Finding dependents

[Gerben Wierda via macports-users]

Ik keep struggling when I try to find out dependencies once in a while.

Suppose I have this installed:

  postfix @3.7.2_0+dovecot_sasl+pcre+smtputf8+tls (active)

How do I find out the port dependencies with the port command such that port 
tells me my postfix depends on port:pcre?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Building mupdf (macOS Monterey, clean ports installation) fails

[Gerben Wierda via macports-users]

Forget about this one. It is a known problem

https://trac.macports.org/ticket/65799 <https://trac.macports.org/ticket/65799>

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 6 Dec 2022, at 13:03, Gerben Wierda via macports-users 
>  wrote:
> 
> I tried to install my standard set of ports after running
> 
> sudo port -f uninstall installed
> sudo port -N reclaim
> 
> So, a clean slate. But it failed for mupdf:
> 
> :info:build mkdir -p build/shared-release/generated/resources/fonts/noto/ ; 
> /usr/bin/clang -ffunction-sections -fdata-sections -pipe -O2 -DNDEBUG 
> -fomit-frame-pointer -Os -arch x86_64 -Iinclude -MMD -MP -o 
> build/shared-release/generated/resources/fonts/noto/NotoSansOldPermic-Regular.otf.o
>  -c generated/resources/fonts/noto/NotoSansOldPermic-Regular.otf.c -Wall 
> -Wsign-compare -fPIC -O0
> :info:build mkdir -p build/shared-release/generated/resources/fonts/noto/ ; 
> /usr/bin/clang -ffunction-sections -fdata-sections -pipe -O2 -DNDEBUG 
> -fomit-frame-pointer -Os -arch x86_64 -Iinclude -MMD -MP -o 
> build/shared-release/generated/resources/fonts/noto/NotoSansOldPersian-Regular.otf.o
>  -c generated/resources/fonts/noto/NotoSansOldPersian-Regular.otf.c -Wall 
> -Wsign-compare -fPIC -O0
> :info:build clang: note: diagnostic msg: 
> :info:build 
> :info:build PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
> :info:build Preprocessed source(s) and associated run script(s) are located 
> at:
> :info:build clang: note: diagnostic msg: 
> /opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.tmp/SourceHanSerif-Regular-5d1585.c
> :info:build clang: note: diagnostic msg: 
> /opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.tmp/SourceHanSerif-Regular-5d1585.sh
> :info:build clang: note: diagnostic msg: Crash backtrace is located in
> :info:build clang: note: diagnostic msg: 
> /opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.home/Library/Logs/DiagnosticReports/clang__.crash
> :info:build clang: note: diagnostic msg: (choose the .crash file that 
> corresponds to your crash)
> :info:build clang: note: diagnostic msg: 
> :info:build 
> :info:build make[1]: *** 
> [build/shared-release/generated/resources/fonts/han/SourceHanSerif-Regular.ttc.o]
>  Error 254
> :info:build make[1]: *** Waiting for unfinished jobs
> :info:build make[1]: Leaving directory 
> `/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source'
> :info:build make: *** [shared-release] Error 2
> :info:build make: *** Waiting for unfinished jobs
> :info:build make: Leaving directory 
> `/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source'
> :info:build Command failed:  cd 
> "/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source"
>  && /usr/bin/make -j6 -w all PREFIX=/opt/local CC=/usr/bin/clang 
> CXX=/usr/bin/clang++ CPP=/usr/bin/cpp XCFLAGS="-Os -arch x86_64" 
> XLIBS="-L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64" 
> HAVE_GLUT=yes HAVE_X11=no USE_SYSTEM_LIBS=yes build=release verbose=yes 
> shared 
> :info:build Exit code: 2
> :error:build Failed to build mupdf: command execution failed
> :debug:build Error code: CHILDSTATUS 99706 2
> :debug:build Backtrace: command execution failed
> :debug:build while executing
> :debug:build "system {*}$notty {*}$callback {*}$nice $fullcmdstring"
> :debug:build invoked from within
> :debug:build "command_exec -callback portprogress::target_progress_callback 
> build"
> :debug:build (procedure "portbuild::build_main" line 8)
> :debug:build invoked from within
> :debug:build "$procedure $targetname"
> :error:build See 
> /opt/local/var/macports/logs/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/main.log
>  for details.
> 
> Can someone confirm/reproduce this is problem?
> 
> XCode version 14.1.0.0.1.1666437224 is installed.
> 
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture 
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> 

Building mupdf (macOS Monterey, clean ports installation) fails

[Gerben Wierda via macports-users]

I tried to install my standard set of ports after running

sudo port -f uninstall installed
sudo port -N reclaim

So, a clean slate. But it failed for mupdf:

:info:build mkdir -p build/shared-release/generated/resources/fonts/noto/ ; 
/usr/bin/clang -ffunction-sections -fdata-sections -pipe -O2 -DNDEBUG 
-fomit-frame-pointer -Os -arch x86_64 -Iinclude -MMD -MP -o 
build/shared-release/generated/resources/fonts/noto/NotoSansOldPermic-Regular.otf.o
 -c generated/resources/fonts/noto/NotoSansOldPermic-Regular.otf.c -Wall 
-Wsign-compare -fPIC -O0
:info:build mkdir -p build/shared-release/generated/resources/fonts/noto/ ; 
/usr/bin/clang -ffunction-sections -fdata-sections -pipe -O2 -DNDEBUG 
-fomit-frame-pointer -Os -arch x86_64 -Iinclude -MMD -MP -o 
build/shared-release/generated/resources/fonts/noto/NotoSansOldPersian-Regular.otf.o
 -c generated/resources/fonts/noto/NotoSansOldPersian-Regular.otf.c -Wall 
-Wsign-compare -fPIC -O0
:info:build clang: note: diagnostic msg: 
:info:build 
:info:build PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
:info:build Preprocessed source(s) and associated run script(s) are located at:
:info:build clang: note: diagnostic msg: 
/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.tmp/SourceHanSerif-Regular-5d1585.c
:info:build clang: note: diagnostic msg: 
/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.tmp/SourceHanSerif-Regular-5d1585.sh
:info:build clang: note: diagnostic msg: Crash backtrace is located in
:info:build clang: note: diagnostic msg: 
/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/.home/Library/Logs/DiagnosticReports/clang__.crash
:info:build clang: note: diagnostic msg: (choose the .crash file that 
corresponds to your crash)
:info:build clang: note: diagnostic msg: 
:info:build 
:info:build make[1]: *** 
[build/shared-release/generated/resources/fonts/han/SourceHanSerif-Regular.ttc.o]
 Error 254
:info:build make[1]: *** Waiting for unfinished jobs
:info:build make[1]: Leaving directory 
`/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source'
:info:build make: *** [shared-release] Error 2
:info:build make: *** Waiting for unfinished jobs
:info:build make: Leaving directory 
`/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source'
:info:build Command failed:  cd 
"/opt/local/var/macports/build/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/work/mupdf-1.20.3-source"
 && /usr/bin/make -j6 -w all PREFIX=/opt/local CC=/usr/bin/clang 
CXX=/usr/bin/clang++ CPP=/usr/bin/cpp XCFLAGS="-Os -arch x86_64" 
XLIBS="-L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64" 
HAVE_GLUT=yes HAVE_X11=no USE_SYSTEM_LIBS=yes build=release verbose=yes shared 
:info:build Exit code: 2
:error:build Failed to build mupdf: command execution failed
:debug:build Error code: CHILDSTATUS 99706 2
:debug:build Backtrace: command execution failed
:debug:build while executing
:debug:build "system {*}$notty {*}$callback {*}$nice $fullcmdstring"
:debug:build invoked from within
:debug:build "command_exec -callback portprogress::target_progress_callback 
build"
:debug:build (procedure "portbuild::build_main" line 8)
:debug:build invoked from within
:debug:build "$procedure $targetname"
:error:build See 
/opt/local/var/macports/logs/_Users_gerben_MacPortsDev_macports-ports_graphics_mupdf/mupdf/main.log
 for details.

Can someone confirm/reproduce this is problem?

XCode version 14.1.0.0.1.1666437224 is installed.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Running open source 'unix' services via MacPorts on macOS is no longer feasible for me

[Gerben Wierda via macports-users]

Over the last years, it has become harder and harder to run Unix services on my 
Macs. I'm using MacPorts for these since the demise of macOS Server and they 
include
a mail server (dcc, apache-solr8, clamav-server, rspamd, dovecot, postfix)
a name server (nsd, unbound)
a web server (nginx, minio)
Before Monterey I was running Mojave and that worked very well. I skipped 
Catalina and went straight for Monterey so I would have a long period of 'no 
large migrations'.

The experience has been horrible. I had to turn off the application layer 
firewall on the server for instance. I had to start some services (MinIO) not 
via launchd but by hand because they would not start properly because of 
permissions when I did (MinIO could not access a fixed mount external disk when 
started from launchd, but had no problem accessing it after boot). About 1 to 2 
times every day, the system is totally dead, it gets stuck apparently because 
it runs out of sockets or something like that. I suspect this is because I am 
running a public mail server which gets a lot of connections and macOS has some 
sort of resource leak. After maximally about an hour, the system gets 'unstuck' 
and moves on. The 'unstuck' started to happen was after 12.5 to 12.5.1 (so an 
improvement) but it has the feel of Apple doing a quick and dirty fix in 12.5.1 
for a resource leak in 12.5.

Apple has been a rock solid server system for me for many years. Since Monterey 
I consider it to be extremely unreliable and not feasible as a server 
environment for unix-like services.

I suspect that all of this is because Apple is moving to a new security 
mechanism, one more focused on how it is done in iOS too, where things like 
code signing, immutability of parts of the file system, etc. are taking the 
role that traditionally is done by ACL/POSIX-like permissions. Apple's new way 
of doing security is arguably stronger than the old way. But the 'old' way of 
doing things is less and less supported and certainly not a focus for Apple to 
keep operational (which is dumb because by not supporting they are flying blind 
for the kind of resource leak errors I seem to have encountered). So, install 
unbound, and after boot macOS will ask you 'do you want unbound to accept 
incoming connections?'. Yes, of course, but that setting doesn't stick. After 
every next reboot, the same happens. Run the same executable side by side on 
different ports, and ALF gets confused. So, not only is the old ACL/POSIX way 
of permissions no longer properly implemented, the new system is not friendly 
for your own compiled stuff.

