acl: destroot fails

[21stcaveman]

acl port fails in destroot stage with:

error deleting "/opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist": not owner

should it be trying to delete that file in the first place?

[RJVB]

error deleting "/opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist": not owner should it be trying to delete that file in the first place?

No, I can't see why it should. I don't see any explicit references to that file; you'd have to upload the log of the entire destroot stage so we can see where the error occurs exactly.

What does ls -l /opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist tell you about the file's ownership and permissions? From the looks of it they have to be owned by the $macports_user .

[21stcaveman]

please find the log attached. main.log

the ls command says: -rw-r--r-- 1 macports macports 6760 Aug 3 11:06 /opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist which shows the file is owned by the macports user.

[RJVB]

Very strange! But as I suspected this was an unforeseen side-effect of my new clever way to create dev-port content. I pushed a change, could you try again please?

You can reopen the ticket if this doesn't solve the issue.

[21stcaveman]

hmm.. still failing with the same error.

[RJVB]

Damn, what is the exact command that you're executing, and could you please attach port logfile acl-dev after doing port clean acl-dev (and repeating the original command)?

The error occurs while I'm trying to obtain the workdir name for the acl-dev port. This is done in the post-destroot stage of port:acl; at first I executed port -nok archivefetch acl-dev, now I do port -nok fetch acl-dev (I hoped that command had less reason to delete the plist file). Either way, these commands are executed with the same privileges as your destroot command. That means that they're run as root if you do something like sudo port destroot acl.

It doesn't seem to make sense that this would fail to delete that plist file. It also doesn't make sense (to me) that this file would serve at all.

One other thing you could do is to delete the offending plist by hand, and then execute the failing command twice in a row.

[21stcaveman]

I'm trying to upgrade everything outdated: sudo port upgrade outdated

I just did: sudo port clean acl sudo port clean acl-dev sudo port upgrade outdated

and then after it failed: sudo port logfile acl-dev it says: Error: Log file for port acl-dev not found

looking at /opt/local/var/macports/logs/_opt_local_site-ports_sysutils_acl/acl/main.log: :debug:destroot making sure the devport workdir exists! :debug:destroot system: port -nok fetch acl-dev :info:destroot Warning: /opt/local/etc/macports/sources.conf source 'file:///opt/local/site-ports [own_portgroups_first]' specifies invalid flag 'own_portgroups_first' :info:destroot error deleting "/opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist": not owner :info:destroot while executing :info:destroot "file delete -force "${target_dir}/com.apple.dt.Xcode.plist"" :info:destroot (procedure "macports::copy_xcode_plist" line 5) :info:destroot invoked from within :info:destroot "macports::copy_xcode_plist $env(HOME)" :info:destroot (procedure "mportinit" line 646) :info:destroot invoked from within :info:destroot "mportinit ui_options global_options global_variations" :info:destroot Error: /opt/local/bin/port: Failed to initialize MacPorts, error deleting "/opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist": not owner :info:destroot Command failed: port -nok fetch acl-dev :info:destroot Exit code: 1

looks like port -nok fetch acl-dev fails.

[RJVB]

sudo port upgrade outdated`

and then after it failed: sudo port logfile acl-dev it says: Error: Log file for port acl-dev not found

That's weird (you also don't need sudo to ask for the logfile of a port), because, but ok...

:info:destroot error deleting "/opt/local/var/macports/home/Library/Preferences/com.apple.dt.Xcode.plist": not owner

But this is weirder. I had a look at the MacPorts code. and the only function I found that deletes that file is executed only when running as root. And root can delete files owned by anyone.

I'll push another change in a bit, I think github will reference it in this ticket.

When that change lands, please do sudo port clean acl acl-dev and then do sudo port -n destroot acl instead of the upgrade outdated command. There must be a perfectly logical explanation for what we're seeing here and I feel we can do without the added complexity of an integral upgrade sequence in order to figure out what.

[21stcaveman]

ran these after the commit appeared: sudo port clean acl acl-dev sudo port -n destroot acl

and now it fails with: :info:destroot DEBUG: can't create directory "/opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev": not owner :info:destroot while executing :info:destroot "file mkdir $workpath/.home" :info:destroot (procedure "open_statefile" line 7) :info:destroot invoked from within :info:destroot "open_statefile" :info:destroot (procedure "check_variants" line 28) :info:destroot invoked from within :info:destroot "check_variants fetch" :info:destroot invoked from within :info:destroot "$workername eval "check_variants $target"" :info:destroot (procedure "mportexec" line 7) :info:destroot invoked from within :info:destroot "mportexec $workername $target" :info:destroot Error: Unable to execute port: can't create directory "/opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev": not owner :info:destroot Command failed: port -nok -vd fetch acl-dev :info:destroot Exit code: 1

[RJVB]

On Thursday January 18 2024 16:54:04 Hamid wrote:

and now it fails with: :info:destroot DEBUG: can't create directory "/opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev": not owner :info:destroot Error: Unable to execute port: can't create directory "/opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev": not owner :info:destroot Command failed: port -nok -vd fetch acl-dev :info:destroot Exit code: 1

Damn, but what's the output just before that error, in particular the line "making sure the devport workdir exists" in the logfile? And please also show the output of ls -l /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl .

[RJVB]

Actually, I just pushed a commit that dispensed with the entire (nested) use of the port command except for a simple check.

