Opened 7 years ago

Last modified 7 years ago

#55827 new defect

sandbox-exec: execvp() of 'sh' failed: No such file or directory

Reported by: orcioni (Simone Orcioni) Owned by:
Priority: Normal Milestone:
Component: base Version:
Keywords: highsierra Cc:
Port:

Description (last modified by ryandesign (Ryan Carsten Schmidt))

Each of these port fails to install with the same error. I have a fresh installation of HighSierra MacPort, no migration from old ports.

Below an extract from /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/main.log

:info:extract sandbox-exec: execvp() of 'sh' failed: No such file or directory
:info:extract Command failed:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/work" && /usr/bin/gzip -dc '/opt/local/var/macports/distfiles/gnuplot/5.2.2/gnuplot-5.2.2.tar.gz' | /usr/bin/tar -xf - 
:info:extract Exit code: 71

If I execute from prompt the above command, it succeeded. Same behavior, with different file names, for the other ports in subject.

I hope someone can help me,

many greetings

sim

Attachments (1)

main.log (84.4 KB) - added by orcioni (Simone Orcioni) 7 years ago.
gnuplot main.log

Download all attachments as: .zip

Change History (16)

Changed 7 years ago by orcioni (Simone Orcioni)

Attachment: main.log added

gnuplot main.log

comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Component: portsbase
Description: modified (diff)
Keywords: highsierra added
Summary: Installing gnuplot, cvs, ghostscript, ..... each fails with the same error.sandbox-exec: execvp() of 'sh' failed: No such file or directory

Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.

If you're not using trace mode... Has it ever worked? If so, what changed?

comment:2 in reply to:  1 ; Changed 7 years ago by orcioni (Simone Orcioni)

Replying to ryandesign:

Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.

If you're not using trace mode... Has it ever worked? If so, what changed?

I don't know what is trace mode, I don't think to use it.

I installed new ports after the recent High Sierra updates (now 10.13.3 (17D47)) and I encountered the problem. So I made a new fresh MacPort installation and I began from the ports that I needed. Now all ports gave this error.

sim

Last edited 7 years ago by orcioni (Simone Orcioni) (previous) (diff)

comment:3 in reply to:  2 Changed 7 years ago by orcioni (Simone Orcioni)

Replying to orcioni:

Replying to ryandesign:

Are you using trace mode? If so, maybe it's a similar problem to #55575; the workaround is not to use trace mode.

If you're not using trace mode... Has it ever worked? If so, what changed?

I don't know what is trace mode, I don't think to use it.

I installed new ports after the recent High Sierra updates (now 10.13.3 (17D47)) and I encountered the problem. So I made a new fresh MacPort installation and I began from the ports that I needed. Now all ports gave this error.

sim

It could be a problem of file/directory rw permissions or similar, but I can not figure how to check it and why it happens now.

sim

comment:4 Changed 7 years ago by neverpanic (Clemens Lang)

What's the output of ls -lash /bin/sh and which sh on your system?

comment:5 in reply to:  4 Changed 7 years ago by orcioni (Simone Orcioni)

Replying to neverpanic:

What's the output of ls -lash /bin/sh and which sh on your system?

ls -lash /bin/sh

808 -r-xr-xr-x 1 root wheel 604K Oct 25 18:37 /bin/sh

which sh

/bin/sh

thanks sim

comment:6 Changed 7 years ago by neverpanic (Clemens Lang)

Please try

sandbox-exec -p '(version 1) (allow default) (deny file-write*)  (allow file-write-data (literal "/dev/null") (literal "/dev/zero")  (literal "/dev/dtracehelper") (literal "/dev/tty")  (literal "/dev/stdin") (literal "/dev/stdout") (literal "/dev/stderr")  (literal "/dev/random") (literal "/dev/urandom")  (regex #"^/dev/fd/")) (allow file-write*  (regex #"^(/private)?(/var)?/tmp/" #"^(/private)?/var/folders/" #"^(/private)?/var/db/mds/"))' sh -c true

on your system.

