term-readkey-pm build failure with Xcode11

[nieder]

On 10.15b7 with Xcode GM, term-readkey-pm fails with this error:

cc  -I/Applications/Xcode-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk/System/Library/Perl/5.18/darwin-thread-multi-2level/CORE -bundle -undefined dynamic_lookup -fstack-protector  ReadKey.o  -o blib/arch/auto/Term/ReadKey/ReadKey.bundle  \
	      \
	  
chmod 755 blib/arch/auto/Term/ReadKey/ReadKey.bundle
"/usr/bin/arch" -x86_64 perl5.18 "-Iblib/arch" "-Iblib/lib" ReadKey_pm.PL ReadKey.pm 
Creating ReadKey.pm
Can't load 'blib/arch/auto/Term/ReadKey/ReadKey.bundle' for module Term::ReadKey: dlopen(blib/arch/auto/Term/ReadKey/ReadKey.bundle, 1): no suitable image found.  Did find:
	file system relative paths not allowed in hardened programs at /System/Library/Perl/5.18/darwin-thread-multi-2level/DynaLoader.pm line 194.
 at /System/Library/Perl/5.18/darwin-thread-multi-2level/DynaLoader.pm line 98.
	DynaLoader::croak('Can\'t load \'blib/arch/auto/Term/ReadKey/ReadKey.bundle\' fo...') called at /System/Library/Perl/5.18/darwin-thread-multi-2level/DynaLoader.pm line 194
	DynaLoader::bootstrap('Term::ReadKey') called at ReadKey_pm.PL line 515
Bootstrapping the XS for blockoptions: make: *** [ReadKey.pm] Error 255

Looks like more 'security' from Apple.
@cschaffner
@dmacks

[dmacks]

Apple's new "hardened runtime entitlements" security apparently prevents a whole host of formerly allowed and commonly done and useful things that use "other than actual full paths to loadable objects". Apparently it also breaks @executable_path that for a while was promoted as allowing prefix-agnostic applications, DYLD env-var games (hello libtool/cmake!), and module-loading.

[nieder]

Just to add, extutils-constant-pm also fails with a hardened error on 10.15/xcode11, but just during tests, not pkg building.

[cschaffner]

@cschaffner
wrong person, I'm afraid...

[nieder]

For the record, I forced perl5184 on 10.15, symlinked perl5.18->perl5.18.4, and built term-readkey-pm5184 without any problems. Time to forgo system-perl on 10.15? It's probably going to be gone on 10.16 anyway.

[dmacks]

@nieder I started fink/fink#201 regarding replacing system-perl

[TheSin-]

I'm stuck at this bug so I'm going to try a few things, one is maybe during build it can set and alias for perl5.18.4 ? Anyhow I'll report back since this is holding up my work and I have no choice since I can only run 10.15 now.

[TheSin-]

alias failed, but maybe I'll spend more time understanding the actual issue, I assume it's in the perl binary it's self

@neider you forced perl5184 but why the symlink? Also any chance or adding perl5184-core to fink so we 10.15 ppl can build it too?

[TheSin-]

so really the issue is just using relative paths.

perl5.18 "-I/opt/sw/src/fink.build/term-readkey-pm5184-2.38-0.1/TermReadKey-2.38/blib/arch" "-I/opt/sw/src/fink.build/term-readkey-pm5184-2.38-0.1/TermReadKey-2.38/blib/lib" ReadKey.pm.PL ReadKey.pm
Creating ReadKey.pm
Bootstrapping the XS for blockoptions: 5
Done

changing the -Iblib/lib to -I/opt/sw/src/fink.build/term-readkey-pm5184-2.38-0.1/TermReadKey-2.38/blib/lib fixes it

[TheSin-]

Looks like 2 solutions that I can that are immediate.

1. We patch fink so that after Makefile.PL we run a perl -pi on Makefile that replaces ' blib/' with '$(pwd)/blib/'
2. we patch ExtUtils so that it uses absolutes

I think 2 is best but I'm not that familiar with ExtUtils, so that would take me a little time, hoping someone with more exp with ExtUtils can chime in here.

[TheSin-]

fixed upstream I'm going to locally update and test

Changes for version 7.37_04
Bug fixes:
Fix static linking on macOS

The 10.15 installed version is 6.66, like really??

I updated the fink version to 7.38 but I can't figure out how to force it to be used over the system version :\

[nieder]

@TheSin-: I made the symlink because I wasn't 100% sure how Fink would deal with two version of perl-5.18.4 around. I know a lot of the internal Fink code looks for the executable perl5.18, so I figured that might be needed (but is probably the wrong 'solution'). So since perl5184 creates %p/bin/perl5.18.4, I then symlinked %p/bin/perl5.18 to point to that (thus hiding /usr/bin/perl5.18).

