From nobody Tue Aug 01 21:06:47 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RFnjS6z98z4prf4; Tue, 1 Aug 2023 21:06:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RFnjN0cB7z3Lx3; Tue, 1 Aug 2023 21:06:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690924008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NOJk5x5z6uxNKkoMg9p3nBCH3/qzxW1DczShp+ldcro=; b=aUfWtthdI1eRm2xI8tb1UYadFseQYI7glQosNQqAF3hAs4Cls30DH0UU7Gt6KbXdOdczdi 2tNk59zPx2KPais8nVwWwj/nzKVf5cesJcVtYGYbLCBVsWpMxOpWwHagHKO44TC+mbhCIg MaYsdXF4wmRtYG+LZlfbw32vS7idanq3hYBn/nOEZXK8cPMUWjlZLOgYviyt3TM7LT42R+ of/GzHI+828kxEFa6ctKYi/sNKY7/VI3Enz2AaPQfAPOnfrVfj62feHCJZk6Ny637u2h0o nMmvfdi6ZL02BDtLcP+Q+h7YUla1nTTJhycXLUGQu9mxX6doyO7yNpS5poXaFg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690924008; a=rsa-sha256; cv=none; b=StOgNBDNlxhJ1x3UNIIItsmJhHAVD36JH1Xw2d437AUzzv4s3Ydpg+jQJNi03VF0cs6aEN 6GbzTbYvP9M8+Kl4Uqg1Q5dsLX9uuu6rYdjV6qKALWCknbkS9U97T4RisNEd9w4f0/Ht6I HInaJkCKFEL/G6G9KqwnW39j8tqM+AcjPOHpKLAqJO0S9ITNA8O4plEtMwbTBfslgE3ny9 8D+y7nt8S29HxprNLO+YKQ9VIicgQg2KYQxSNKfMf32IwOu/pSVioKL/kWTo0lMhAbCWvI jmL4jqiYK60vrflJmTNVBibsngXFoZU4jZuJDN8A0LNVDQCzZOk8XqaHJmPWjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690924008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NOJk5x5z6uxNKkoMg9p3nBCH3/qzxW1DczShp+ldcro=; b=Gf0cYGwF9KjQa1ZjDcnA4Xy1bEwExTREkj+HVAz8KHmXnRpsMkKUqeekaeiJrQpu7HRkYh j96r0gwxzaueW7wZ5pMbzDZ6KaDBweObOc5XlukTfgBuhVfHLvM707f5qWrFx2HUPqDqbC U3tlVxk0dOICuG23LDxRlb+dNlLdTMAlEAhMnfxIQcNt6N4eyUK7QFMQU5SVE6BHC5enKq sk3g5acAB20IpYwdI64n/G/VrKRl2DE0YF1vbbBXsFfRvVXPqmildNBSX+dbc/cTEF7YW6 ofI3AdxogukW7iNxA9R7jh9eYrZOomaYxqvBPwC3O8IOd1KWcGHF5sbVbqjWkQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RFnjM6bNpzsgn; Tue, 1 Aug 2023 21:06:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 371L6ltp013848; Tue, 1 Aug 2023 21:06:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 371L6lfX013847; Tue, 1 Aug 2023 21:06:47 GMT (envelope-from git) Date: Tue, 1 Aug 2023 21:06:47 GMT Message-Id: <202308012106.371L6lfX013847@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jessica Clarke Subject: git: e7f1ba7f6726 - stable/13 - Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrtc27 X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e7f1ba7f6726049b264a4b1f7b838ab85a4cc265 Auto-Submitted: auto-generated The branch stable/13 has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=e7f1ba7f6726049b264a4b1f7b838ab85a4cc265 commit e7f1ba7f6726049b264a4b1f7b838ab85a4cc265 Author: Jessica Clarke AuthorDate: 2023-03-03 02:15:30 +0000 Commit: Jessica Clarke CommitDate: 2023-08-01 20:42:53 +0000 Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints As of macOS Ventura, Apple-signed binaries cannot be run if copied away from their system location. This security feature doesn't really make sense for boring things like sh(1), more so for applications with special entitlements, but it's universally present, and results in the following error: >>> Install check world bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 572: warning: "MAKEFLAGS= CPUTYPE=dummy /Users/Jess/cheri/build/freebsd-riscv64-build/bmake-install/bin/bmake -f /dev/null -m /Users/Jess/cheri/freebsd/share/mk MK_AUTO_OBJ=no -V CPUTYPE" exited on a signal bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 575: CPUTYPE global should be set with ?=. As with host-symlinks, we don't actually need to copy the files on macOS, since we're not updating the current machine, so copy its approach and just symlink them instead. MFC after: 1 week (cherry picked from commit dda4d97289f17aa8b2bbfd8d63a746b3a7836fd5) --- Makefile.inc1 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index 3f858b182238..118eb2115223 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -640,6 +640,18 @@ MKTEMP=${WORLDTMP}/legacy/usr/bin/mktemp MKTEMP=mktemp .endif INSTALLTMP!= ${MKTEMP} -d -u -t install + +.if ${.MAKE.OS} == "FreeBSD" +# When building on FreeBSD we always copy the host tools instead of linking +# into INSTALLTMP to avoid issues with incompatible libraries (see r364030). +# Note: we could create links if we don't intend to update the current machine. +INSTALLTMP_COPY_HOST_TOOL=cp +.else +# However, this is not necessary on Linux/macOS. Additionally, copying the host +# tools to another directory with cp results in AMFI Launch Constraint +# Violations on macOS Ventura as part of its System Integrity Protection. +INSTALLTMP_COPY_HOST_TOOL=ln -s +.endif .endif .if make(stagekernel) || make(distributekernel) @@ -1394,7 +1406,7 @@ distributeworld installworld stageworld: _installcheck_world .PHONY fi; \ done); \ fi; \ - cp $$libs $$progs ${INSTALLTMP} + ${INSTALLTMP_COPY_HOST_TOOL} $$libs $$progs ${INSTALLTMP} cp -R $${PATH_LOCALE:-"/usr/share/locale"} ${INSTALLTMP}/locale .if defined(NO_ROOT) -mkdir -p ${METALOG:H}