The setup has become so unreliable that I do not dare to upgrade my current 
server beyond macOS 12.5.1, afraid as I am that the next update will kill even 
more, rendering my production setup effectively dead. 

I can't update my macOS anymore for fear that it kills what I cannot work 
without.

The key weak point in all of this seems to be the macOS Application Level 
Firewall which is iffy and especially iffy when it has to work with unsigned 
executables. But even when it is turned off, lots of other things that would 
normall work fine in a unix-like environment stop working, esppecially when you 
want to do 'server-like' stuff that requires open ports and sockets and such.

Sadly, this means that running a 'macOS Server substitute using MacPorts' is no 
longer feasible for me. I have started to move to a Linux setup and I hope my 
'macOS Server' (which I have been running since it's start in some way or 
another, and OPENSTEP/NeXTSTEP before that) survives until I have that working 
properly.

Apple turns macOS into a purely consumer appliance, it seems. That is their 
good right, but they also starve attention to the old unixy-way of things, 
leading to weak (certainly not robust) implementations of the unix-side. And 
that might be the eventual death of MacPorts unless it goes full in on Apple's 
new security model, signing and all. And for the time being, Apple's own 
suggestion to move to open source variants of the macOS Server stuff they 
abandoned, is not to be taken seriously as they also are not serious about the 
foundation those open source elements need.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Problem with rsync.macports.org mirror?

[Gerben Wierda via macports-users]

I think I must have made an error (probably with the way I sync work across 
systems).

G

> On 31 Jul 2022, at 16:13, Joshua Root  wrote:
> 
> There hasn't been a base release recently, so that output is completely 
> expected when updating the base sources. There should be some more output 
> involving "--->  Updating the ports tree" which, if you have an rsync-based 
> source configured in sources.conf, will run additional rsync commands to 
> update ports.tar and PortIndex. That worked for me when I tried it just now.
> 
> Gerben Wierda wrote:
> 
>> Because after finishing it still said ‘more than two weeks old please 
>> update’, and it downloaded not more than 50-60 bytes
>> 
>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>> R Enterprise Architecture <https://ea.rna.nl/> (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> <https://ea.rna.nl/the-book/>
>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> 
>> >/On 31 Jul 2022, at 11:58, Chris Jones > ><https://lists.macports.org/mailman/listinfo/macports-users>> wrote: 
>> >/>//>//>//>>/On 31 Jul 2022, at 9:05 am, Gerben Wierda via macports-users 
>> >> ><https://lists.macports.org/mailman/listinfo/macports-users>> wrote: 
>> >/>>//>>/ />>/gerben at hermione 
>> ><https://lists.macports.org/mailman/listinfo/macports-users> macports-ports 
>> >% sudo port -v selfupdate />>/---> Updating MacPorts base sources using 
>> >rsync />>//>>/Willkommen auf dem RSYNC-server auf ftp.fau.de 
>> ><http://ftp.fau.de/>. />>/Nicht all unsere Mirror sind per rsync 
>> >verfuegbar. />>//>>/Welcome to the RSYNC daemon on ftp.fau.de 
>> ><http://ftp.fau.de/>. />>/Not all of our mirrors are available through 
>> >rsync. />>//>>//>>/receiving file list ... done />>//>>/sent 16 bytes 
>> >received 55 bytes 142.00 bytes/sec />>/total size is 85861888 speedup is 
>> >1209322.37 />>//>>/Willkommen auf dem RSYNC-server auf ftp.fau.de 
>> ><http://ftp.fau.de/>. />>/Nicht all unsere Mirror sind per rsync 
>> >verfuegbar. />>//>>/Welcome to the RSYNC daemon on ftp.fau.de 
>> ><http://ftp.fau.de/>. />>/Not all of our mirrors are available through 
>> >rsync. />>//>>//>>/receiving file list ... done />>//>>/sent 16 bytes 
>> >received 62 bytes 52.00 bytes/sec/
> 

Re: Problem with rsync.macports.org mirror?

[Gerben Wierda via macports-users]

Because after finishing it still said ‘more than two weeks old please update’, 
and it downloaded not more than 50-60 bytes

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 31 Jul 2022, at 11:58, Chris Jones  wrote:
> 
> 
> 
>> On 31 Jul 2022, at 9:05 am, Gerben Wierda via macports-users 
>>  wrote:
>> 
>> 
>> gerben@hermione macports-ports % sudo port -v selfupdate
>> --->  Updating MacPorts base sources using rsync
>> 
>> Willkommen auf dem RSYNC-server auf ftp.fau.de <http://ftp.fau.de/>.
>> Nicht all unsere Mirror sind per rsync verfuegbar.
>> 
>> Welcome to the RSYNC daemon on ftp.fau.de <http://ftp.fau.de/>.
>> Not all of our mirrors are available through rsync.
>> 
>> 
>> receiving file list ... done
>> 
>> sent 16 bytes  received 55 bytes  142.00 bytes/sec
>> total size is 85861888  speedup is 1209322.37
>> 
>> Willkommen auf dem RSYNC-server auf ftp.fau.de <http://ftp.fau.de/>.
>> Nicht all unsere Mirror sind per rsync verfuegbar.
>> 
>> Welcome to the RSYNC daemon on ftp.fau.de <http://ftp.fau.de/>.
>> Not all of our mirrors are available through rsync.
>> 
>> 
>> receiving file list ... done
>> 
>> sent 16 bytes  received 62 bytes  52.00 bytes/sec
>> 
>> Seems to be a problem. 
> 
> Why do you say that ?
> 
>> 
>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>> R IT Strategy <https://ea.rna.nl/> (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> <https://ea.rna.nl/the-book/>
>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> 

Has anyone been using Monterey 12.5 yet?

[Gerben Wierda via macports-users]

Has anyone been using Monterey 12.5 yet?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Problem with rsync.macports.org mirror?

[Gerben Wierda via macports-users]

gerben@hermione macports-ports % sudo port -v selfupdate
--->  Updating MacPorts base sources using rsync

Willkommen auf dem RSYNC-server auf ftp.fau.de.
Nicht all unsere Mirror sind per rsync verfuegbar.

Welcome to the RSYNC daemon on ftp.fau.de.
Not all of our mirrors are available through rsync.


receiving file list ... done

sent 16 bytes  received 55 bytes  142.00 bytes/sec
total size is 85861888  speedup is 1209322.37

Willkommen auf dem RSYNC-server auf ftp.fau.de.
Nicht all unsere Mirror sind per rsync verfuegbar.

Welcome to the RSYNC daemon on ftp.fau.de.
Not all of our mirrors are available through rsync.


receiving file list ... done

sent 16 bytes  received 62 bytes  52.00 bytes/sec

Seems to be a problem. 

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

You might be able to create a different action using mupdf (for which there is 
a port)

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 1 May 2022, at 07:03, Mike Alexander  wrote:
> 
> On 30 Apr 2022, at 6:26, Al Varnell wrote:
> 
>> Or just install python.
> 
> It is installed.  The problem is that the Combine PDF Pages Automator action 
> is in /system/library and has a hard coded path to /usr/bin/python.  That 
> can't be worked around since nothing in /System can be changed.
> 
> I also have PDFPen Pro which comes with an Apple Script that does much the 
> same thing.  It isn't quite what I want, but it's good enough.
> 
> Mike

Re: macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

> On 17 Apr 2022, at 16:47, Ryan Schmidt  wrote:
> 
> 
> 
> On Apr 17, 2022, at 09:45, Christian Calderon wrote:
> 
>>> You would not be able to make a symbolic link at /usr/bin/python because 
>>> /usr/bin is a protected directory.
>> 
>> TIL. Is that something I could work around by disabling SIP?
> 
> On macOS 10.x, yes. On macOS 11 and later, my understanding is that the 
> system volume is cryptographically sealed and there is no way for you to 
> modify it without breaking that seal, which presumably has undesirable 
> consequences.
> 
> https://eclecticlight.co/2020/11/30/is-big-surs-system-volume-sealed/

Yes, I can support that conclusion. Creating that link (or changing anything 
that is in that cryptographically signed part of the file system) is no longer 
a viable option on macOS Big Sur and up.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

> On 17 Apr 2022, at 16:13, Ryan Schmidt  wrote:

>> Doing the (normally unnecessary) migrations run at least will catch the 
>> dependencies during build.
> 
> Only for ports you actually build, not for ports for which you receive a 
> binary archive.

Agreed. But then, the install from my view still succeeds, even if I get a 12.2 
build installed on a 12.3 system. What then is left is that potential runtime 
dependency. Still, doing it with force compile would be better. I am going to 
do that as well.

>> Numbers do not give a definitive answer to major or minor updates. E.g. 
>> tomcat 8.2 or 8.3 are minor updates, but tomcat 8.5 was/is in fact a major 
>> update at the company I work, because it was fundamentally changes. The 
>> numbers are just a clue, not reality. See also Lifecycle Management – Let 
>> the Sunshine in
> 
> In the case of macOS version numbers as they relate to a need to follow the 
> migration instructions, they do. The migration instructions are for helping 
> you upgrade from one major macOS version to another. They are not needed for 
> minor OS version updates.

Agreed. I was misusing the migration instructions (an unnecessary ‘migration') 
in an attempt to do an as-clean-as-possible build with the largest chance to 
run into any hidden dependency on the availability of /usr/bin/python.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

> On 17 Apr 2022, at 15:22, Ryan Schmidt  wrote:
> 
>> I’m about to take the plunge and move one of my systems to macOS 12.3 (which 
>> removes /usr/bin/python). I am going to consider that a MacPorts major 
>> migration (so following the migration instructions).
> 
> If you are upgrading from macOS 11.x or earlier tto macOS 12.3, you should of 
> course follow the migration instructions. If you are upgrading from an 
> earlier version of macOS 12, there would be no benefit to performing the 
> migration steps.

Normally, this is true. But macOS 12.3 is not backwards compatible with macOS 
12.2 in a major way, because of the missing /usr/bin/python. So, if MacPorts 
detects a dependency which is still up to date according to MacPorts, it will 
not rebuild that port. Then later when that dependency gets an update it will. 
If at that moment you find out the dependency still requires /usr/bin/python 
during build, you’re stuck. You might even find this out halfway a dependency 
tree build, so that the dependencies of the dependency have already been 
rebuilt and installed and then halfway that rebuild you fail. It is a risk for 
the availability/continuity of your landscape and that is especially important 
if we’re talking about service you offer to the environment (e.g. mail server).