To get perl5184-core on 10.15, I just edited dists/stable/main/finkinfo/languages/perl5184.info to have 10.15 in the Distributions: field.

[TheSin-]

Got it working, not pretty but works

in PkgVersion.pm

change

                                "$archflags $perlcmd Makefile.PL \%c\n".
                                "/usr/bin/make CC=gcc CXX=g++\n";

to

                                "$archflags $perlcmd Makefile.PL \%c\n".
                                "perl -pi -e 's, blib/, %b/blib/,g' Makefile\n".
                                "/usr/bin/make CC=gcc CXX=g++\n";

Obviously this type of fix could break other packages, it might be safer to do this inside the term-readkey-pm info file, but I'm going to test it in the PkgVersion.pm for a bit see how it goes.

This does NOT fix tests, this likely needs to be done in the test module as far as I can see.

[TheSin-]

To get perl5184-core on 10.15, I just edited dists/stable/main/finkinfo/languages/perl5184.info to have 10.15 in the Distributions: field.

Thank I got it working with my patch form above, I'm just fixing my debhelper now since my patches never accounted for multilevel base path ;)

[htodd]

This is working for me now.

[nieder]

Patching ExtUtils::Makemaker to use a full blib path would push a versioned BuildDepends on every perl package that uses ExtUtils::Makemaker. Then again, editing PkgVersion.pm would push a versioned Bdep on fink, so not much difference.

Doing perl-pie inside term-readkey-pm.info would mean breaking up %{default_script} into its individual commands to squeeze the perl-pie in between Makefile generation and running make. I think it's better to edit PkgVersion.pm.
To edit extutils::makemaker, MM_Any.pm:line1915 sets ./blib/arch.

$self->{INST_ARCHLIB} ||= $self->catdir($Curdir,"blib","arch");

No idea how difficult it'll be to change $Curdir to become a full path vs just .

[TheSin-]

Fink is essential which means you wouldn’t need a version build dep on it since it doesn’t change the dev content and it would auto install. But makemaker would need one

[dmacks]

I think patching MakeMaker is the cleaner solution...put the workaround in the place where the apparent bug (or at least "the call that is now broken by apple's changes") is. Does this affect other packages besides term-readkey-pmXXX (like "all other -pmXXX that have compiled C code)? If so, we could have fink insert an implicit BDep:eu-mm-pmXXX on all packages that are [Package:*-pmXXX && Type:makemaker], so packages themselves wouldn't have to do anything special.

[TheSin-]

it does affect others, but it's not all. I forget some of the others, I found it by patching term-readkey by hand and continue rather then patching fink.

[nieder]

See Perl-Toolchain-Gang/ExtUtils-MakeMaker#350

[nieder]

Aha!
This fixes extutils-makemaker so that term-readkey-pm5184 and extutils-constant-pm build on 10.15:

--- MM_Any.pm
+++ MM_Any.pm
 my($self) = shift;
 
+$self->{Curdir_Abs} = File::Spec->rel2abs ($Curdir);
-$self->{INST_ARCHLIB} ||= $self->catdir($Curdir,"blib","arch");
+$self->{INST_ARCHLIB} ||= $self->catdir($self->{Curdir_Abs},"blib","arch");
 $self->{INST_BIN}  ||= $self->catdir($Curdir,'blb','bin');
 

[nieder]

Ugh. Almost. EU::MM tests then compare abs path from patched MM_Any.pm to reference relative path.

[nieder]

EU-MM-7.44.zip

Can someone else on 10.15 check the above version of EU-MM ? I had to zip it up because Github doesn't support uploading .info or .patch to an ticket.

[dmacks]

I only have 10.13, and occasionally 10.14. Github supports .txt, so maybe rename to .info.txt and so on? That's 100% differently annoying than zipping it all:)

[nieder]

Also, current 10.15/pm5182 that use EU::MM often fail looking for EXTERN.h. I found this to be caused by applying the eu-mm-pm-sdk.patch file indiscriminately to all EU:MM variants on 10.14+. It should only be applied to the systemperl variant (pm5184 on 10.14.5 and 10.15).

If we expand the conditionalizing to test for $darwin_vers AND %type_num[perl], then the four pm5182 perlmods I tested that previously failed on 10.15/pm5182 now build and test OK.

[htodd]

extutils-makemaker-pm5184 works for me on 10.15.4. No errors with -Kk