diff options
author | Nicholas Clark <nick@ccl4.org> | 2022-08-02 10:23:15 +0200 |
---|---|---|
committer | Yves Orton <demerphq@gmail.com> | 2023-02-11 07:17:42 +0100 |
commit | 7aa54fe19fcfbd642dc14bdd8b40ec86982aacc2 (patch) | |
tree | 1cf8c78f6f21ea03d9bacb0272c8dc3959906eb1 /Porting | |
parent | 7d994703dedf28a09a41810269ad0810e55096cb (diff) | |
download | perl-7aa54fe19fcfbd642dc14bdd8b40ec86982aacc2.tar.gz |
bisect-runner.pl needs to set DYLD_LIBRARY_PATH on macOS
El Capitan (OS X 10.11) (and later) strip DYLD_LIBRARY_PATH from the
environment of /bin/sh, hence setting the existing code that sets this in
%ENV assuming that it is visible to the invoked process no longer works. We
have to be explicit in every invocation, as part of the command that the
shell itself is processing.
This hurts us because in 5.8.0 and earlier the hints default macOS to build
a shared perl library.
Diffstat (limited to 'Porting')
-rwxr-xr-x | Porting/bisect-runner.pl | 67 |
1 files changed, 65 insertions, 2 deletions
diff --git a/Porting/bisect-runner.pl b/Porting/bisect-runner.pl index 58a40531bd..4924f93d69 100755 --- a/Porting/bisect-runner.pl +++ b/Porting/bisect-runner.pl @@ -86,7 +86,24 @@ exit 255 unless $rv; my ($target, $match) = @options{qw(target match)}; -@ARGV = ('sh', '-c', 'cd t && ./perl TEST base/*.t') +# El Capitan (OS X 10.11) (and later) strip DYLD_LIBRARY_PATH +# from the environment of /bin/sh +# https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/RuntimeProtections/RuntimeProtections.html +# +# (They *could* have chosen instead to ignore it and pass it through. It would +# have the same direct effect, but maybe needing more coding. I suspect the +# choice to strip it was deliberate, as it will also eliminate a bunch more +# attack vectors, because it prevents you sneaking an override "into" something +# else you convince the user to run.) + +my $aggressive_apple_security = ""; +if ($^O eq 'darwin') { + require Cwd; + my $cwd = quotemeta Cwd::getcwd(); + $aggressive_apple_security = "DYLD_LIBRARY_PATH=$cwd "; +} + +@ARGV = ('sh', '-c', "cd t && $aggressive_apple_security./perl TEST base/*.t") if $options{validate} && !@ARGV; pod2usage(exitval => 0, verbose => 2) if $options{usage}; @@ -123,7 +140,7 @@ if (defined $target && $target =~ /\.t\z/) { unless ($target =~ s!\At/!!) { $target = "../$target"; } - @ARGV = ('sh', '-c', "cd t && ./perl TEST " . quotemeta $target); + @ARGV = ('sh', '-c', "cd t && $aggressive_apple_security./perl TEST " . quotemeta $target); $target = 'test_prep'; } @@ -1691,6 +1708,7 @@ if ($options{'all-fixups'}) { patch_SH(); patch_C(); patch_ext(); + patch_t(); } apply_fixups($options{'early-fixup'}); @@ -1824,6 +1842,7 @@ if($options{'force-regen'} unless ($options{'all-fixups'}) { patch_C(); patch_ext(); + patch_t(); } # Parallel build for miniperl is safe @@ -3424,6 +3443,38 @@ $2!; } } + if ($^O eq 'darwin' && ($major < 8 + || ($major < 10 + && !extract_from_file('ext/DynaLoader/Makefile.PL', + qr/sub MY::static /)))) { + my $cwd = Cwd::getcwd(); + my $wrapper = 'miniperl.sh'; + my $fh = open_or_die($wrapper, '>'); + print $fh <<"EOT"; +#!/bin/sh +${aggressive_apple_security}exec $cwd/miniperl "\$\@" +EOT + close_or_die($fh); + chmod 0755, $wrapper + or die "Couldn't chmod 0755 $wrapper: $!"; + + edit_file('ext/util/make_ext', sub { + my $code = shift; + # This is shell expansion syntax + $code =~ s{ (\.\./\$depth/miniperl) } + { $1.sh }; + # This is actually the same line as edited above. + # We need this because (yay), without this EU::MM will + # default to searching for a working perl binary + # (sensible plan) but due to macOS stripping + # DYLD_LIBRARY_PATH during system(...), .../miniperl + # (as found from $^X) *isn't* going to work. + $code =~ s{ (Makefile\.PL INSTALLDIRS=perl) } + { $1 PERL=\.\./\$depth/miniperl.sh }; + return $code; + }); + } + if ($^O eq 'aix' && $major >= 8 && $major < 28 && extract_from_file('Makefile.SH', qr!\Q./$(MINIPERLEXP) makedef.pl\E.*aix!)) { # This is a variant the AIX part of commit 72bbce3da5eeffde: @@ -4544,6 +4595,18 @@ EOPATCH } } +sub patch_t { + if ($^O eq 'darwin') { + # This has # $x = `$^X -le "print 'hi there'"`; + # and it needs to pass for the automated validation self-test: + edit_file('t/base/term.t', sub { + my $code = shift; + $code =~ s/`(\$\^X )/`$aggressive_apple_security$1/; + return $code; + }); + } +} + sub apply_fixups { my $fixups = shift; return unless $fixups; |