Of course, the same is true in case of (undeclared, e.g. not tested in the 
configure script) dependencies of python during run, but there is no easy way 
to test for this and the chance of this being the case is smaller (though 
solving it is nastier, I suspect)

The question I have when moving from 12.2 to 12.3 is: is there a port in my set 
that depends on /usr/bin/python (and should become dependent on a MacPorts 
python instead)? Doing the (normally unnecessary) migrations run at least will 
catch the dependencies during build.

Numbers do not give a definitive answer to major or minor updates. E.g. tomcat 
8.2 or 8.3 are minor updates, but tomcat 8.5 was/is in fact a major update at 
the company I work, because it was fundamentally changes. The numbers are just 
a clue, not reality. See also Lifecycle Management – Let the Sunshine in 


Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

12.3 Xcode problem?

[Gerben Wierda via macports-users]

I was busy doing the first tests for macOS 12.3 and ran into this one:

% xcrun -sdk macosx –show-sdk-path
2022-04-16 18:49:47.763 xcodebuild[85239:384046] Requested but did not find 
extension point with identifier Xcode.IDEKit.ExtensionSentinelHostApplications 
for extension Xcode.DebuggerFoundation.AppExtensionHosts.watchOS of plug-in 
com.apple.dt.IDEWatchSupportCore
2022-04-16 18:49:47.763 xcodebuild[85239:384046] Requested but did not find 
extension point with identifier 
Xcode.IDEKit.ExtensionPointIdentifierToBundleIdentifier for extension 
Xcode.DebuggerFoundation.AppExtensionToBundleIdentifierMap.watchOS of plug-in 
com.apple.dt.IDEWatchSupportCore
2022-04-16 18:49:48.405 xcodebuild[85240:384060] Requested but did not find 
extension point with identifier Xcode.IDEKit.ExtensionSentinelHostApplications 
for extension Xcode.DebuggerFoundation.AppExtensionHosts.watchOS of plug-in 
com.apple.dt.IDEWatchSupportCore
2022-04-16 18:49:48.405 xcodebuild[85240:384060] Requested but did not find 
extension point with identifier 
Xcode.IDEKit.ExtensionPointIdentifierToBundleIdentifier for extension 
Xcode.DebuggerFoundation.AppExtensionToBundleIdentifierMap.watchOS of plug-in 
com.apple.dt.IDEWatchSupportCore
xcrun: error: sh -c 
'/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -sdk 
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.3.sdk
 -find \?\?\?show-sdk-path 2> /dev/null' failed with exit code 17664: (null) 
(errno=No such file or directory)
xcrun: error: unable to find utility "\?\?\?show-sdk-path", not a developer 
tool or in PATH

Uncertain if this has anything to do with MacPorts

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

The following ports and their dependencies could be installed by me on macOS 
12.3:

The following ports are currently installed:
  certbot @1.26.0_0+python310 (active)
  clamav-server @0.101.2_4+sanesecurity+scan_schedule_access (active)
  dcc @2.3.168_0 (active)
  dovecot @2.3.17_0+apns+solr (active)
  dovecot-sieve @0.5.17_0 (active)
  gtk-doc @1.32_1+python39 (active)
  inetutils @2.2_0+client (active)
  iperf3 @3.11_0 (active)
  logrotate @3.19.0_0 (active)
  minio @2021-10-06T23-36-31Z_0 (active)
  minio-mc @2021-10-07T04-19-58Z_0 (active)
  mono @6.12.0.122_0 (active)
  nginx @1.21.6_0+davext+debug+fancyindex+flv+http2+mp4+secure_link+ssl+stream 
(active)
  nsd @4.3.8_0 (active)
  postfix @3.7.0_0+dovecot_sasl+pcre+smtputf8+tls (active)
  putty @0.70_0+gui (active)
  python3_select @0.0_2 (active)
  rspamd @3.2_0 (active)
  rsync @3.2.3_1 (active)
  sieve-connect @0.90_1+perl5_28 (active)
  unbound @1.15.0_0 (active)
  wget @1.21.3_0+gnutls (active)
% which python
python not found
% which python3
/usr/bin/python3


Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 16 Apr 2022, at 18:02, Clemens Lang  wrote:
> 
> Hi,
> 
> On Sat, Apr 16, 2022 at 03:16:21PM +0200, Gerben Wierda via macports-users 
> wrote:
>> I’m about to take the plunge and move one of my systems to macOS 12.3
>> (which removes /usr/bin/python). I am going to consider that a
>> MacPorts major migration (so following the migration instructions).
>> 
>> I haven’t seen any traffic on this issue. Does that mean hardly anyone
>> is on 12.3? Is anyone running on 12.3? Am I simply one of the first
>> who will be taking the plunge?
> 
> I'm on 12.3 for a while now, on an M1 system. I simply haven't noticed
> any problems, and I'm using a bit of Python here and there. Seems to me
> that most things have moved to Python 3 and it's just not a big problem
> anymore.
> 
> -- 
> Clemens

macOS 12.3 and /usr/bin/python. Status?

[Gerben Wierda via macports-users]

I’m about to take the plunge and move one of my systems to macOS 12.3 (which 
removes /usr/bin/python). I am going to consider that a MacPorts major 
migration (so following the migration instructions).

I haven’t seen any traffic on this issue. Does that mean hardly anyone is on 
12.3? Is anyone running on 12.3? Am I simply one of the first who will be 
taking the plunge?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: code signing and the future of MacPorts

[Gerben Wierda via macports-users]

Additionally, I was thinking that the binary downloads of ports might be 
codesigned. That would prevent people from all having to buy a certificate 
themselves (and self-signed is not really an option, these are generally 
ignored, maybe not if you mark them as trusted). You can of course also create 
your own PKI and add its root cert as trusted in your own systems. There are a 
few avenues here.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 11 Mar 2022, at 15:16, Gerben Wierda via macports-dev 
>  wrote:
> 
> I’ve recently moved from macOS Mojave with MacPorts to macOS Monterey with 
> MacPorts
> 
> I’ve had serious trouble with the application level firewall 
> (alf/socketfilterfw). I now suspect that one reason is that Apple is getting 
> stricter and stricter about only allowing binaries that have been code 
> signed. This might play more and more havoc with using open source e,g. via 
> MacPorts.
> 
> For instance, at this point, I cannot turn on socketfilterfw because it 
> blocks (in weird ways sometimes) my mail server. Even if I allow a certain 
> binary to run, socketfilterfw will report error like the “-67062’ error, 
> which stands for
> 
> % security error -67062
> Error: 0xFFFEFA0A -67062 code object is not signed at all
> 
> I’ve seen the socketfilterfw either block or not block in that situation. 
> There is  not discernible method. It seems macOS becomes more and more 
> unreliable when faced with unsigned apps, which is something that is the 
> default when using open source installs.
> 
> Apple itself signs everything. Even simple command line executables now have 
> an embedded signature:
> 
> gerben@hermione Downloads % codesign -v -d /bin/echo
> Executable=/bin/echo
> Identifier=com.apple.echo
> Format=Mach-O universal (x86_64 arm64e)
> CodeDirectory v=20400 size=583 flags=0x0(none) hashes=13+2 location=embedded
> Platform identifier=13
> Signature size=4442
> Signed Time=18 Dec 2021 at 18 December 01:20:02
> Info.plist=not bound
> TeamIdentifier=not set
> Sealed Resources=none
> Internal requirements count=1 size=64
> 
> There are more and more parts of macOS where the security screws are being 
> tightened more and more and code signing is a key element. 
> 
> I am therefore wondering if it will become necessary to add code signing to 
> the MacPorts install process, to support it in some way.
> 
> Gerben Wierda (LinkedIn )
> R IT Strategy  (main site)
> Book: Chess and the Art of Enterprise Architecture 
> 
> Book: Mastering ArchiMate 
> 

code signing and the future of MacPorts

[Gerben Wierda via macports-users]

I’ve recently moved from macOS Mojave with MacPorts to macOS Monterey with 
MacPorts

I’ve had serious trouble with the application level firewall 
(alf/socketfilterfw). I now suspect that one reason is that Apple is getting 
stricter and stricter about only allowing binaries that have been code signed. 
This might play more and more havoc with using open source e,g. via MacPorts.

For instance, at this point, I cannot turn on socketfilterfw because it blocks 
(in weird ways sometimes) my mail server. Even if I allow a certain binary to 
run, socketfilterfw will report error like the “-67062’ error, which stands for

% security error -67062
Error: 0xFFFEFA0A -67062 code object is not signed at all

I’ve seen the socketfilterfw either block or not block in that situation. There 
is  not discernible method. It seems macOS becomes more and more unreliable 
when faced with unsigned apps, which is something that is the default when 
using open source installs.

Apple itself signs everything. Even simple command line executables now have an 
embedded signature:

gerben@hermione Downloads % codesign -v -d /bin/echo
Executable=/bin/echo
Identifier=com.apple.echo
Format=Mach-O universal (x86_64 arm64e)
CodeDirectory v=20400 size=583 flags=0x0(none) hashes=13+2 location=embedded
Platform identifier=13
Signature size=4442
Signed Time=18 Dec 2021 at 18 December 01:20:02
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=64

There are more and more parts of macOS where the security screws are being 
tightened more and more and code signing is a key element. 

I am therefore wondering if it will become necessary to add code signing to the 
MacPorts install process, to support it in some way.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Running a mail server via MacPorts on macOS Monterey

[Gerben Wierda via macports-users]

I don’t, I did not find a way to do OD authentication from dovecot (and postfix 
relies on dovecot). I’d like to do that, though there is a disadvantage too in 
my case (solvable).

