Build gosu for MacOS (and provide binaries for Apple Silicon processors [darwin/arm64] arch)

[smktpd]

I like gosu's main idea to have 1 process (started with necessary perms) instead of 2. I'd like to use it on MacOS on Mac with ARM chip.

[tianon]

Sorry for the delay here -- I'm actually not understanding the use case? This is a purpose-built tool intended for switching from root down to a less privileged user, especially in the context of (Linux) Docker containers.

[smktpd]

I understand the purpose of the tool just fine. This ticket is basically about building a binary for MacOS running on non-amd64 processors.

[tianon]

Right, what I'm saying is I don't understand why a build for macOS might make sense. What are you hoping to do with it? What problem would it solve?

(It's currently very Linux specific, and I don't see a reason to change that.)

[tianon]

To put that another way, I don't build macOS binaries because it doesn't make sense to run this tool natively on macOS. It is a Linux tool, specifically for Linux containers.

[smktpd]

Honestly, I'd like to have just for some tidiness: I need to run some long running processes via sudo and that way I have 2 processes instead of 1. I could live on without gosu, since it mostly shines in a narrow case where one would like to use signals sent to the topmost processes and expect them to be propagated to the child process instead, but I still would like to have a bit less processes in my process list whenever I can.

If it's too much of a hassle to build for MacOS - feel free to close this ticket then.

[tianon]

Hmmm but in that case you're trying to run these as root, right?

Does macOS use /etc/passwd like Linux does? (I have to admit it's been a few years since I actually used it.) A quirk of how this tool works means it parses that file directly for uid mapping.

You could try compiling it and see if it works, but I definitely don't have anywhere to test it. 😅 It shouldn't need more than go build for a basic test.

[smktpd]

Mostly root, but not always. Yes, /etc/passwd is used just like on Linux, the format is the same. Build went fine, but running the binary says 'error: stat /proc/self/exe: no such file or directory', because, well, there's no procfs mounted to /proc on MacOS 😃

[tianon]

If someone were to come up with a working implementation with extremely hyper-minimal dependencies, I'd be open to considering this, but as it's not something I can (or will) work on myself without access to a mac or a strong use case for it, so I'm going to close this for now. Feel free to continue discussing/developing here and I'm happy to re-open once those prerequisites are met. :bow: :heart: