[Git][ghc/ghc][master] bindist: Clean xattrs of bin and lib at configure time
Marge Bot (@marge-bot)
gitlab at gitlab.haskell.org
Wed Mar 27 01:17:24 UTC 2024
Marge Bot pushed to branch master at Glasgow Haskell Compiler / GHC
Commits:
bf65a7c3 by Rodrigo Mesquita at 2024-03-26T21:16:48-04:00
bindist: Clean xattrs of bin and lib at configure time
For issue #21506, we started cleaning the extended attributes of
binaries and libraries from the bindist *after* they were installed to
workaround notarisation (#17418), as part of `make install`.
However, the `ghc-toolchain` binary that is now shipped with the bindist
must be run at `./configure` time. Since we only cleaned the xattributes
of the binaries and libs after they were installed, in some situations
users would be unable to run `ghc-toolchain` from the bindist, failing
at configure time (#24554).
In this commit we move the xattr cleaning logic to the configure script.
Fixes #24554
- - - - -
2 changed files:
- distrib/configure.ac.in
- hadrian/bindist/Makefile
Changes:
=====================================
distrib/configure.ac.in
=====================================
@@ -105,6 +105,29 @@ if test "$HostOS" = "mingw32" -a "$EnableDistroToolchain" = "NO"; then
FP_SETUP_WINDOWS_TOOLCHAIN([$hardtop/mingw/], [\$\$topdir/../mingw/])
fi
+
+if test "$HostOS" = "darwin"; then
+ # On darwin, we need to clean the extended attributes of the
+ # ghc-toolchain binary and its dynamic library before we can execute it in the bindist
+ # (this is a workaround for #24554, for the lack of proper notarisation #17418)
+
+ # The following is the work around suggested by @carter in #17418 during
+ # install time. This should help us with code signing issues by removing
+ # extended attributes from all files.
+ XATTR=${XATTR:-/usr/bin/xattr}
+
+ if [ -e "${XATTR}" ]; then
+
+ # Instead of cleaning the attributes of the ghc-toolchain binary only,
+ # we clean them from all files in the bin/ and lib/ directories, as it additionally future
+ # proofs running executables from the bindist besides ghc-toolchain at configure time, and
+ # we can avoid figuring out the path to the ghc-toolchain dynlib specifically.
+ /usr/bin/xattr -rc bin/
+ /usr/bin/xattr -rc lib/
+
+ fi
+fi
+
dnl ** Which gcc to use?
dnl --------------------------------------------------------------
AC_PROG_CC([gcc clang])
=====================================
hadrian/bindist/Makefile
=====================================
@@ -19,13 +19,6 @@ default:
# TODO : find if a better function exists
eq=$(and $(findstring $(1),$(2)),$(findstring $(2),$(1)))
-# the following is the work around suggested by @carter in #17418 during install
-# time. This should help us with code signing issues by removing extended
-# attributes from all files.
-ifeq "$(Darwin_Host)" "YES"
-XATTR ?= /usr/bin/xattr
-endif
-
# patchpackageconf
#
# Hacky function to patch up the 'haddock-interfaces' and 'haddock-html'
@@ -157,10 +150,6 @@ install_bin_libdir:
$(INSTALL_PROGRAM) "$$i" "$(DESTDIR)$(ActualBinsDir)"; \
fi; \
done
- # Work around #17418 on Darwin
- if [ -e "${XATTR}" ]; then \
- "${XATTR}" -c -r "$(DESTDIR)$(ActualBinsDir)"; \
- fi
.PHONY: install_bin_direct
install_bin_direct:
@@ -195,10 +184,6 @@ install_lib: lib/settings
$(INSTALL_DATA) $$i "$$dest/`dirname $$i`" ;; \
esac; \
done; \
- # Work around #17418 on Darwin
- if [ -e "${XATTR}" ]; then \
- "${XATTR}" -c -r "$(DESTDIR)$(ActualLibsDir)"; \
- fi
.PHONY: install_docs
install_docs:
View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/bf65a7c388b399b7b3c6b97f25d97164390b75f1
--
View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/bf65a7c388b399b7b3c6b97f25d97164390b75f1
You're receiving this email because of your account on gitlab.haskell.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-commits/attachments/20240326/64b5f9da/attachment-0001.html>
More information about the ghc-commits
mailing list