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 7 Mar 2022, at 14:33, Ben Greenfield via macports-users 
>  wrote:
> 
> Thanks for this outline. This has been on my todo list for a couple of years
> 
> I imagine you are using the host system’s Open Directory directory for 
> authentication.
> 
> Thanks,
> 
> Ben
> 
> 
> 
>> On Mar 4, 2022, at 7:12 PM, Steve Wardle via macports-users 
>> > <mailto:macports-users@lists.macports.org>> wrote:
>> 
>> I initially replied to Gerben off list but I am running my mail server on 
>> macOS 12.2.1.
>> 
>> Using macports packages for:
>>  postfix +dovecot_sasl +ldap +pcre +smtputf8 +tls
>>  amavisd-new
>>  clamav
>>  dovecot
>>  libmilter
>>  unbound +libevent
>>  certbot
>> 
>> Installing / building from source:
>>  opendkim
>>  opendmarc
>>  policyd-spf
>>  postfwd
>>  postwhite
>>  sshguard
>> 
>> Steve
>> 
>>> On 3 Mar 2022, at 13:38, Gerben Wierda via macports-users 
>>> >> <mailto:macports-users@lists.macports.org>> wrote:
>>> 
>>> Apart from Steven Smith, are there other users here that run a mail server 
>>> setup via MacPorts? And is already someone else running on Monterey?
>>> 
>>> I am and I’d like to link up to compare the situations, issues, etc. 
>>> 
>>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>>> R IT Strategy <https://ea.rna.nl/> (main site)
>>> Book: Chess and the Art of Enterprise Architecture 
>>> <https://ea.rna.nl/the-book/>
>>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>>> 
>> 
> 

Re: Running a mail server via MacPorts on macOS Monterey

[Gerben Wierda via macports-users]

Yes, I have considered VMs. Or move to containers. But as long as I can prevent 
having more than one OS to keep in control, I will do so.

The big issue for me apart from minimising what I need to be in carol of is 
that I need this to survive a reboot completely (e.g. if I’m away for 3 weeks 
and something happens, I must be certain it all runs again without my 
intervention). I even created a setup to do the docker stuff (start a virtual 
box docker machine at boot without any need to be logged in). See Gerben Wierda 
/ macOS-manage-docker-machines 
<https://gitlab.com/gctwnl/rnadockermachineonmacmanager> on GitLab.

But what I never got around to my time is limited) is making sure the docker 
stuff (or docker machines) were routed. And as long as my setup kept working 
there was not enough need.

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 5 Mar 2022, at 14:56, Ralph Seichter via macports-users 
>  wrote:
> 
> * Gerben Wierda via macports-users:
> 
>> Apart from Steven Smith, are there other users here that run a mail
>> server setup via MacPorts? And is already someone else running on
>> Monterey?
> 
> While MacPorts provides the necessary ports for running a mail server on
> macOS, I'd suggest an alternative approach if you are dead set on using
> a Mac as the server machine. As mentioned here before, Apple is not
> making it easy to use regular macOS for server use, and this seems to be
> a deliberate decision on their end.
> 
> Have you considered running the mail server components in virtual
> machines (e.g. VirtualBox) or, even better, as a Docker/Containerd
> service stack? This method isolates Postfix, Dovecot et al from the
> underlying macOS, and the service Docker images can use Ubuntu, Debian,
> or whichever Linux you fancy.
> 
> I have introduced a Docker-based service infrastructure for a major mail
> service provider in Germany, catering for hundreds of thousands of users
> and millions of emails per day. While the production hardware is of
> course beefy, I develop and run the very same Docker images on my
> MacBook Pro.
> 
> -Ralph

Running a mail server via MacPorts on macOS Monterey

[Gerben Wierda via macports-users]

Apart from Steven Smith, are there other users here that run a mail server 
setup via MacPorts? And is already someone else running on Monterey?

I am and I’d like to link up to compare the situations, issues, etc. 

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Is this git handling of a problem on my macports-ports fork OK?

[Gerben Wierda via macports-users]

Thanks.

> On 22 Feb 2022, at 17:14, Justin  wrote:
> 
> Personally, I try to make sure that regular-merges are the norm, and 
> rebase/reset is the exceptional case.  Once you use rebase, you typically 
> need to use force-push, and once you start using force-push regularly, it is 
> easy to lose commits because you force push and actually lose something on 
> the remote that you didn't incorporate into the local push-source.
> 
> If you never commit to your local master (or origin/master), it will never 
> diverge from upstream/master, and the reset/push --force will not be 
> necessary.
> 
> I don't think you comments match what is being done:
> 
> git checkout master # switch to local branch master
> git pull upstream master # fetch upstream master and merge upstream/master 
> into current branch
> # does not: overwrite my local master with remote upstream/master

Yes, the comment is wrong. After all I had just checked out master. But I have 
been advised a pull is not enough, I should first do a fetch.

> git reset --hard upstream/master # move local branch to point to 
> upstream/master
> git push origin master --force # push master branch back to fork's master
> portindex
> 
> These instructions would be (kind of) correct if you think the origin/master 
> branch or local master branch might diverge from upstream/master. 

Yes. Before I update my master with the upstream, I need to work with it as is. 
Or I need to update any branch I work on from the upstream master. In both 
cases I have too many things that change concurrently and things that go wrong 
are then impossible to catch.

> However, even then, you have a pull (which merges), then a reset (which 
> discards).  That is, either:
> 
> git checkout master ; git pull upstream master ; git push
> 
> or:
> 
> git checkout master ; git fetch upstream ; git reset --hard upstream/master ; 
> git push --force origin master
> 
> The reset/force-push is a bit contradictory: the instructions indicate that 
> something might have been added to the master branch, but it is being 
> discarded.  Why would something be added to the master branch if it should 
> not be retained. 

It is just to be 100% certain that my master reflects upstream master

> Also, why pull (merge) if the next step is going to reset --hard.  If the 
> branches have diverged, you might have a merge conflict.
> 
> The "git push --force" would close an open PR if the PR's branch was your 
> master branch (since origin/master and upstream/master are the same, the PR 
> would be closed).  Otherwise, I don't see how pushing to master would affect 
> PRs on non-master branches.
> 
> My approach:
> 
> a) Never commit to your fork's master (besides pull from upstream)
> b) Always push your changes to fork's branch(es)
> c) PRs from fork branch

That is what I do. But I cannot always have my own master be exactly like the 
upstream because of the ’too many changes and I’ll never find what causes it'

> 
> A periodic "git checkout master && git pull upstream master && git push" 
> should keep fork's master branch up-to-date.

Should there not be a fetch somewhere?

> 
> As to whether you local git repo is ok:
> 
> - Check "git status" does not show anything modified (or not checked in)
> - Once you see everything is checked in, "git diff upstream/master" will show 
> diffs between local commit
> - "git rev-parse HEAD upstream/master" will show the SHAs of you local branch 
> and upstream/master.  It seems like you want them to be the same.
> 
> -Justin
> 
> On 2/19/22 07:59, Gerben Wierda via macports-users wrote:
>> I have my own fork of macports-ports in case I want to do maintenance. 
>> Getting a clean local clone for me means:
>> 
>> # First, do an update of macports base only (does not update the ports tree):
>> 
>> sudo port selfupdate --no-sync
>> 
>> # Updating the master of my fork from the master of the original:
>> 
>> git checkout master  # Go to branch master in my local clone
>> git pull upstream master # Update my local clone master from the 
>> master of the remote upstream
>>  # (overwrites my local master with 
>> remote github/macports/master)
>> git reset --hard upstream/master # Resets index and working tree of 
>> local clone/master from remote upstream
>> git push origin master --force   # Push local clone 
>> (~/MacPortsDev/macports-ports) master back
>>  # to my own remote fork 
>> (github/gctwnl/macports-ports)
>>  # NOTE: this closes a

Re: Understaning rleaves, rdepof

[Gerben Wierda via macports-users]

> On 20 Feb 2022, at 19:01, Joshua Root  wrote:
> 
> Gerben Wierda wrote:
> 
>> So, how would you go about finding the ports on which what is actually 
>> installed depends?
>> 
>> E.g.: if I have dovecot+solr8 installed, how would I find out which ports 
>> dovecot truly depends on on my system?
> 
> Is there a reason that information is required apart from curiosity? MacPorts 
> won't install anything you didn't ask for unless it's a dependency of 
> something you did ask for, and if you try to uninstall something that is 
> still needed by something else, it will complain.

I’e been hit with MacPorts hosing my setup when cleaning a while back so I’ve 
become pretty fearful/careful. It’s in the archives of this mailing list.

So, when I want to clear/uninstall something, I want to check if I do not break 
something and MacPorts turned out to be not perfectly safe on that front.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> 
> 'port deps dovecot and installed' will usually work, though it uses the 
> current Portfile, so if the port is outdated the dependencies could have 
> changed. Use rdeps instead of deps if you want all recursive dependencies, 
> and use the --no-build option with either action to exclude dependencies only 
> needed at build time.
> 
> - Josh
> 

Re: Is this git handling of a problem on my macports-ports fork OK?

[Gerben Wierda via macports-users]

I’m certainly not pushing to my master, if I create changes I use branches. I 
do a pull request from such a branch (rebased with an updated master from 
upstream)

It’s just that when I don’t have any work outstanding, I have a set of commands 
that creates a hard reset from upstream which is then pushed to my own fork on 
GitHub. Just to be on the safe side as git has too much rope to hang myself 
with.

Stuff like ‘—autostash' and ‘popping the stash’ is gobbledygook to me. git is 
just something that covers so many complex scenario’s and I am using it so 
little in those scenarios that most of it is simply out of my understanding. 

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 20 Feb 2022, at 18:37, Joshua Root  wrote:
> 
> Our suggested method of updating a fork is here: 
> 
> 
> Hopefully you're not committing to master locally, as that's just asking for 
> trouble. If you're not, no resetting or force pushing of master should be 
> necessary. If you have uncommitted local changes, you probably need to use 
> --autostash when rebasing. If there are conflicts, you resolve them when the 
> stash is popped at the end.
> 
> If you then create your PR branches starting from master, everything should 
> work pretty smoothly.
> 
> - Josh
> 

How do people use ManageSieve on macOS

[Gerben Wierda via macports-users]

I have a dovecot & dovecot-sieve running under MacPorts on my macOS ’server’. I 
do a very low tech maintenance on sieve, by using the cli on the server and 
edit sieve by hand for myself. I’d like to open this up to other users.

How do people use this from their macOS clients? For this, the ManageSieve 
protocol exists and this is implemented by dovecot-sieve, but other than 
installing roundcube and offering a web-based mail client that also supports 
ManageSieve, is there another way? A ManageSieve client that directly runs on 
the macOS client and interfaces with dovecot-sieve on the server?

After all, routing mail to different mailboxes better happens server-side so 
that all clients profit.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Understaning rleaves, rdepof

[Gerben Wierda via macports-users]

Interesting.

