[MacPorts] #66358: sip-workaround no longer works on arm64 macOS 13 Ventura due to new security features
MacPorts
noreply at macports.org
Thu Dec 14 20:02:30 UTC 2023
#66358: sip-workaround no longer works on arm64 macOS 13 Ventura due to new
security features
-------------------------+-----------------------------------------
Reporter: reneeotten | Owner: Clemens Lang <neverpanic@…>
Type: defect | Status: reopened
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords: ventura
Port: |
-------------------------+-----------------------------------------
Comment (by neverpanic):
Replying to [comment:48 kencu]:
> if MacPorts wanted to use it’s own binaries instead of Apple’s binaries
to make trace mode work again on arm, what kind of list would we need?
Xcode, probably. There are a bunch of ports that use it to build GUI
software, and I'm not sure there are open source alternatives for those.
You can get an approximation by collecting the contents of
`$prefix/var/macports/sip-workaround` on a machine where trace mode is
supported. Everything in there had system integrity protection enabled and
was thus copied and executed from a copy in trace mode. On one of the
x86_64 systems I own where I haven't done a huge amount of compiling, this
list is:
{{{
# cd /opt/local/var/macports/sip-workaround && find . -type f | sed -E
's/^\.\/[0-9]+\///g' | sort -u
System/Library/Frameworks/Ruby.framework/Versions/Current/usr/bin/ruby
bin/bash
bin/cat
bin/chmod
bin/cp
bin/date
bin/dd
bin/echo
bin/expr
bin/hostname
bin/launchctl
bin/ln
bin/ls
bin/mkdir
bin/mv
bin/pwd
bin/rm
bin/rmdir
bin/sh
bin/sleep
usr/bin/ar
usr/bin/arch
usr/bin/awk
usr/bin/basename
usr/bin/bison
usr/bin/clang
usr/bin/clang++
usr/bin/cmp
usr/bin/codesign
usr/bin/cpio
usr/bin/ctags
usr/bin/cut
usr/bin/diff
usr/bin/dirname
usr/bin/egrep
usr/bin/env
usr/bin/file
usr/bin/find
usr/bin/flex
usr/bin/git
usr/bin/gm4
usr/bin/grep
usr/bin/gzip
usr/bin/head
usr/bin/hostinfo
usr/bin/id
usr/bin/install
usr/bin/install_name_tool
usr/bin/ld
usr/bin/lipo
usr/bin/m4
usr/bin/make
usr/bin/mktemp
usr/bin/nm
usr/bin/otool
usr/bin/patch
usr/bin/perl
usr/bin/perl5.30
usr/bin/python3
usr/bin/ranlib
usr/bin/ruby
usr/bin/sandbox-exec
usr/bin/sed
usr/bin/sort
usr/bin/sqlite3
usr/bin/strip
usr/bin/sw_vers
usr/bin/tail
usr/bin/tar
usr/bin/tclsh
usr/bin/touch
usr/bin/tr
usr/bin/true
usr/bin/uname
usr/bin/uniq
usr/bin/unzip
usr/bin/wc
usr/bin/which
usr/bin/xcode-select
usr/bin/xcrun
usr/bin/xsltproc
usr/libexec/PlistBuddy
usr/sbin/chown
usr/sbin/sysctl
}}}
launchctl, codesign, hostinfo, install_name_tool, lipo, sandbox-exec,
sw_vers, xcode-select, xcrun, PlistBuddy are probably specific enough that
we don't yet have them all. Note that this is also just the subset that
ports I compiled on my machine use.
> We probably already have most of them. And older systems would often
prefer to use them too.
I'm not sure that's worth the effort it would be, but feel free to beat me
to doing that.
--
Ticket URL: <https://trac.macports.org/ticket/66358#comment:50>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list