I'm really curious what bug you're going to expose after this change ;)

[21stcaveman]

pulled the new commit, ran the same clean and destroot commands, and here we go:

:debug:destroot making sure the devport workdir exists (UID=0, EUID=0)! :debug:destroot devport workdir=/opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work :debug:destroot Cleaning acl-dev :debug:destroot system: rm -rf /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work :debug:destroot Creating port work acl-dev :info:destroot xinstall: mkdir /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev :info:destroot xinstall: mkdir /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work :info:destroot xinstall: mkdir /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work/destroot :debug:destroot system -W /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work: echo "target: org.macports.extract" >> .macports.acl-dev.state :info:destroot sh: .macports.acl-dev.state: Operation not permitted :info:destroot Command failed: echo "target: org.macports.extract" >> .macports.acl-dev.state :info:destroot Exit code: 1 :error:destroot Failed to destroot acl: command execution failed :debug:destroot Error code: NONE :debug:destroot Backtrace: command execution failed :debug:destroot while executing :debug:destroot "$post $targetname"

[RJVB]

On Friday January 19 2024 09:23:55 Hamid wrote:

:debug:destroot system -W /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl-dev/work: echo "target: org.macports.extract" >> .macports.acl-dev.state :info:destroot sh: .macports.acl-dev.state: Operation not permitted :info:destroot Command failed: echo "target: org.macports.extract" >> .macports.acl-dev.state

I just realise: do you have trace mode enabled somehow (if that's possible via macports.conf for instance)?

[21stcaveman]

I tried enabling the trace mode by using the -t switch: sudo port -t install acl

but it fails git clone if trace mode is enabled, which is even more confusing...!

:debug:fetch Tracemode will respect recursively collected port dependencies: brotli bzip2 curl curl-ca-bundle db48 expat gdbm gettext-runtime git kerberos5 libcomerr libedit libiconv libidn libidn2 libpsl libunistring lmdb lz4 ncurses nghttp2 openssl openssl3 p5.34-authen-sasl p5.34-cgi p5.34-clone p5.34-compress-raw-bzip2 p5.34-compress-raw-zlib p5.34-digest-hmac p5.34-digest-sha1 p5.34-encode p5.34-encode-locale p5.34-error p5.34-file-slurper p5.34-getopt-long p5.34-gssapi p5.34-html-parser p5.34-html-tagset p5.34-http-date p5.34-http-message p5.34-io-compress p5.34-io-compress-brotli p5.34-io-html p5.34-io-socket-ssl p5.34-lwp-mediatypes p5.34-mozilla-ca p5.34-net-libidn p5.34-net-smtp-ssl p5.34-net-ssleay p5.34-regexp-ipv6 p5.34-term-readkey p5.34-time-hires p5.34-time-local p5.34-timedate p5.34-uri pcre2 perl5.34 popt readline rsync xxhashlib xz zlib zstd :debug:fetch Executing org.macports.fetch (acl) :debug:fetch Executing: /usr/bin/git clone --progress https://github.com/RJVB/acl /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl/work/acl-git 2>&1 :debug:fetch system: /usr/bin/git clone --progress https://github.com/RJVB/acl /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl/work/acl-git 2>&1 :info:fetch Command failed: /usr/bin/git clone --progress https://github.com/RJVB/acl /opt/local/var/macports/build/_opt_local_site-ports_sysutils_acl/acl/work/acl-git 2>&1 :info:fetch Killed by signal: 9 :error:fetch Failed to fetch acl: Git clone failed :debug:fetch Error code: NONE

[RJVB]

but it fails git clone if trace mode is enabled, which is even more confusing...!

I don't know why that is but trace mode would have been the only evident explanation for the errors you're getting. Now I have to continue trying to make sense of this...

Because it really doesn't make any sense. The latest error you were getting was about appending a line to a file inside a directory you just created in the same process. Or to be exact, in the parent of the directory you asked to be created. xinstall -m xyz -d foo will create every not-yet-existing parent directory of "foo" but I was assuming that those parents would get the same permissions. That may not be the case, so I'm preparing yet another version that uses even less of the convenience functions from "base".

Looking at the tracing code in the tcl codebase I was also reminded of a sandboxing feature that's probably always active and that I seem to recall having deactivated in a distant past. I can't remember how nor if I ever deactivated it or if the feature to deactivate it was removed but I'm figuring out how to add write permissions to the acl-dev work directory. EDIT: DOH! I do have it deactivated via sandbox_enable no in $prefix/etc/macports/macports.conf !

[RJVB]

Note that I couldn't reproduce your errors even when I activate the sandbox feature. Which was tricky because of the way I have my install set up, with $prefix actually a symlink to a directory on another volume.

[21stcaveman]

This latest commit fixed the issue on my system, all good. Thank you. Interesting that you could not reproduce it tho..

[RJVB]

This latest commit fixed the issue on my system, all good. Thank you.

Great news, whew!

I'd appreciate it though if you'd be willing to out-comment the "append portsandbox_profile" line in /opt/local/site-ports/_resources/port-1.0/group/devport-1.0.tcl and try the destroot command one last time. After you're done with the entire upgrade and at your leisure, of course. I'd really like to be certain that the sandboxing feature was the cause!

[21stcaveman]

hmm... Just tried that, and destroot still worked fine!

[RJVB]

hmm... Just tried that, and destroot still worked fine!

Thanks, and I guess I'll just have to take my win and hope it doesn't break again because I really wouldn't know what else to try!