So, how would you go about finding the ports on which what is actually 
installed depends?

E.g.: if I have dovecot+solr8 installed, how would I find out which ports 
dovecot truly depends on on my system?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 30 Jan 2022, at 10:20, Ryan Schmidt  wrote:
> 
> On Jan 29, 2022, at 10:56, Richard L. Hamilton wrote:
>> 
>> But looking at the dovecot Portfile, it seems the dependency on apache-solr8 
>> is specific to the +solr variant (which you have, to be sure). So assuming 
>> your installation isn't a bit confused somehow, maybe port isn't always 
>> smart about showing variant-specific dependencies.
>> 
>> That's just a guess, though; 
> 
> That's correct.
> 
>> On Jan 29, 2022, at 10:52, Gerben Wierda wrote:
>> 
>>> Thank you. That solves a lot of the mystery. I did encounter a small 
>>> mystery:
>>> 
>>> gerben@hermione ~ % port installed rdepof:dovecot 
> 
> "rdepof" determines the port's recursive dependencies based on the port's 
> default variants (which doesn't include +solr), not based on the variants 
> with which you have it installed.
> 
> I'm not sure if there's a form of this command that allows you to specify an 
> alternate set of variants.
> 
>>> The following ports are currently installed:
>>>  autoconf @2.71_1 (active)
>>>  automake @1.16.5_0 (active)
>>>  bison @3.8.2_2 (active)
>>>  bison-runtime @3.8.2_0 (active)
>>>  bzip2 @1.0.8_0 (active)
>>>  flex @2.6.4_0 (active)
>>>  gettext @0.21_0 (active)
>>>  gettext-runtime @0.21_0 (active)
>>>  gettext-tools-libs @0.21_0 (active)
>>>  libiconv @1.16_1 (active)
>>>  libtextstyle @0.21_0 (active)
>>>  libtool @2.4.6_13 (active)
>>>  lz4 @1.9.3_1 (active)
>>>  m4 @1.4.19_1 (active)
>>>  ncurses @6.3_0 (active)
>>>  openssl @3_2 (active)
>>>  openssl3 @3.0.1_0+legacy (active)
>>>  pkgconfig @0.29.2_0 (active)
>>>  xz @5.2.5_0 (active)
>>>  zlib @1.2.11_0 (active)
>>> gerben@hermione ~ % port installed rdependentof:apache-solr8
> 
> "rdependentof" consults your MacPorts registry to determine this information, 
> so it's based on what was recorded there when you installed the ports with 
> whatever variants you installed them with.
> 
>>> The following ports are currently installed:
>>>  dovecot @2.3.17_0+apns+solr (active)
>>> 
>>> Or, it seems port knows apache-solr8 is requested by dovecot but not the 
>>> other way around.
> 

Is this git handling of a problem on my macports-ports fork OK?

[Gerben Wierda via macports-users]

I have my own fork of macports-ports in case I want to do maintenance. 
Getting a clean local clone for me means:

# First, do an update of macports base only (does not update the ports tree):

sudo port selfupdate --no-sync

# Updating the master of my fork from the master of the original:

git checkout master # Go to branch master in my local clone
git pull upstream master# Update my local clone master from the 
master of the remote upstream
# (overwrites my local master with 
remote github/macports/master)
git reset --hard upstream/master# Resets index and working tree of 
local clone/master from remote upstream
git push origin master --force  # Push local clone 
(~/MacPortsDev/macports-ports) master back
# to my own remote fork 
(github/gctwnl/macports-ports)
# NOTE: this closes all open 
pull-requests!
portindex   # Tell macports to use this tree and 
update the macports index

Apparently, in the past UI have accidentally done some of this as root, so this 
failed because parts of the macports-ports clone were owned by root.

So, I did a chown -R on that tree and tried again, but now I get

albus:macports-ports sysbh$ git pull upstream master
From https://github.com/macports/macports-ports
 * branchmaster -> FETCH_HEAD
Updating e0a3df02c73..eca5c1226ee
error: Your local changes to the following files would be overwritten by merge:

_resources/port1.0/checks/implicit_function_declaration/macosx10.10.sdk.list

_resources/port1.0/checks/implicit_function_declaration/macosx10.11.sdk.list
…
error: The following untracked working tree files would be overwritten by merge:
aqua/qt5/files/patch-qtwebengine_gn_binary_path.diff
comms/s710/files/dynamic_lookup-11.patch

So I tried to do 

git reset --hard upstream/master

and apparently this did work as another pull did nothing. But before I push 
that back to my own clone: have I done anything wrong? Is my local tree in 
order now?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Understaning rleaves, rdepof

[Gerben Wierda via macports-users]

Thank you. That solves a lot of the mystery. I did encounter a small mystery:

gerben@hermione ~ % port installed rdepof:dovecot 
The following ports are currently installed:
  autoconf @2.71_1 (active)
  automake @1.16.5_0 (active)
  bison @3.8.2_2 (active)
  bison-runtime @3.8.2_0 (active)
  bzip2 @1.0.8_0 (active)
  flex @2.6.4_0 (active)
  gettext @0.21_0 (active)
  gettext-runtime @0.21_0 (active)
  gettext-tools-libs @0.21_0 (active)
  libiconv @1.16_1 (active)
  libtextstyle @0.21_0 (active)
  libtool @2.4.6_13 (active)
  lz4 @1.9.3_1 (active)
  m4 @1.4.19_1 (active)
  ncurses @6.3_0 (active)
  openssl @3_2 (active)
  openssl3 @3.0.1_0+legacy (active)
  pkgconfig @0.29.2_0 (active)
  xz @5.2.5_0 (active)
  zlib @1.2.11_0 (active)
gerben@hermione ~ % port installed rdependentof:apache-solr8
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)

Or, it seems port knows apache-solr8 is requested by dovecot but not the other 
way around.

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 29 Jan 2022, at 14:31, Richard L. Hamilton  wrote:
> 
> You're using it wrong. Try for example
> 
> port installed rdepends:xorg-libx11
> 
> Note the colon (no spaces) between depends and the port name. Same for 
> depends, depof, rdepof, and others; see the port man page for details.
> 
>> On Jan 29, 2022, at 07:20, Gerben Wierda via macports-users 
>> > <mailto:macports-users@lists.macports.org>> wrote:
>> 
>>> On 29 Jan 2022, at 11:45, Gerben Wierda via macports-users 
>>> >> <mailto:macports-users@lists.macports.org>> wrote:
>>> 
>>> I was cleaning up MacPorts on one system prior to an OS upgrade, and I 
>>> noticed
>>> 
>>> root@hermione LaunchDaemons # port list rleaves  
>>> root@hermione LaunchDaemons # port list rdepof xorg-libX11
>>> xorg-libX11@1.7.2  x11/xorg-libX11
>>> 
>>> Now, as I understand it rleaves are the ports that are in your landscape 
>>> that have nothing that depends on it. Accoriding to port there are no such 
>>> ports. So, the port xorg-libX11 should have some sort of a dependency. But 
>>> all my attempts to find it come up empty.
>>> 
>>> Cleaning up MacPorts remains a mystery to me. 
>> 
>> Adding to my confusion:
>> 
>> albus:MacPortsDev sysbh$ port installed depof dovecot
>> The following ports are currently installed:
>>   dovecot @2.3.17_0+apns+solr (active)
>> albus:MacPortsDev sysbh$ port installed rdepof dovecot
>> The following ports are currently installed:
>>   dovecot @2.3.17_0+apns+solr (active)
>> albus:MacPortsDev sysbh$ port installed rdepends dovecot
>> The following ports are currently installed:
>>   dovecot @2.3.17_0+apns+solr (active)
>> albus:MacPortsDev sysbh$ port installed dependentof dovecot
>> The following ports are currently installed:
>>   dovecot @2.3.17_0+apns+solr (active)
>> albus:MacPortsDev sysbh$ port installed rdependentof dovecot
>> The following ports are currently installed:
>>   dovecot @2.3.17_0+apns+solr (active)
>> 
>> Same for postfix for instance. Now, whatever pseudo-portname I give, the 
>> answer is always only the port itself. That cannot be right.
>> 
>>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>>> R IT Strategy <https://ea.rna.nl/> (main site)
>>> Book: Chess and the Art of Enterprise Architecture 
>>> <https://ea.rna.nl/the-book/>
>>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> -- 
> eMail:mailto:rlha...@smart.net 
> <mailto:rlha...@smart.net>
> 
> 
> 
> 

Re: Warning: The macOS 12 SDK does not appear to be installed. Ports may not build correctly.

[Gerben Wierda via macports-users]

That was it. Thank you.

Gerben 


> On 29 Jan 2022, at 14:37, Richard L. Hamilton  wrote:
> 
> Have you tried https://trac.macports.org/wiki/ProblemHotlist#reinstall-clt 
> <https://trac.macports.org/wiki/ProblemHotlist#reinstall-clt>
> 
> 
>> On Jan 29, 2022, at 07:46, Gerben Wierda via macports-users 
>> > <mailto:macports-users@lists.macports.org>> wrote:
>> 
>> On a freshly updated macOS Monterey (Xcode updated, xcode-select install has 
>> run (but reported it was already installed) I get warnings that the macOS 12 
>> SDK has not been installed on some ports, e.g.:
>> 
>> --->  Computing dependencies for tiff
>> --->  Fetching archive for tiff
>> --->  Attempting to fetch tiff-4.3.0_0.darwin_21.x86_64.tbz2 from 
>> https://packages.macports.org/tiff <https://packages.macports.org/tiff>
>> --->  Attempting to fetch tiff-4.3.0_0.darwin_21.x86_64.tbz2.rmd160 from 
>> https://packages.macports.org/tiff <https://packages.macports.org/tiff>
>> --->  Installing tiff @4.3.0_0
>> --->  Activating tiff @4.3.0_0
>> --->  Cleaning tiff
>> Warning: The macOS 12 SDK does not appear to be installed. Ports may not 
>> build correctly.
>> Warning: You can install it as part of the Xcode Command Line Tools package 
>> by running `xcode-select --install'.
>> --->  Computing dependencies for xorg-xcb-proto
>> --->  Dependencies to be installed: autoconf m4 automake python38 openssl
>> --->  Fetching archive for m4
>> --->  Attempting to fetch m4-1.4.19_1.darwin_21.x86_64.tbz2 from 
>> https://packages.macports.org/m4 <https://packages.macports.org/m4>
>> --->  Attempting to fetch m4-1.4.19_1.darwin_21.x86_64.tbz2.rmd160 from 
>> https://packages.macports.org/m4 <https://packages.macports.org/m4>
>> --->  Installing m4 @1.4.19_1
>> --->  Activating m4 @1.4.19_1
>> --->  Cleaning m4
>> 
>> --->  Fetching archive for unbound
>> --->  Attempting to fetch unbound-1.14.0_0.darwin_21.x86_64.tbz2 from 
>> https://packages.macports.org/unbound <https://packages.macports.org/unbound>
>> --->  Attempting to fetch unbound-1.14.0_0.darwin_21.x86_64.tbz2.rmd160 from 
>> https://packages.macports.org/unbound <https://packages.macports.org/unbound>
>> --->  Installing unbound @1.14.0_0
>> --->  Activating unbound @1.14.0_0
>> --->  Cleaning unbound
>> Warning: The macOS 12 SDK does not appear to be installed. Ports may not 
>> build correctly.
>> Warning: You can install it as part of the Xcode Command Line Tools package 
>> by running `xcode-select --install'.
>> --->  Computing dependencies for xorg-libxcb
>> 
>> No idea why these give the warning and also not clear to me for which port 
>> the warning actually holds (i.e. ‘Cleaning tiff’ or 'Computing dependencies 
>> for xorg-xcb-proto’)
>> 
>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>> R IT Strategy <https://ea.rna.nl/> (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> <https://ea.rna.nl/the-book/>
>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> 
> 
> -- 
> eMail:mailto:rlha...@smart.net 
> <mailto:rlha...@smart.net>
> 
> 
> 
> 