Check Console.app for messages from sandboxd while you do this and provide these messages.

comment:7 in reply to:  6 Changed 7 years ago by orcioni (Simone Orcioni)

Replying to neverpanic:

Please try

sandbox-exec -p '(version 1) (allow default) (deny file-write*)  (allow file-write-data (literal "/dev/null") (literal "/dev/zero")  (literal "/dev/dtracehelper") (literal "/dev/tty")  (literal "/dev/stdin") (literal "/dev/stdout") (literal "/dev/stderr")  (literal "/dev/random") (literal "/dev/urandom")  (regex #"^/dev/fd/")) (allow file-write*  (regex #"^(/private)?(/var)?/tmp/" #"^(/private)?/var/folders/" #"^(/private)?/var/db/mds/"))' sh -c true

on your system.

Check Console.app for messages from sandboxd while you do this and provide these messages.

There are many messages from different sources. These are the first appearing:

default	18:50:27.659667 +0100	kernel	ARPT: 385700.895940: txpkt (MPDU) Complete
default	18:50:27.659695 +0100	kernel	ARPT: 385700.895972: FrameID: 0x7001
default	18:50:27.659703 +0100	kernel	Seq: 0x0253
default	18:50:27.659709 +0100	kernel	TxStatus: 0x010b
default	18:50:27.659715 +0100	kernel	
default	18:50:27.659724 +0100	kernel	ARPT: 385700.896002: ACK 0 IM 0 PM 1 Suppr 0 (None)
default	18:50:27.659736 +0100	kernel	ARPT: 385700.896013: CNT(rts_tx)=0 CNT(frag_tx_cnt)=7 CNT(cts_rx_cnt)=0
default	18:50:27.659749 +0100	kernel	ARPT: 385700.896026: DequeueTime: 0x00001848
default	18:50:27.659757 +0100	kernel	LastTxTime: 0x22078a80
default	18:50:27.659765 +0100	kernel	PHYTxErr:   0x0000
default	18:50:27.659772 +0100	kernel	RxAckRSSI: 0x0082
default	18:50:27.659779 +0100	kernel	RxAckSQ: 0x00ff
default	18:50:27.659784 +0100	kernel	
default	18:50:27.659791 +0100	kernel	ARPT: 385700.896070: Raw
default	18:50:27.659799 +0100	kernel	[0]    1 Valid
default	18:50:27.659806 +0100	kernel	ARPT: 385700.896084: [2]    0 IM
default	18:50:27.659815 +0100	kernel	ARPT: 385700.896093: [3]    1 PM
default	18:50:27.659823 +0100	kernel	ARPT: 385700.896101: [7-4]  0 Suppr
default	18:50:27.659832 +0100	kernel	ARPT: 385700.896111: [14:8] 1 Ncons
default	18:50:27.659841 +0100	kernel	ARPT: 385700.896119: [15]   0 Acked
default	18:50:27.659853 +0100	kernel	ARPT: 385700.896130: txpktpend AC_BK 0 AC_BE 1 AC_VI 0 AC_VO 0 BCMC 0 ATIM 0

comment:8 Changed 7 years ago by orcioni (Simone Orcioni)

Can it be the warning about setting world read permission relevant ?

MacBookPro:~ sim$ sudo port selfupdate
--->  Updating MacPorts base sources using rsync
MacPorts base version 2.4.2 installed,
MacPorts base version 2.4.2 downloaded.
--->  Updating the ports tree
Warning: Setting world read permissions on parts of the ports tree failed, need root?
--->  MacPorts base is already the latest version

The ports tree has been updated. To upgrade your installed ports, you should run
  port upgrade outdated

comment:9 Changed 7 years ago by orcioni (Simone Orcioni)

What about this?

