search

ocaml / opam

opam is a source-based package manager. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow.
https://opam.ocaml.org
Other
1.24k stars 356 forks source link

sandbox too strict on macos #4389

Open hannesm opened 4 years ago

hannesm commented 4 years ago

The sandbox script on macos denies to properly run various commands in the test phase, as an example security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain does not output the trust anchors as expected -- observed in https://travis-ci.org/github/ocaml/opam-repository/jobs/734785206

How to reproduce: on a macos system, opam pin -n ca-certs https://github.com/mirage/ca-certs.git#v0.1.2 && opam install -t ca-certs. The expected result is that all tests are passing (which is the case if you execute dune runtest from the above repository). The observed result are failures since the above mentioned command executed successfully (exit status = 0), but did not produce any output.

kit-ty-kate commented 4 years ago

To reproduce more easily: ~/.opam/opam-init/hooks/sandbox.sh build security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain

rjbou commented 3 years ago

I don't a have a macos to test. What is failing, network or denial access to part of the system where are stored certificates ?