Warning: The macOS 12 SDK does not appear to be installed. Ports may not build correctly.

[Gerben Wierda via macports-users]

On a freshly updated macOS Monterey (Xcode updated, xcode-select install has 
run (but reported it was already installed) I get warnings that the macOS 12 
SDK has not been installed on some ports, e.g.:

--->  Computing dependencies for tiff
--->  Fetching archive for tiff
--->  Attempting to fetch tiff-4.3.0_0.darwin_21.x86_64.tbz2 from 
https://packages.macports.org/tiff
--->  Attempting to fetch tiff-4.3.0_0.darwin_21.x86_64.tbz2.rmd160 from 
https://packages.macports.org/tiff
--->  Installing tiff @4.3.0_0
--->  Activating tiff @4.3.0_0
--->  Cleaning tiff
Warning: The macOS 12 SDK does not appear to be installed. Ports may not build 
correctly.
Warning: You can install it as part of the Xcode Command Line Tools package by 
running `xcode-select --install'.
--->  Computing dependencies for xorg-xcb-proto
--->  Dependencies to be installed: autoconf m4 automake python38 openssl
--->  Fetching archive for m4
--->  Attempting to fetch m4-1.4.19_1.darwin_21.x86_64.tbz2 from 
https://packages.macports.org/m4
--->  Attempting to fetch m4-1.4.19_1.darwin_21.x86_64.tbz2.rmd160 from 
https://packages.macports.org/m4
--->  Installing m4 @1.4.19_1
--->  Activating m4 @1.4.19_1
--->  Cleaning m4

--->  Fetching archive for unbound
--->  Attempting to fetch unbound-1.14.0_0.darwin_21.x86_64.tbz2 from 
https://packages.macports.org/unbound
--->  Attempting to fetch unbound-1.14.0_0.darwin_21.x86_64.tbz2.rmd160 from 
https://packages.macports.org/unbound
--->  Installing unbound @1.14.0_0
--->  Activating unbound @1.14.0_0
--->  Cleaning unbound
Warning: The macOS 12 SDK does not appear to be installed. Ports may not build 
correctly.
Warning: You can install it as part of the Xcode Command Line Tools package by 
running `xcode-select --install'.
--->  Computing dependencies for xorg-libxcb

No idea why these give the warning and also not clear to me for which port the 
warning actually holds (i.e. ‘Cleaning tiff’ or 'Computing dependencies for 
xorg-xcb-proto’)

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Understaning rleaves, rdepof

[Gerben Wierda via macports-users]

> On 29 Jan 2022, at 11:45, Gerben Wierda via macports-users 
>  <mailto:macports-users@lists.macports.org>> wrote:
> 
> I was cleaning up MacPorts on one system prior to an OS upgrade, and I noticed
> 
> root@hermione LaunchDaemons # port list rleaves  
> root@hermione LaunchDaemons # port list rdepof xorg-libX11
> xorg-libX11@1.7.2  x11/xorg-libX11
> 
> Now, as I understand it rleaves are the ports that are in your landscape that 
> have nothing that depends on it. Accoriding to port there are no such ports. 
> So, the port xorg-libX11 should have some sort of a dependency. But all my 
> attempts to find it come up empty.
> 
> Cleaning up MacPorts remains a mystery to me. 

Adding to my confusion:

albus:MacPortsDev sysbh$ port installed depof dovecot
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)
albus:MacPortsDev sysbh$ port installed rdepof dovecot
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)
albus:MacPortsDev sysbh$ port installed rdepends dovecot
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)
albus:MacPortsDev sysbh$ port installed dependentof dovecot
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)
albus:MacPortsDev sysbh$ port installed rdependentof dovecot
The following ports are currently installed:
  dovecot @2.3.17_0+apns+solr (active)

Same for postfix for instance. Now, whatever pseudo-portname I give, the answer 
is always only the port itself. That cannot be right.

> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture 
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

Understaning rleaves, rdepof

[Gerben Wierda via macports-users]

I was cleaning up MacPorts on one system prior to an OS upgrade, and I noticed

root@hermione LaunchDaemons # port list rleaves  
root@hermione LaunchDaemons # port list rdepof xorg-libX11
xorg-libX11@1.7.2  x11/xorg-libX11

Now, as I understand it rleaves are the ports that are in your landscape that 
have nothing that depends on it. Accoriding to port there are no such ports. 
So, the port xorg-libX11 should have some sort of a dependency. But all my 
attempts to find it come up empty.

Cleaning up MacPorts remains a mystery to me. 


Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Use of java (specifically on older macOS)

[Gerben Wierda via macports-users]

I’m getting back to this because (a) I’m still confused and (b) I had a local 
disaster which kept me form getting back to it

> On 13 Dec 2021, at 04:02, Steven Smith  wrote:
> 
> Java figures out which version to use from JAVA_HOME or 
> /Library/Java/JavaVirtualMachines. Are you sure that’s not a MacPorts version?

Actually, both my machines have Oracle Java 8 version 311 installed it turns 
out. On both systems the Java panel started via System Preferences says it is 
“Java 8 version 311”. This version, it seems, will get Oracle patches until 
2030 (https://en.wikipedia.org/wiki/Java_version_history). But these are only 
installed as Internet Plugins

gerben@hermione Contents % /Library/Internet\ 
Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -version 
java version "1.8.0_311"
Java(TM) SE Runtime Environment (build 1.8.0_311-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode)

Neither machine has MacPorts openjdk so far. I was asking all of this because I 
was looking into my Java situation. 

But...

on Mojave:
albus:~sysbh$ which java
/usr/bin/java

albus:~ sysbh$ `which java` -version
java version "12.0.2" 2019-07-16
Java(TM) SE Runtime Environment (build 12.0.2+10)
Java HotSpot(TM) 64-Bit Server VM (build 12.0.2+10, mixed mode, sharing)

albus:~ sysbh$ ls -l /usr/bin/java
lrwxr-xr-x  1 root  wheel  74 Aug 10  2019 /usr/bin/java -> 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

(10 aug 2019 last symlink creation. By whom? My guess was this was still Apple)

albus:~ sysbh$ ls -l /Library/Java/JavaVirtualMachines/
total 0
drwxr-xr-x  3 root  wheel  96 Sep  8  2019 jdk-12.0.2.jdk


on Catalina:
gerben@hermione ~ % which java
/usr/bin/java

gerben@hermione ~ % `which java` -version
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

gerben@hermione ~ % ls -l /usr/bin/java
lrwxr-xr-x  1 root  wheel  74 Jan  2  2021 /usr/bin/java -> 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

(Jan 2 2021 last symlink creation. By whom? My guess: still Apple)

gerben@hermione ~ % ls -l 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java
-rwxr-xr-x  1 root  wheel  38880 Sep 21  2020 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

gerben@hermione ~ % ls -l /Library/Java/JavaVirtualMachines 
total 0
drwxr-xr-x@ 3 root  wheel  96 Aug 24  2013 jdk1.7.0_25.jdk

Now I am completely confused. Both systems should have Oracle Java 8 installed, 
version 311. But the older system has Java 12 and the newer system has Java 7??

But it doesn’t explain stuff like a Sep 21 2020 java binary that is version 7.

And both are not the same binary:

gerben@hermione Contents % 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java 
-version
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
gerben@hermione Contents % 
/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/bin/java 
-version 
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
gerben@hermione Contents % cmp 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java 
/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/bin/java
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java 
/Library/Java/JavaVirtualMachines/jdk1.7.0_25.jdk/Contents/Home/bin/java 
differ: char 12, line 1

So far my guess is that those non-recently-updated-Oracle-java8’s are 
leftovers, e.g. from older iTunes-related software (which, as it was for both 
Windows and macOS was probably fully java).

One of those leftovers has been picked up as the java to use by MacPorts 
apache-solr8

Basically, this means I probably should try to clean out those old java’s and 
make sure solr8 uses a recent one. Maybe move to openjdk via MacPorts.

G

PS. Apple still ships (embedded) javas. E.g.

gerben@hermione ~ % 
/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/itms/java/bin/java
 -version
openjdk version "14.0.2" 2020-07-14
OpenJDK Runtime Environment 14.0.2-5906ce1373 (build 14.0.2+12-iTunesOpenJDK-5)
OpenJDK 64-Bit Server VM 14.0.2-5906ce1373 (build 14.0.2+12-iTunesOpenJDK-5, 
mixed mode)

or 

gerben@hermione ~ % '/Applications/iTunes 
Producer.app/Contents/itms/java/bin/java' -version
openjdk version "1.7.0-internal"
OpenJDK Runtime Environment (build 1.7.0-internal-root_2015_05_12_09_52-b00)
OpenJDK 64-Bit Server VM (build 24.80-b07, mixed mode)

(That one also has an older log4j…). Seems even Apple has its problems with LCM.

Re: Any ports use log4j 2?

[Gerben Wierda via macports-users]

I see in GitHub that the mitigation for apache-solr8 has already been added 
(together with the 0.8.11 update). Great work!

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 14 Dec 2021, at 15:36, Gerben Wierda via macports-users 
>  wrote:
> 
> It is super scary.
> 
> Apache solr8 is vulnerable. There is no 0.8.11 yet. Mitigation required:
> 
>   • (Linux/MacOS) Edit your solr.in.sh file to include: 
> SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
> 
> 
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture 
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> 
>> On 11 Dec 2021, at 18:24, Richard L. Hamilton > <mailto:rlha...@smart.net>> wrote:
>> 
>> CVE-2021-44228 sounds kinda scary!
>> 
>> -- 
>> eMail:   mailto:rlha...@smart.net 
>> <mailto:rlha...@smart.net>
>> 
>> 
>> 
>> 
> 

Re: Any ports use log4j 2?

[Gerben Wierda via macports-users]

It is super scary.

Apache solr8 is vulnerable. There is no 0.8.11 yet. Mitigation required:

• (Linux/MacOS) Edit your solr.in.sh file to include: 
SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"


Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 11 Dec 2021, at 18:24, Richard L. Hamilton  wrote:
> 
> CVE-2021-44228 sounds kinda scary!
> 
> -- 
> eMail:mailto:rlha...@smart.net 
> 
> 
> 
> 
> 

Use of java (specifically on older macOS)

[Gerben Wierda via macports-users]

While looking at my systems because of the log4j security issues I noticed the 
following:

I am running solr8 as part of my MacPorts mail server setup and it shows up 
like this:

$ ps laxww|grep java
  504 50615 50613   0  20  0  7594340 1316684 -  S  ??   97:31.56 
/usr/bin/java -server -Xms1g -Xmx1g -XX:+UseG1GC -XX:+PerfDisableSharedMem 
-XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages 
-XX:+AlwaysPreTouch -XX:+ExplicitGCInvokesConcurrent 
-Xlog:gc*:file=/opt/local/var/solr/logs/solr_gc.log:time,uptime:filecount=9,filesize=20M
 -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes= 
-Dsolr.log.dir=/opt/local/var/solr/logs -Djetty.port=8983 -DSTOP.PORT=7983 
-DSTOP.KEY=solrrocks -Duser.timezone=UTC -XX:-OmitStackTraceInFastThrow 
-XX:OnOutOfMemoryError=/opt/local/share/java/solr-8.9.0/bin/oom_solr.sh 8983 
/opt/local/var/solr/logs -Djetty.home=/opt/local/share/java/solr-8.9.0/server 
-Dsolr.solr.home=/opt/local/var/solr -Dsolr.data.home=/opt/local/var/db/solr 
-Dsolr.install.dir=/opt/local/share/java/solr-8.9.0 
-Dsolr.default.confdir=/opt/local/share/java/solr-8.9.0/server/solr/configsets/_default/conf
 -Xss256k -jar start.jar --module=http

Which means that MacPorts solr8 runs using macOS native java and not one from 
MacPorts itself. I thought the MacPorts stuff was supposed to be fully 
independent (except for Xcode).

$ java -version
java version "12.0.2" 2019-07-16
Java(TM) SE Runtime Environment (build 12.0.2+10)
Java HotSpot(TM) 64-Bit Server VM (build 12.0.2+10, mixed mode, sharing)

$ ls -l /usr/bin/java
lrwxr-xr-x  1 root  wheel  74 Aug 10  2019 /usr/bin/java -> 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

$ ls -l 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java
-rwxr-xr-x  1 root  wheel  58336 Jul 11 07:48 
/System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java

That java is starting to get old, the last update was the last Security Update 
from macOS Mojave

I also have Oracle Java SE 8 installed:

$ /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java 
-version
java version "1.8.0_311"
Java(TM) SE Runtime Environment (build 1.8.0_311-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode)

Basically, I am rather confused about java numbering. I know I have the latest 
Oracle Java install and that my macOS Mojave version had its last update in the 
summer of 2021. I am also somewhat confused about MacPorts using the standard 
macOS Java which has a higher number but is an older version.

Can somebody enlighten me?

And shouldn’t ports that use java not depend on a java that comes with (old, 
outdated) java’s in macOS? But install and use an open source version instead? 
Or use the one from Oracle if available?

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

New ticket: mono will not compile on macOS Monterey on M1 hardware

[Gerben Wierda via macports-users]

Ticket #64059 

Mono fails to compile:

:info:build   CC   libmonoutils_la-lock-free-alloc.lo
:info:build mono-context.c:422:24: error: no member named '__r' in 'struct 
__darwin_arm_thread_state64'
:info:build memcpy (>regs, _REG_R0 (my_uc), sizeof 
(host_mgreg_t) * 16);
:info:build 
~~^~~~
:info:build ./mono-sigcontext.h:384:72: note: expanded from macro 
'UCONTEXT_REG_R0'
:info:build #define UCONTEXT_REG_R0(ctx) 
(((ucontext_t*)(ctx))->uc_mcontext->__ss.__r[0])
:info:build 
  ^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_string.h:63:33:
 note: expanded from macro 'memcpy'
:info:build __builtin___memcpy_chk (dest, __VA_ARGS__, 
__darwin_obsz0 (dest))
:info:build   ^~~
:info:build mono-context.c:424:24: error: no member named '__fs' in 'struct 
__darwin_mcontext64'
:info:build memcpy (>fregs, UCONTEXT_REG_VFPREGS (my_uc), sizeof 
(double) * 16);
:info:build 
~~^~~
:info:build ./mono-sigcontext.h:398:81: note: expanded from macro 
'UCONTEXT_REG_VFPREGS'
:info:build #define UCONTEXT_REG_VFPREGS(ctx) 
(double*)(((ucontext_t*)(ctx))->uc_mcontext->__fs.__r)
:info:build 
   ^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_string.h:63:33:
 note: expanded from macro 'memcpy'
:info:build __builtin___memcpy_chk (dest, __VA_ARGS__, 
__darwin_obsz0 (dest))
:info:build   ^~~
:info:build mono-context.c:450:11: error: no member named '__r' in 'struct 
__darwin_arm_thread_state64'
:info:build memcpy (_REG_R0 (my_uc), >regs, sizeof 
(host_mgreg_t) * 12);
:info:build 
~^
:info:build ./mono-sigcontext.h:384:72: note: expanded from macro 
'UCONTEXT_REG_R0'
:info:build #define UCONTEXT_REG_R0(ctx) 
(((ucontext_t*)(ctx))->uc_mcontext->__ss.__r[0])
:info:build 
  ^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_string.h:63:27:
 note: expanded from macro 'memcpy'
:info:build __builtin___memcpy_chk (dest, __VA_ARGS__, 
__darwin_obsz0 (dest))
:info:build ^~~~
:info:build mono-context.c:450:11: error: no member named '__r' in 'struct 
__darwin_arm_thread_state64'
:info:build memcpy (_REG_R0 (my_uc), >regs, sizeof 
(host_mgreg_t) * 12);
:info:build 
~^
:info:build ./mono-sigcontext.h:384:72: note: expanded from macro 
'UCONTEXT_REG_R0'
:info:build #define UCONTEXT_REG_R0(ctx) 
(((ucontext_t*)(ctx))->uc_mcontext->__ss.__r[0])
:info:build 
  ^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_string.h:63:62:
 note: expanded from macro 'memcpy'
:info:build __builtin___memcpy_chk (dest, __VA_ARGS__, 
__darwin_obsz0 (dest))
:info:build
^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_common.h:38:55:
 note: expanded from macro '__darwin_obsz0'
:info:build #define __darwin_obsz0(object) __builtin_object_size (object, 0)
:info:build   ^~
:info:build mono-context.c:452:10: error: no member named '__fs' in 'struct 
__darwin_mcontext64'
:info:build memcpy (UCONTEXT_REG_VFPREGS (my_uc), >fregs, sizeof 
(double) * 16);
:info:build 
^
:info:build ./mono-sigcontext.h:398:81: note: expanded from macro 
'UCONTEXT_REG_VFPREGS'
:info:build #define UCONTEXT_REG_VFPREGS(ctx) 
(double*)(((ucontext_t*)(ctx))->uc_mcontext->__fs.__r)
:info:build 
   ^
:info:build 
/Library/Developer/CommandLineTools/SDKs/MacOSX12.sdk/usr/include/secure/_string.h:63:27:
 note: expanded from macro 'memcpy'
:info:build __builtin___memcpy_chk (dest, __VA_ARGS__, 
__darwin_obsz0 (dest))
:info:build ^~~~
:info:build mono-context.c:452:10: error: no member named '__fs' in 'struct 
__darwin_mcontext64'
:info:build memcpy (UCONTEXT_REG_VFPREGS (my_uc), >fregs, sizeof 
(double) * 16);

M1/Monterey questions

[Gerben Wierda via macports-users]

I’ve just received a new Mac and it is the first one with M1 hardware. And of 
course it comes with macOS 12.

So, as sort of a first step, I downloaded the MacPorts Monterey package. When I 
ran that, macOS wanted to install rosetta, which I did. The installer launched. 
The installer tells me to do xcode-select —install, which I do as well before 
proceeding.

Anyway, my two questions:
- How much of MacPorts is now available as M1-native? Apparently the installer 
itself isn’t?
- I migrated everything except ‘MacPorts’ from an old Mac running Big Sur using 
Migration Assistant. Then I installed MacPorts form the package. But It seems 
the migration actually moved the old stuff from /opt/local to the new Mac/. How 
did that happen? I was expecting a new fresh empty MacPorts. Is it best to 
remove /opt/local and start all over again?

Thanks,

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

libsdl2 port question

[Gerben Wierda via macports-users]

I was just curious: why does the libsdl2 port which is at version 2.0.16 
install 2.0.0 libraries? How does that happen? Just learning.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

[Gerben Wierda via macports-users]

I contacted NLNet Labs, they updated their certs which made NSD fetch on Mojave 
work again for me.

