Use of --with-local-prefix= produces compilers which can mismatch headers and libs from /usr/local/lib by default

[jwhowarth]

While implementing the same sandboxing in the fink project that MacPorts has been using, I noticed that the FSF gcc compilers fail to bootstrap under a sandbox with...

(version 1)

(allow default)

(deny file*
       (subpath "/usr/local")
)

The bootstrap of the FSF gcc compilers fail due to an error...

cc1: error: /usr/local/include: Operation not permitted

One solution is to pass '--with-local-prefix=' to configure when building FSF gcc with some path other than /usr/local. However this creates the undesirable side-effect of a FSF gcc compiler which doesn't have '/usr/local/include' in the header search paths but does include /usr/local/lib in the library search paths which makes the compiler susceptible to resulting in header/library mismatches out of /usr/local when used outside of the Apple sandbox.

Interestingly, the clang compilers (both Apple and LLVM.org) don't have this issue when compiling under a sandbox which denies file access to /usr/local. Those compilers retain /usr/local in their search path without failing on file access errors in this case.

I also noticed that the usage of '--with-local-prefix=' in the MacPorts FSF gcc packages dates back over nine years so it wasn't done explicitly to solve this issue in compiler failures under the Apple sandbox.

[jwhowarth]

Actually this issue appears to be trivial to fix. The use of --with-local-prefix= can be dropped entirely for builds of FSF gcc within an Apple sandbox that denies file accesses to /usr/local if the following change is made...

--- gcc/incpath.c.bak	2015-01-05 07:33:28.000000000 -0500
+++ gcc/incpath.c	2016-11-06 07:25:20.000000000 -0500
@@ -256,7 +256,7 @@
       if (stat (cur->name, &st))
 	{
 	  /* Dirs that don't exist are silently ignored, unless verbose.  */
-	  if (errno != ENOENT)
+	  if ((errno != ENOENT) && (errno != EPERM))
 	    cpp_errno (pfile, CPP_DL_ERROR, cur->name);
 	  else
 	    {

for the Apple llvmgcc42-2336.11 build this will have to be....

--- gcc/c-incpath.c.bak	2009-02-14 23:17:54.000000000 -0500
+++ gcc/c-incpath.c	2016-11-06 07:28:39.000000000 -0500
@@ -384,7 +384,7 @@
       if (stat (cur->name, &st))
 	{
 	  /* Dirs that don't exist are silently ignored, unless verbose.  */
-	  if (errno != ENOENT)
+	  if ((errno != ENOENT) && (errno != EPERM))
 	    cpp_errno (pfile, CPP_DL_ERROR, cur->name);
 	  else
 	    {

[jwhowarth]

Note that this fix is now proposed on gcc-patches at ​https://gcc.gnu.org/ml/gcc-patches/2016-11/msg00521.html

[jwhowarth]

Note that...

241919 | mrs | 2016-11-07 13:33:49 -0500 (Mon, 07 Nov 2016) | 5 lines

2016-11-06  Jack Howarth  <howarth.at.gcc@gmail.com>

        PR driver/78206
        * incpath.c: (remove_dup(): Also silently ignore EPERM.

has landed in gcc trunk as well as on gcc-5-branch and gcc-6-branch. If MacPorts adopts this patch for their gcc packages, the --with-local-prefix usage can be dropped from the gcc* Portfiles and the sandbox blacklisting of /usr/local be relied upon instead of the package builds of those compilers and their usage within other MacPort package builds.

[jwhowarth]

upstream patch to make FSF gcc's cc1 Apple sandbox friendly