MacBook-Pro:~ sim$ sudo port upgrade outdated
Password:
--->  Computing dependencies for glib2
--->  Fetching archive for glib2
--->  Attempting to fetch glib2-2.54.3_2+x11.darwin_17.x86_64.tbz2 from https://packages.macports.org/glib2
--->  Attempting to fetch glib2-2.54.3_2+x11.darwin_17.x86_64.tbz2.rmd160 from https://packages.macports.org/glib2
--->  Installing glib2 @2.54.3_2+x11
--->  Cleaning glib2
--->  Computing dependencies for glib2
--->  Deactivating glib2 @2.54.3_1+x11
--->  Cleaning glib2
--->  Activating glib2 @2.54.3_2+x11
--->  Cleaning glib2
--->  Updating database of binaries
--->  Scanning binaries for linking errors
--->  No broken files found.
MacBook-Pro:~ sim$ sudo port install gnuplot
--->  Computing dependencies for gnuplot
--->  Extracting gnuplot
Error: Failed to extract gnuplot: command execution failed
Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_math_gnuplot/gnuplot/main.log for details.
Error: Follow https://guide.macports.org/#project.tickets to report a bug.
Error: Processing of port gnuplot failed

comment:10 Changed 7 years ago by neverpanic (Clemens Lang)

The messages you provided are all from kernel. There should be messages from sandboxd that explain the sandbox violation. You should also see these messages when running the MacPorts commands. If you do not see any sandboxd messages it's probably unrelated to the sandbox (although I really don't know what else would be causing this).

The warnings printed by selfupdate may just be another instance of the same problem, since that uses system, which internally uses sandbox-exec. It's interesting to see that you were able to install precompiled packages, because I'd assume those use the same mechanism for extraction, but I didn't verify that (or they may have a different sandbox profile).

So: Please check Console.app for messages from sandboxd.

comment:11 Changed 7 years ago by orcioni (Simone Orcioni)

Sorry, I found no message after issuing the command. many greetings sim

comment:12 Changed 7 years ago by neverpanic (Clemens Lang)

Can you put sandbox_enable no into /opt/local/etc/macports/macports.conf and try again to see whether this is sandbox-related at all then?

comment:13 in reply to:  12 Changed 7 years ago by orcioni (Simone Orcioni)

Replying to neverpanic:

Can you put sandbox_enable no into /opt/local/etc/macports/macports.conf and try again to see whether this is sandbox-related at all then?

Done. Sorry but no console message related to sandbox.

This is the console output related to gnuplot installation:

default	21:43:12.769244 +0100	sudo	Too many groups requested (2147483647).  Can cause performance issues when network directories are involved
default	21:43:12.783147 +0100	sudo	     sim : TTY=ttys001 ; PWD=/Users/sim ; USER=root ; COMMAND=/opt/local/bin/port install gnuplot
default	21:43:12.786589 +0100	taskgated	MacOS error: -67062

greetings

sim

comment:14 Changed 7 years ago by neverpanic (Clemens Lang)

So just to make sure I understand this correctly, you're saying the installation still failed with sandbox_enable no?

MacOS error -67062 occurs when a code signature is required to do an operation but no signature is present:

$ security error -67062
Error: 0xFFFEFA0A -67062 code object is not signed at all

Unfortunately it's not clear what that operation is. MacPorts does not need code signatures for its operation. My best guess would be that a code signature on some system binary got lost for whatever reason. Unfortunately my knowledge ends here. I can only assume that this is a system problem. Try rebooting or refreshing your macOS installation.

comment:15 in reply to:  14 Changed 7 years ago by orcioni (Simone Orcioni)

Replying to neverpanic:

So just to make sure I understand this correctly, you're saying the installation still failed with sandbox_enable no?

The installation of previously mentioned ports, yes. But, I have to correct my previous claim that all ports fail ot install. I tried emacs and it will succeded. I don't need it, but it succeded.

So currently these are the port that systematically fail to install: ghostscript, gnuplot, cvs, gmp.

Many ports depends on them, so pratically I can not install any port that I need.

MacOS error -67062 occurs when a code signature is required to do an operation but no signature is present:

$ security error -67062
Error: 0xFFFEFA0A -67062 code object is not signed at all

Unfortunately it's not clear what that operation is. MacPorts does not need code signatures for its operation. My best guess would be that a code signature on some system binary got lost for whatever reason. Unfortunately my knowledge ends here. I can only assume that this is a system problem. Try rebooting or refreshing your macOS installation.

I will try immediatly a reboot; about reinstalling macOS, it will be more difficult.

many greetings

sim

Note: See TracTickets for help on using tickets.