Running open source 'unix' services via MacPorts on macOS is no longer feasible for me
eborisch at macports.org
Tue Nov 29 18:42:31 UTC 2022
I'll echo this; FreeBSD is a fantastic operating system for servers. The
FreeBSD ports system should feel familiar in concept, if different in
execution, to MacPorts users. (Jordan Hubbard was involved in the creation
of both projects.) They likewise have pre-compiled (with default options)
binaries available via 'pkg install ...' or you can go in and adjust (but
will then need to locally build) to customize things; this is done via
'make config' in the desired port's directory, rather than via '+opt1-opt1'
But ZFS and boot environments are the absolute bee's knees. The ability to
easily roll back to an earlier installation (from a boot loader menu if
needed, too!) make running a server a much less stressful exercise. And ZFS
as a file system / storage management tool is such a game-changer; it's a
shame Apple decided to go a different way
I still use MacOS for desktop and $DAYJOB work, but FreeBSD is certainly
worth a look for servers / systems storing important data if you're tired
of fighting the constant shifts (in security restrictions, especially)
between versions of MacOS.
On Tue, Nov 29, 2022 at 8:03 AM Marius Schamschula <lists at schamschula.com>
> After the demise of Mac OS X Server I migrated all server duties to
> Currently I’m running FreeBSD 13.1 on three machines: a Dell tower box
> with 8 drive bays at home (apache 2.4, php, mysql and ownCloud), a
> virtualized server at work (nginx, php and mysql), and a 2009 Mac Pro at
> work (for testing updates before applying them to the production machines).
> Bonus: zfs with the data redundancy I once used Drobos for.
> On Nov 29, 2022, at 5:54 AM, Gerben Wierda via macports-users <
> macports-users at lists.macports.org> wrote:
> Over the last years, it has become harder and harder to run Unix services
> on my Macs. I'm using MacPorts for these since the demise of macOS Server
> and they include
> - a mail server (dcc, apache-solr8, clamav-server, rspamd, dovecot,
> - a name server (nsd, unbound)
> - a web server (nginx, minio)
> Before Monterey I was running Mojave and that worked very well. I skipped
> Catalina and went straight for Monterey so I would have a long period of
> 'no large migrations'.
> The experience has been horrible. I had to turn off the application layer
> firewall on the server for instance. I had to start some services (MinIO)
> not via launchd but by hand because they would not start properly because
> of permissions when I did (MinIO could not access a fixed mount external
> disk when started from launchd, but had no problem accessing it after
> boot). About 1 to 2 times every day, the system is totally dead, it gets
> stuck apparently because it runs out of sockets or something like that. I
> suspect this is because I am running a public mail server which gets a lot
> of connections and macOS has some sort of resource leak. After maximally
> about an hour, the system gets 'unstuck' and moves on. The 'unstuck'
> started to happen was after 12.5 to 12.5.1 (so an improvement) but it has
> the feel of Apple doing a quick and dirty fix in 12.5.1 for a resource leak
> in 12.5.
> Apple has been a rock solid server system for me for many years. Since
> Monterey I consider it to be extremely unreliable and not feasible as a
> server environment for unix-like services.
> I suspect that all of this is because Apple is moving to a new security
> mechanism, one more focused on how it is done in iOS too, where things like
> code signing, immutability of parts of the file system, etc. are taking the
> role that traditionally is done by ACL/POSIX-like permissions. Apple's new
> way of doing security is arguably stronger than the old way. But the 'old'
> way of doing things is less and less supported and certainly not a focus
> for Apple to keep operational (which is dumb because by not supporting they
> are flying blind for the kind of resource leak errors I seem to have
> encountered). So, install unbound, and after boot macOS will ask you 'do
> you want unbound to accept incoming connections?'. Yes, of course, but that
> setting doesn't stick. After every next reboot, the same happens. Run the
> same executable side by side on different ports, and ALF gets confused. So,
> not only is the old ACL/POSIX way of permissions no longer properly
> implemented, the new system is not friendly for your own compiled stuff.
> The setup has become so unreliable that I do not dare to upgrade my
> current server beyond macOS 12.5.1, afraid as I am that the next update
> will kill even more, rendering my production setup effectively dead.
> I can't update my macOS anymore for fear that it kills what I cannot work
> The key weak point in all of this seems to be the macOS Application Level
> Firewall which is iffy and especially iffy when it has to work with
> unsigned executables. But even when it is turned off, lots of other things
> that would normall work fine in a unix-like environment stop working,
> esppecially when you want to do 'server-like' stuff that requires open
> ports and sockets and such.
> Sadly, this means that running a 'macOS Server substitute using MacPorts'
> is no longer feasible for me. I have started to move to a Linux setup and I
> hope my 'macOS Server' (which I have been running since it's start in some
> way or another, and OPENSTEP/NeXTSTEP before that) survives until I have
> that working properly.
> Apple turns macOS into a purely consumer appliance, it seems. That is
> their good right, but they also starve attention to the old unixy-way of
> things, leading to weak (certainly not robust) implementations of the
> unix-side. And that might be the eventual death of MacPorts unless it goes
> full in on Apple's new security model, signing and all. And for the time
> being, Apple's own suggestion to move to open source variants of the macOS
> Server stuff they abandoned, is not to be taken seriously as they also are
> not serious about the foundation those open source elements need.
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R&A IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> Marius Schamschula
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the macports-users