-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken tarball #21
Comments
No: MacPorts doesn't build the tarball. The developers of Mozilla-CA, or their infrastructure, does. That's why I asked you to report this issue here rather than to MacPorts. |
I'm unclear on the issue here. This is what I see:
Is there a problem with this tarball? |
This should be fixed in 20230807 |
The problem, on some older versions of macOS, was:
Thanks! We'll try it out. |
@haarg I see you just marked this as fixed while I was typing up a response, but since I was 3/4 the way through an explanation :-) , and because I think this may end up being a more common/general issue for many MacPorts tarballs, I am going to go ahead and post this anyway. @oalders, Yes, there is 'sort of' a problem, it just can't be easily seen :-) and I think it only manifests on machines with older versions of Please bear with me as I don't have a way to reproduce this, and so cannot verify what I'm saying below... I'm pretty sure the root issue is the creation of the tarball, not the tarball itself (per sec), and I'm thinking you are working on a machine that is macOS Ventura or newer. Newer version of tar deal with that xattr just fine, but older versions of tar see that xattr in the tarball, have no idea how to handle it (probably due to it's integration with SIP), and choke and die, so the tarball cannot be extracted.
An easy and more friendly @anyone, please feel free to correct anything I got wrong or elaborate on anything that may be a little vague. |
Thanks for taking the time to explain this, @pcafstockf! |
Just to clarify a few things, extended filesystem attributes are a feature of a filesystem that lets you attach more metadata to a file or directory. And yes, macOS Ventura attaches the The error message we saw is about extended pax attributes, a feature of tar archives that lets you attach more metadata to each member of the archive. And yes, it seems that if you have a file with extended filesystem attributes and you want to put that file into a tar archive and preserve those extended filesystem attributes, extended pax attributes are the mechanism by which that would happen. I would assume there is a way you could specify, when creating a tar archive, whether you want extended filesystem attributes to be included or not. There are multiple independent implementations of tar, and so that they can all read each others' files, there is a specification or at least an agreed-upon format for how the contents of the tar archive, including extended pax attributes, must be represented. It does not matter what the extended attribute's name or value is; the way that it must be represented in the archive is the same. (So it does not matter that Apple has decided to use I see that the old 20230801 archive includes It seems to me that you would not want to preserve |
@ryandesign Thanks for the clarification / explanation on SCHILY vs LIBARCHIVE. Candidly my little rant was mostly about Apple forcibly adding an attribute that cannot be easily removed (even when using the magic word). |
Hi,
When the MacPorts tarball is built for this project,
xattr.com.apple.provenance
gets attached to theMozilla-CA-20230801/README
file and theMozilla-CA-20230801/lib/Mozilla
directory.System tar on older macOS do not know how to process these attributes. Indeed it seems that thanks to SIP, they can only be removed with great difficulty (https://eclecticlight.co/2023/03/13/ventura-has-changed-app-quarantine-with-a-new-xattr/).
Would you be able to remove these extended attributes (using the info in the link above) and submit a new tarball for MacPorts.
I would even be happy to do it myself, if someone wants to provide a little guidance wrt the process.
Here is the MacPorts trac report.
The text was updated successfully, but these errors were encountered: