From nobody Fri Mar 03 03:18:53 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PSY8s43Lsz3wbKF; Fri, 3 Mar 2023 03:18:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PSY8s3LPhz3L7s; Fri, 3 Mar 2023 03:18:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677813533; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u0gcsZ4M/pjiMaULbXw/GSUGpW7eRdKLAns43r6GNUE=; b=PM9tT0eBT/DJXatMTebAsbwruD0lEYhiY0crKlb5+2QUT2Dc24kPgrprElXL6HRNgprS52 jk36zp7tiPyfE23ky+njfwpbRAxrvIO3JEohLoW4NT67oda4PQ1iz/bCeZrdRsbTmvj7Kw bbBD82QLsyEIvHnJ5ywBrTE8cT91lu2Ka+YfTdNGycljF+ZgNshDVPIQw1b2kbq2YkB/v3 JyJyegzej1k7L7pmMX7Z6o5Ia2+hRujHqXXf1jUGRaQNh6EzrUoNNZA7G3zRgdqEM//CP8 02fP27qJxQIFkn8Brjdaflxc2BzeaNNJvqDmPWGnxqVikHmDw2n7t4Qy/3/jqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677813533; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=u0gcsZ4M/pjiMaULbXw/GSUGpW7eRdKLAns43r6GNUE=; b=F1+9aZUZpmvG5L48SNzBARk8msihS5ewCFi90+NBOUa0mTExQz7mF4SYi6WV09r3hdx4Nq 0F074+H8TZzfsmSUADnfxjzptR/hauk4jvzu2Aod1WAkd//fgewZu6ZGmXpi6rEtLLDgFW 2vb6XstRnSsH5wYoYQ3wtZuBuJO5APVCI6IfVcfLYCmdusuQP5uaMg1t+oU1xNAL9SqFGF Bleifl1lTfVEdf0IYPcXawdNT1SAUAqULOOOPLsRAsq7Rz5thwu2JgTTnBHyaclV9gAMgr XM7fgJCE6iNftnpmuSlb+eVKcoQVlTKZnZezfK4/TqvVp3KS2NVbFg2z4VIDJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677813533; a=rsa-sha256; cv=none; b=TKd2Z8hkSfDy2c2Euo5Ldmml9VQGWhCm/QfsAWGuW8XKOtZzD9pfub8FMB7A8FeQ3L7YHC ntuhQTr0PeHXXZjIqfiJIY5PNHWvgAnR7rUeXgJOewImyZR0kmq8KyvwSEIjooUZ1/9/AW PYr6LJ51ZNzxqBkBbnuRGRKZdrHyTpetSm6GixGfDsA0s+1Sd3w8zicfHuvM77/hOKIYgF 9JE7dpXojZr5XyGWxxFAfinUhzz1zMRK/Pdra998+vdhrKyR07q35m/nBVdTNd6/G6BAbv AV3NaDyFzunTz3opEf4BXkph7jM95Uf20pypvY1w69Xk2oBeu7avYgQ5IyQLaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PSY8s2NkQzj3x; Fri, 3 Mar 2023 03:18:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3233Ir6Z023345; Fri, 3 Mar 2023 03:18:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3233IrjF023344; Fri, 3 Mar 2023 03:18:53 GMT (envelope-from git) Date: Fri, 3 Mar 2023 03:18:53 GMT Message-Id: <202303030318.3233IrjF023344@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jessica Clarke Subject: git: dda4d97289f1 - main - Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jrtc27 X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dda4d97289f17aa8b2bbfd8d63a746b3a7836fd5 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=dda4d97289f17aa8b2bbfd8d63a746b3a7836fd5 commit dda4d97289f17aa8b2bbfd8d63a746b3a7836fd5 Author: Jessica Clarke AuthorDate: 2023-03-03 02:15:30 +0000 Commit: Jessica Clarke CommitDate: 2023-03-03 02:15:30 +0000 Makefile.inc1: Support building with macOS Ventura's AMFI Launch Constraints As of macOS Ventura, Apple-signed binaries cannot be run if copied away from their system location. This security feature doesn't really make sense for boring things like sh(1), more so for applications with special entitlements, but it's universally present, and results in the following error: >>> Install check world bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 572: warning: "MAKEFLAGS= CPUTYPE=dummy /Users/Jess/cheri/build/freebsd-riscv64-build/bmake-install/bin/bmake -f /dev/null -m /Users/Jess/cheri/freebsd/share/mk MK_AUTO_OBJ=no -V CPUTYPE" exited on a signal bmake[2]: "/Users/Jess/cheri/freebsd/Makefile.inc1" line 575: CPUTYPE global should be set with ?=. As with host-symlinks, we don't actually need to copy the files on macOS, since we're not updating the current machine, so copy its approach and just symlink them instead. MFC after: 1 week --- Makefile.inc1 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index 3399e469ea02..542121976333 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -629,6 +629,18 @@ MKTEMP=${WORLDTMP}/legacy/usr/bin/mktemp MKTEMP=mktemp .endif INSTALLTMP!= ${MKTEMP} -d -u -t install + +.if ${.MAKE.OS} == "FreeBSD" +# When building on FreeBSD we always copy the host tools instead of linking +# into INSTALLTMP to avoid issues with incompatible libraries (see r364030). +# Note: we could create links if we don't intend to update the current machine. +INSTALLTMP_COPY_HOST_TOOL=cp +.else +# However, this is not necessary on Linux/macOS. Additionally, copying the host +# tools to another directory with cp results in AMFI Launch Constraint +# Violations on macOS Ventura as part of its System Integrity Protection. +INSTALLTMP_COPY_HOST_TOOL=ln -s +.endif .endif .if make(stagekernel) || make(distributekernel) @@ -1388,7 +1400,7 @@ distributeworld installworld stageworld: _installcheck_world .PHONY fi; \ done); \ fi; \ - cp $$libs $$progs ${INSTALLTMP} + ${INSTALLTMP_COPY_HOST_TOOL} $$libs $$progs ${INSTALLTMP} cp -R $${PATH_LOCALE:-"/usr/share/locale"} ${INSTALLTMP}/locale .if defined(NO_ROOT) -mkdir -p ${METALOG:H}