lib dependency confusion
Bill Cole
macportsusers-20171215 at billmail.scconsult.com
Fri Jan 12 22:22:26 UTC 2018
On 12 Jan 2018, at 15:37, Daniel J. Luke wrote:
> On Jan 12, 2018, at 3:27 PM, Dave Horsfall <dave at horsfall.org> wrote:
>> Whether Apple wants to admit that its machines can crash and thereby
>> cream the filesystem is another question...
>
> presumably that's what macOS Recovery is for:
> https://support.apple.com/en-us/HT201314
All very well and good for a machine running an OS version that got the
ShellShock update from Apple.
One of the use cases for MacPorts is to keep older Macs that are
physically capable of doing significant work (e.g. as servers) updated
in regards to the open source parts of MacOS. For example, I have a Core
Duo (i.e. 32-bit) Mac handling duties that face the outside world. It
can't run a MacOS newer than Snow Leopard. If it was running the last
versions Apple provided of everything open source that it runs, it would
be non-securable. Unfortunately, Apple hopped on the 'sh is bash'
bandwagon quite a while ago, so Apple's last sh on Snow Leopard was a
serious latent risk. I used the MacPorts infrastructure on that host to
create a bash variant that links statically to all of the MacPorts
libraries that it uses and (because it's unfixable) dynamically to
Apple's libSystem. I was mostly kidding about submitting that hack
upstream because I agree with Ryan that it does not belong in a package
management system like MacPorts: too Frankensteiny. OTOH, I did create
a model for a general "as static as possible while using MacPorts"
variant that should work on anything.
More information about the macports-users
mailing list