Opened 7 years ago
Last modified 7 years ago
#55827 new defect
sandbox-exec: execvp() of 'sh' failed: No such file or directory
| Reported by: | orcioni (Simone Orcioni) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | base | Version: | |
| Keywords: | highsierra | Cc: | |
| Port: |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
Each of these port fails to install with the same error. I have a fresh installation of HighSierra MacPort, no migration from old ports.
Below an extract from /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/main.log
:info:extract sandbox-exec: execvp() of 'sh' failed: No such file or directory :info:extract Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/work" && /usr/bin/gzip -dc '/opt/local/var/macports/distfiles/gnuplot/5.2.2/gnuplot-5.2.2.tar.gz' | /usr/bin/tar -xf - :info:extract Exit code: 71
If I execute from prompt the above command, it succeeded. Same behavior, with different file names, for the other ports in subject.
I hope someone can help me,
many greetings
sim
Attachments (1)
Change History (16)
Changed 7 years ago by orcioni (Simone Orcioni)
comment:1 follow-up: 2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
| Component: | ports → base |
|---|---|
| Description: | modified (diff) |
| Keywords: | highsierra added |
| Summary: | Installing gnuplot, cvs, ghostscript, ..... each fails with the same error. → sandbox-exec: execvp() of 'sh' failed: No such file or directory |
Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.
If you're not using trace mode... Has it ever worked? If so, what changed?
comment:2 follow-up: 3 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to ryandesign:
Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.
If you're not using trace mode... Has it ever worked? If so, what changed?
I don't know what is trace mode, I don't think to use it.
I installed new ports after the recent High Sierra updates (now 10.13.3 (17D47)) and I encountered the problem. So I made a new fresh MacPort installation and I began from the ports that I needed. Now all ports gave this error.
sim
comment:3 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to orcioni:
Replying to ryandesign:
Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.
If you're not using trace mode... Has it ever worked? If so, what changed?
I don't know what is trace mode, I don't think to use it.
I installed new ports after the recent High Sierra updates (now 10.13.3 (17D47)) and I encountered the problem. So I made a new fresh MacPort installation and I began from the ports that I needed. Now all ports gave this error.
sim
It could be a problem of file/directory rw permissions or similar, but I can not figure how to check it and why it happens now.
sim
comment:4 follow-up: 5 Changed 7 years ago by neverpanic (Clemens Lang)
What's the output of ls -lash /bin/sh and which sh on your system?
comment:5 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to neverpanic:
What's the output of
ls -lash /bin/shandwhich shon your system?
ls -lash /bin/sh
808 -r-xr-xr-x 1 root wheel 604K Oct 25 18:37 /bin/sh
which sh
/bin/sh
thanks sim
comment:6 follow-up: 7 Changed 7 years ago by neverpanic (Clemens Lang)
Please try
sandbox-exec -p '(version 1) (allow default) (deny file-write*) (allow file-write-data (literal "/dev/null") (literal "/dev/zero") (literal "/dev/dtracehelper") (literal "/dev/tty") (literal "/dev/stdin") (literal "/dev/stdout") (literal "/dev/stderr") (literal "/dev/random") (literal "/dev/urandom") (regex #"^/dev/fd/")) (allow file-write* (regex #"^(/private)?(/var)?/tmp/" #"^(/private)?/var/folders/" #"^(/private)?/var/db/mds/"))' sh -c true
on your system.
Check Console.app for messages from sandboxd while you do this and provide these messages.
comment:7 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to neverpanic:
Please try
sandbox-exec -p '(version 1) (allow default) (deny file-write*) (allow file-write-data (literal "/dev/null") (literal "/dev/zero") (literal "/dev/dtracehelper") (literal "/dev/tty") (literal "/dev/stdin") (literal "/dev/stdout") (literal "/dev/stderr") (literal "/dev/random") (literal "/dev/urandom") (regex #"^/dev/fd/")) (allow file-write* (regex #"^(/private)?(/var)?/tmp/" #"^(/private)?/var/folders/" #"^(/private)?/var/db/mds/"))' sh -c trueon your system.
Check Console.app for messages from
sandboxdwhile you do this and provide these messages.
There are many messages from different sources. These are the first appearing:
default 18:50:27.659667 +0100 kernel ARPT: 385700.895940: txpkt (MPDU) Complete default 18:50:27.659695 +0100 kernel ARPT: 385700.895972: FrameID: 0x7001 default 18:50:27.659703 +0100 kernel Seq: 0x0253 default 18:50:27.659709 +0100 kernel TxStatus: 0x010b default 18:50:27.659715 +0100 kernel default 18:50:27.659724 +0100 kernel ARPT: 385700.896002: ACK 0 IM 0 PM 1 Suppr 0 (None) default 18:50:27.659736 +0100 kernel ARPT: 385700.896013: CNT(rts_tx)=0 CNT(frag_tx_cnt)=7 CNT(cts_rx_cnt)=0 default 18:50:27.659749 +0100 kernel ARPT: 385700.896026: DequeueTime: 0x00001848 default 18:50:27.659757 +0100 kernel LastTxTime: 0x22078a80 default 18:50:27.659765 +0100 kernel PHYTxErr: 0x0000 default 18:50:27.659772 +0100 kernel RxAckRSSI: 0x0082 default 18:50:27.659779 +0100 kernel RxAckSQ: 0x00ff default 18:50:27.659784 +0100 kernel default 18:50:27.659791 +0100 kernel ARPT: 385700.896070: Raw default 18:50:27.659799 +0100 kernel [0] 1 Valid default 18:50:27.659806 +0100 kernel ARPT: 385700.896084: [2] 0 IM default 18:50:27.659815 +0100 kernel ARPT: 385700.896093: [3] 1 PM default 18:50:27.659823 +0100 kernel ARPT: 385700.896101: [7-4] 0 Suppr default 18:50:27.659832 +0100 kernel ARPT: 385700.896111: [14:8] 1 Ncons default 18:50:27.659841 +0100 kernel ARPT: 385700.896119: [15] 0 Acked default 18:50:27.659853 +0100 kernel ARPT: 385700.896130: txpktpend AC_BK 0 AC_BE 1 AC_VI 0 AC_VO 0 BCMC 0 ATIM 0
comment:8 Changed 7 years ago by orcioni (Simone Orcioni)
Can it be the warning about setting world read permission relevant ?
