Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mac OS build stuck #4

Open
ryakh opened this issue Jan 26, 2016 · 5 comments
Open

Mac OS build stuck #4

ryakh opened this issue Jan 26, 2016 · 5 comments
Labels

Comments

@ryakh
Copy link

ryakh commented Jan 26, 2016

OS version — El Capitan (10.11.2). Build gets stuck with following message:

waiting for resolver...
include/mdns.sh: line 26: 26089 Killed: 9
chroot ${shippath} ${ping} -c 1 localhost > /dev/null 2>&1

This message keeps on appearing over and over again; I have to ^C build process manually.

Here is a full trace of build

[master][~/Code/sailor] sudo -E ./sailor.sh build examples/nginx.conf
Password:
copying requirements for /usr/lib/dyld.. done
copying requirements for /usr/bin/dscl.. done
copying requirements for /usr/bin/cut.. done
copying requirements for /usr/bin/which.. done
copying requirements for /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation.. done
copying requirements for /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService.. done
copying requirements for /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation.. done
copying requirements for /usr/sbin/pwd_mkdb.. done
copying requirements for /opt/pkg/sbin/pkg_info.. done
copying requirements for /opt/pkg/bin/pkgin.. done
copying requirements for /bin/sh.. done
copying requirements for /bin/test.. done
copying requirements for /sbin/nologin.. done
copying requirements for /bin/echo.. done
copying requirements for /bin/ps.. done
copying requirements for /bin/sleep.. done
copying requirements for /usr/sbin/sysctl.. done
copying requirements for /usr/bin/logger.. done
copying requirements for /bin/kill.. done
copying requirements for /usr/bin/printf.. done
copying requirements for /bin/sh.. done
copying requirements for /sbin/ping.. done
building file list ... done
created directory /Users/ruslan/Code/sailor/src/nginx//opt/pkg/etc
pkgin/
pkgin/repositories.conf

sent 975 bytes  received 48 bytes  2046.00 bytes/sec
total size is 842  speedup is 0.82
copying requirements for pkg_install.. done
Creating binary package: pkg_install-20150901
Creating package /Users/ruslan/Code/sailor/src/nginx/tmp/pkg_install-20150901
Creating binary package: pkgin-0.9.3
Creating package /Users/ruslan/Code/sailor/src/nginx/tmp/pkgin-0.9.3
copying requirements for /opt/pkg/sbin/pkg_add.. done
copying requirements for /opt/pkg/bin/pkgin.. done
===========================================================================
$NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $

You may wish to have the vulnerabilities file downloaded daily so that
it remains current.  This may be done by adding an appropriate entry
to a user's crontab(5) entry.  For example the entry

# download vulnerabilities file
0 3 * * * /opt/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1

will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.

In addition, you may wish to run the package audit from the daily
security script.  This may be accomplished by adding the following
lines to /etc/security.local

if [ -x /opt/pkg/sbin/pkg_admin ]; then
        /opt/pkg/sbin/pkg_admin audit
fi

Alternatively this can also be acomplished by adding an entry to a user's
crontab(5) file. e.g.:

# run audit-packages
0 3 * * * /opt/pkg/sbin/pkg_admin audit

Both pkg_admin subcommands can be run as as an unprivileged user,
as long as the user chosen has permission to read the pkgdb and to write
the pkg-vulnerabilities to /opt/pkg/.pkgdb.

The behavior of pkg_admin and pkg_add can be customised with
pkg_install.conf.  Please see pkg_install.conf(5) for details.

If you want to use GPG signature verification you will need to install
GnuPG and set the path for GPG appropriately in your pkg_install.conf.
===========================================================================
waiting for resolver...
include/mdns.sh: line 26: 26089 Killed: 9               chroot ${shippath} ${ping} -c 1 localhost > /dev/null 2>&1
waiting for resolver...
include/mdns.sh: line 26: 26092 Killed: 9               chroot ${shippath} ${ping} -c 1 localhost > /dev/null 2>&1
@iMilnb
Copy link
Collaborator

iMilnb commented Jan 27, 2016

Ok for some reason the chrooted ping command gets killed, weird. I don't have a 10.11 OSX available at the moment but should have my hands on it within a couple of days, I'll try to reproduce it.
Thanks for the report!

@gdelpierre gdelpierre added the bug label Jan 28, 2016
@gdelpierre
Copy link

@ryakh Is SIP is enabled ?

Could you provide us the ouput of csrutil status ?

Thank you.

@ryakh
Copy link
Author

ryakh commented Jan 28, 2016

@gdelpierre

[~] csrutil status
System Integrity Protection status: enabled.

According to output it's enabled (plus I don't remember switching it off)

@gdelpierre
Copy link

@ryakh as far as I know, when SIP is enabled, some binaries are not allowed in chroot (as ps or ping) , you can probably find an error like this in your syslog:

Jan 28 21:52:11 tatayoyo kernel[0]: AMFI: hook..execve() killing pid 27942: not allowed in chroot

Disable SIP is not a viable option, we are working to something right now.

@jkuri
Copy link

jkuri commented May 19, 2017

any progress on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants