be groovy if we could rework the sandbox
patch too, but that can wait for another time.
--
Ticket URL: <https://trac.macports.org/ticket/72482#comment:15>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list