MacBookPro:~ sim$ sudo port selfupdate ---> Updating MacPorts base sources using rsync MacPorts base version 2.4.2 installed, MacPorts base version 2.4.2 downloaded. ---> Updating the ports tree Warning: Setting world read permissions on parts of the ports tree failed, need root? ---> MacPorts base is already the latest version The ports tree has been updated. To upgrade your installed ports, you should run port upgrade outdated
comment:9 Changed 7 years ago by orcioni (Simone Orcioni)
What about this?
MacBook-Pro:~ sim$ sudo port upgrade outdated Password: ---> Computing dependencies for glib2 ---> Fetching archive for glib2 ---> Attempting to fetch glib2-2.54.3_2+x11.darwin_17.x86_64.tbz2 from https://packages.macports.org/glib2 ---> Attempting to fetch glib2-2.54.3_2+x11.darwin_17.x86_64.tbz2.rmd160 from https://packages.macports.org/glib2 ---> Installing glib2 @2.54.3_2+x11 ---> Cleaning glib2 ---> Computing dependencies for glib2 ---> Deactivating glib2 @2.54.3_1+x11 ---> Cleaning glib2 ---> Activating glib2 @2.54.3_2+x11 ---> Cleaning glib2 ---> Updating database of binaries ---> Scanning binaries for linking errors ---> No broken files found. MacBook-Pro:~ sim$ sudo port install gnuplot ---> Computing dependencies for gnuplot ---> Extracting gnuplot Error: Failed to extract gnuplot: command execution failed Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/main.log for details. Error: Follow https://guide.macports.org/#project.tickets to report a bug. Error: Processing of port gnuplot failed
comment:10 Changed 7 years ago by neverpanic (Clemens Lang)
The messages you provided are all from kernel. There should be messages from sandboxd that explain the sandbox violation. You should also see these messages when running the MacPorts commands. If you do not see any sandboxd messages it's probably unrelated to the sandbox (although I really don't know what else would be causing this).
The warnings printed by selfupdate may just be another instance of the same problem, since that uses system, which internally uses sandbox-exec. It's interesting to see that you were able to install precompiled packages, because I'd assume those use the same mechanism for extraction, but I didn't verify that (or they may have a different sandbox profile).
So: Please check Console.app for messages from sandboxd.
comment:11 Changed 7 years ago by orcioni (Simone Orcioni)
Sorry, I found no message after issuing the command. many greetings sim
comment:12 follow-up: 13 Changed 7 years ago by neverpanic (Clemens Lang)
Can you put sandbox_enable no into /opt/local/etc/macports/macports.conf and try again to see whether this is sandbox-related at all then?
comment:13 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to neverpanic:
Can you put
sandbox_enable nointo/opt/local/etc/macports/macports.confand try again to see whether this is sandbox-related at all then?
Done. Sorry but no console message related to sandbox.
This is the console output related to gnuplot installation:
default 21:43:12.769244 +0100 sudo Too many groups requested (2147483647). Can cause performance issues when network directories are involved default 21:43:12.783147 +0100 sudo sim : TTY=ttys001 ; PWD=/Users/sim ; USER=root ; COMMAND=/opt/local/bin/port install gnuplot default 21:43:12.786589 +0100 taskgated MacOS error: -67062
greetings
sim
comment:14 follow-up: 15 Changed 7 years ago by neverpanic (Clemens Lang)
So just to make sure I understand this correctly, you're saying the installation still failed with sandbox_enable no?
MacOS error -67062 occurs when a code signature is required to do an operation but no signature is present:
$ security error -67062 Error: 0xFFFEFA0A -67062 code object is not signed at all
Unfortunately it's not clear what that operation is. MacPorts does not need code signatures for its operation. My best guess would be that a code signature on some system binary got lost for whatever reason. Unfortunately my knowledge ends here. I can only assume that this is a system problem. Try rebooting or refreshing your macOS installation.
comment:15 Changed 7 years ago by orcioni (Simone Orcioni)
Replying to neverpanic:
So just to make sure I understand this correctly, you're saying the installation still failed with
sandbox_enable no?
The installation of previously mentioned ports, yes. But, I have to correct my previous claim that all ports fail ot install. I tried emacs and it will succeded. I don't need it, but it succeded.
So currently these are the port that systematically fail to install: ghostscript, gnuplot, cvs, gmp.
Many ports depends on them, so pratically I can not install any port that I need.
MacOS error -67062 occurs when a code signature is required to do an operation but no signature is present:
$ security error -67062 Error: 0xFFFEFA0A -67062 code object is not signed at allUnfortunately it's not clear what that operation is. MacPorts does not need code signatures for its operation. My best guess would be that a code signature on some system binary got lost for whatever reason. Unfortunately my knowledge ends here. I can only assume that this is a system problem. Try rebooting or refreshing your macOS installation.
I will try immediatly a reboot; about reinstalling macOS, it will be more difficult.
many greetings
sim
gnuplot main.log