Here is a patch which uses the env idea.
It is a much less invasive change and might slot into 4.11.
Tested only on OS X 10.11.
From 412434ba807f417000620286a23141076ec6dc09 Mon Sep 17 00:00:00 2001
From: Jim Ursetto <zbignie...@gmail.com>
Date: Fri, 15 Apr 2016 22:44:48 -0500
Subject: [PATCH] On OS X, ensure DYLD_LIBRARY_PATH is passed to children
(#1277)
On OS X 10.11, according to Apple's System Integrity Protection Guide, "Any
dynamic linker (dyld) environment variables, such as DYLD_LIBRARY_PATH, are
purged when launching protected processes," including /bin/sh. This causes a
failure running `make check` (bug #1277) because launching children via
system(3) wipes out the library path override used to test uninstalled
binaries. Turning off SIP will resolve the issue but disables other useful
protections.
This patch simulates the pre-SIP behavior by prepending /usr/bin/env
DYLD_LIBRARY_PATH=... to all shell calls made by csc, chicken-install and
setup-api, using the value of the variable in the caller's environment.
To get all tests in `make check` to work, it is only necessary to augment calls
from csc to chicken, from chicken-install to csi, and from setup-api to csc.
Converting these from system(3) to exec(2) works as well, but was deemed too
invasive. This patch affects more calls than necessary in the interest of
simplicity, but calls to protected binaries will have the DYLD_LIBRARY_PATH
stripped out by SIP again anyway.
---
chicken-install.scm | 20 ++++++++++++--------
csc.scm | 12 ++++++++----
setup-api.scm | 19 ++++++++++++-------
3 files changed, 32 insertions(+), 19 deletions(-)
diff --git a/chicken-install.scm b/chicken-install.scm
index 610097d..9f22296 100644
--- a/chicken-install.scm
+++ b/chicken-install.scm
@@ -637,7 +637,6 @@
(let ((cmd (make-install-command
(car e+d+v) (caddr e+d+v) (> i 1)))
(name (car e+d+v)))
- (print " " cmd)
(keep-going
(name "installing")
($system cmd))
@@ -749,12 +748,18 @@
(gather-egg-information dir)))
(define ($system str)
- (let ((r (system
- (if *windows-shell*
- (string-append "\"" str "\"")
- str))))
- (unless (zero? r)
- (error "shell command terminated with nonzero exit code" r str))))
+ (let ((str (cond (*windows-shell*
+ (string-append "\"" str "\""))
+ ((and (eq? (software-version) 'macosx)
+ (get-environment-variable "DYLD_LIBRARY_PATH"))
+ => (lambda (path)
+ (string-append "/usr/bin/env DYLD_LIBRARY_PATH="
+ (qs path) " " str)))
+ (else str))))
+ (print " " str)
+ (let ((r (system str)))
+ (unless (zero? r)
+ (error "shell command terminated with nonzero exit code" r str)))))
(define (installed-extensions)
(delete-duplicates
@@ -789,7 +794,6 @@
(define (command fstr . args)
(let ((cmd (apply sprintf fstr args)))
- (print " " cmd)
($system cmd)))
(define (usage code)
diff --git a/csc.scm b/csc.scm
index 07cb67b..60a3235 100644
--- a/csc.scm
+++ b/csc.scm
@@ -1051,10 +1051,14 @@ EOF
(define last-exit-code #f)
(define ($system str)
- (when verbose (print str))
- (let ((str (if windows-shell
- (string-append "\"" str "\"")
- str)))
+ (let ((str (cond (windows-shell
+ (string-append "\"" str "\""))
+ ((and osx (get-environment-variable "DYLD_LIBRARY_PATH"))
+ => (lambda (path)
+ (string-append "/usr/bin/env DYLD_LIBRARY_PATH="
+ (qs path) " " str)))
+ (else str))))
+ (when verbose (print str))
(let ((raw-exit-code (if dry-run 0 (system str))))
(unless (zero? raw-exit-code)
(printf "\nError: shell command terminated with non-zero exit status
~S: ~A~%" raw-exit-code str))
diff --git a/setup-api.scm b/setup-api.scm
index f4168a6..c969735 100644
--- a/setup-api.scm
+++ b/setup-api.scm
@@ -636,13 +636,18 @@
(remove-file* (make-pathname repo egg setup-file-extension)))
(define ($system str)
- (let ((r (system
- (if *windows-shell*
- (string-append "\"" str "\"") ; (sic) thanks to Matthew Flatt
- str))))
- (unless (zero? r)
- (error
- (sprintf "shell command failed with nonzero exit status ~a:~%~% ~a" r
str)))))
+ (let ((str (cond (*windows-shell*
+ (string-append "\"" str "\""))
+ ((and (eq? (software-version) 'macosx)
+ (get-environment-variable "DYLD_LIBRARY_PATH"))
+ => (lambda (path)
+ (string-append "/usr/bin/env DYLD_LIBRARY_PATH="
+ (qs path) " " str)))
+ (else str))))
+ (let ((r (system str)))
+ (unless (zero? r)
+ (error
+ (sprintf "shell command failed with nonzero exit status ~a:~%~% ~a" r
str))))))
(define (setup-error-handling)
(current-exception-handler
--
2.2.1
Jim
> On Apr 15, 2016, at 21:23, Jim Ursetto <zbignie...@gmail.com> wrote:
>
>
>> On Apr 15, 2016, at 18:46, felix.winkelm...@bevuta.com wrote:
>>
>> Another dirty solution would be to add a hack to those tools that invoke
>> uninstalled
>> programs via system(3) to invoke "env DYLD_LIBRARY_PATH=... <program>"
>> instead.
>>
>
> In limited testing the env approach seems to work. But, I can’t see how to
> do this only during the testing phase. There’s no way for chicken-install or
> setup-api, for example, to know that it’s being invoked as an uninstalled
> program,
> and needs to pass DYLD_LIBRARY_PATH to its children. I suppose that, if a
> tool
> detects that the DYLD_LIBRARY_PATH variable is set at all, and the platform is
> OS X, it could prepend the env call. I would prefer to do only do it during
> `make check`, but it may be an okay compromise. I’ll look into it...
>
> Jim
>
_______________________________________________
Chicken-hackers mailing list
Chicken-hackers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/chicken-hackers