Somewhere during my tests accidentally OpenSSL was activated on my machine (a 
destroot on nsd 4.3.8 maybe?), which killed all the installed ports that were 
dependent on an opensll 1.1.1 dylib (which had been made inaccessible), so 
suddenly a lot of programs couldn’t start anymore (Abort 6) because the dylib 
wasn’t there. That kind of forced me to do a quick update of everything.

So I updated NSD to 4.3.8 and created a pull request for it (as the existing 
MacPorts version 4.1.2 would not compile with OpenSSL3 which is now standard 
and I am an NSD maintainer)

That change has now been merged with MacPorts master (yes! yes! I did it 
correctly! I’m getting the hang of it!)

Everything NSD is back as it should be.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 8 Nov 2021, at 03:54, Dave Horsfall  wrote:
> 
> On Sun, 7 Nov 2021, Bill Cole wrote:
> 
>>> So I wonder how widespread this problem is?
>> 
>> The problem in this case is not the existence of the cert in the CA bundle, 
>> but the fact that this particular expired cert was used in an alternative 
>> validation path and the logic of verification for multi-path certs isn't 
>> correct. Normally, expired root CAs should stay in there because that allows 
>> positive non-verification of certs supposedly issued by an expired (and 
>> maybe compromised) root CA.
> 
> Gotcha; thanks.
> 
>>> And I'm not happy with those that are set way in the future; I heard 
>>> somewhere that 5 years is the recommended max.
>> 
>> CAs are special. The current limit on server certs is 397 days. I don't 
>> think there's a consensus on CA lifetimes because of the conflicting risks 
>> of too-short and too-long lives.
> 
> One day past a leap year :-)  I don't remember where I saw the 5-year 
> recommendation, unfortunately.
> 
> -- Dave

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

[Gerben Wierda via macports-users]

The reason is libcurl in Mojave which is less permissive than High Sierra.

Sent from my iPhone

> On 7 Nov 2021, at 03:08, Kastus Shchuka  wrote:
> 
> Something does not add up here.
> 
> High Sierra is older than Mojave, right? I can fetch sources of nsd on High 
> Sierra without any problems:
> 
> $ sudo port -d fetch nsd
> DEBUG: Copying /Users/pike/Library/Preferences/com.apple.dt.Xcode.plist to 
> /opt/local/var/macports/home/Library/Preferences
> DEBUG: Changing to port directory: 
> /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/net/nsd
> DEBUG: OS darwin/17.7.0 (macOS 10.13.6) arch i386
> DEBUG: adding the default universal variant
> DEBUG: Reading variant descriptions from 
> /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/_resources/port1.0/variant_descriptions.conf
> DEBUG: Running callback portconfigure::add_automatic_compiler_dependencies
> DEBUG: Finished running callback 
> portconfigure::add_automatic_compiler_dependencies
> DEBUG: Running callback portbuild::add_automatic_buildsystem_dependencies
> DEBUG: Finished running callback 
> portbuild::add_automatic_buildsystem_dependencies
> DEBUG: Running callback portstartupitem::add_notes
> DEBUG: Finished running callback portstartupitem::add_notes
> DEBUG: Attempting ln -sf 
> /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_nsd/nsd/work
>  
> /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/net/nsd/work
> DEBUG: dropping privileges: euid changed to 504, egid changed to 20.
> DEBUG: Starting logging for nsd @4.2.1_2
> DEBUG: macOS 10.13.6 (darwin/17.7.0) arch i386
> DEBUG: MacPorts 2.7.1
> DEBUG: Xcode 9.4.1
> DEBUG: SDK 10.13
> DEBUG: MACOSX_DEPLOYMENT_TARGET: 10.13
> DEBUG: Executing org.macports.main (nsd)
> DEBUG: dropping privileges: euid changed to 504, egid changed to 20.
> DEBUG: fetch phase started at Sat Nov  6 19:00:42 PDT 2021
> --->  Fetching distfiles for nsd
> DEBUG: elevating privileges for fetch: euid changed to 0, egid changed to 0.
> DEBUG: dropping privileges: euid changed to 504, egid changed to 20.
> DEBUG: Executing org.macports.fetch (nsd)
> --->  nsd-4.2.1.tar.gz does not exist in /opt/local/var/macports/distfiles/nsd
> --->  Attempting to fetch nsd-4.2.1.tar.gz from 
> http://distfiles.macports.org/nsd
>  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
> Dload  Upload   Total   SpentLeft  Speed
> 100 1118k  100 1118k0 0  3557k  0 --:--:-- --:--:-- --:--:-- 3563k
> $ ls -l /opt/local/var/macports/distfiles/nsd
> total 2240
> -rw-r--r--  1 macports  wheel  1145713 Nov  6 19:00 nsd-4.2.1.tar.gz
> 
> I have MacPorts installed from a package, I did not build it, so it is pretty 
> much standard. Neither I did anything to the system certificate chain.
> 
>> On Nov 6, 2021, at 5:43 AM, Ryan Schmidt  wrote:
>> 
>> 
>> 
>>> On Nov 6, 2021, at 05:39, Gerben Wierda wrote:
>>> 
>>> I was looking at updating nsd (for which I am maintaining and it is high 
>>> time)
>>> 
>>> But fetching failed on macOS Mojave (where I have my MacPorts setup).
>>> 
>>> :debug:fetch Executing org.macports.fetch (nsd)
>>> :info:fetch --->  nsd-4.3.8.tar.gz does not exist in 
>>> /opt/local/var/macports/distfiles/nsd
>>> :notice:fetch --->  Attempting to fetch nsd-4.3.8.tar.gz from 
>>> https://www.nlnetlabs.nl/downloads/nsd/
>>> :debug:fetch Fetching distfile failed: SSL certificate problem: certificate 
>>> has expired
>>> 
>>> Now, my main MacPorts dev/use machine is macOS Mojave so I suspect that is 
>>> the Mojave-doesn’t-get-root-cert-updates problem. So, I tried to do a port 
>>> fetch on Catalina, and there it works and the distribution is downloaded.
>>> 
>>> It is strange, though, because Safari on both Catalina (other machine) and 
>>> Mojave say the cert is fine. Still, it is most likely that this is a 
>>> problem that comes from still using Mojave.
>>> 
>>> Updating that machine will not happen until late December, so if I am to 
>>> maintain anything MacPorts, I need a fix to get this working again.
>>> 
>>> I have tried using curl on the Mojave machine, and that one works.
>>> 
>>> So, Safari works, curl works, but port does not work.
>>> 
>>> I tried copying /etc/ssl/cert.pem over to the Mojave machine, but that 
>>> doesn’t work either.
>> 
>> This is the "Let's Encrypt's old root certificate expired" problem described 
>> here:
>> 
>> https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
>> 
>> When you said "curl works but port does not work" that's not quite right. 
>> /opt/local/bin/curl and /opt/local/lib/libcurl.dylib work. /usr/bin/curl and 
>> /usr/lib/libcurl.dylib (the latter of which MacPorts uses by default) do not 
>> work for Let's Encrypt-protected sites anymore.
>> 
>> I, on High Sierra, have the same issue, and I have no solution for you. This 
>> issue 

port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

[Gerben Wierda via macports-users]

I was looking at updating nsd (for which I am maintaining and it is high time)

But fetching failed on macOS Mojave (where I have my MacPorts setup).

:debug:fetch Executing org.macports.fetch (nsd)
:info:fetch --->  nsd-4.3.8.tar.gz does not exist in 
/opt/local/var/macports/distfiles/nsd
:notice:fetch --->  Attempting to fetch nsd-4.3.8.tar.gz from 
https://www.nlnetlabs.nl/downloads/nsd/ 

:debug:fetch Fetching distfile failed: SSL certificate problem: certificate has 
expired

Now, my main MacPorts dev/use machine is macOS Mojave so I suspect that is the 
Mojave-doesn’t-get-root-cert-updates problem. So, I tried to do a port fetch on 
Catalina, and there it works and the distribution is downloaded.

It is strange, though, because Safari on both Catalina (other machine) and 
Mojave say the cert is fine. Still, it is most likely that this is a problem 
that comes from still using Mojave.

Updating that machine will not happen until late December, so if I am to 
maintain anything MacPorts, I need a fix to get this working again.

I have tried using curl on the Mojave machine, and that one works.

So, Safari works, curl works, but port does not work.

I tried copying /etc/ssl/cert.pem over to the Mojave machine, but that doesn’t 
work either.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: provide latest OS root certificates via port?

[Gerben Wierda via macports-users]

> On 29 Oct 2021, at 17:09, Bill Cole 
>  wrote:
> 
> Yes: Anyone running Mojave or earlier is not exactly skydiving without a 
> parachute, but is doing something close. Perhaps it's akin to skydiving with 
> a homemade parachute…


To be fair: given that Apple does not announce life cycle for older OS 
versions, they simply stop sending out security patches and you only find out 
ofter the fact, people running Mojave are in a slightly different situation.

It only became clear very recently that Apple had in fact stopped supporting 
Mojave because there was no Mojave version of the most recent security patch. 
And while they stop sending out security patches, they do send out updated 
Safari versions for instance, in other words, it is a bit of a mixed message.

G

Contributing to macports using your own git fork in combination with using 'port self update'

[Gerben Wierda via macports-users]

I have a local clone of a fork of GitHub/macports/macports-ports. This clone is 
used as repo by my port command. I have a fork so I can contribute.

When I want to update macports itself, the command is ‘port self update’. But 
‘port selfupdate’ also uses rsync to update my ports tree and that interferes 
with using git to stay in sync with upstream/master.

The way I can update my ports tree using git is:

# Updating the master of my fork from the master of the original:

git checkout master # Go to branch master in my local clone
git pull upstream master# Update my local clone master from the 
master of the remote upstream
# (overwrites my local master with 
remote github/macports/master)
git reset --hard upstream/master# Resets index and working tree of 
local clone/master from remote upstream
git push origin master --force  # Push local clone 
(~/MacPortsDev/macports-ports) master back
# to my own remote fork 
(github/gctwnl/macports-ports)
# NOTE: this closes all open 
pull-requests!
# username: gctwnl
# password: GitHub Token (in BitWarden)
portindex   # Tell macports to use this tree and 
update the macports index

Is there a way to do selfupdate on the base system only without messing with 
the ports tree, so the base system only? Or should I just run ‘port selfupdate’ 
and then use the above to do it again for the ports tree?

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Why does git branch -a

[Gerben Wierda via macports-users]

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 23 Oct 2021, at 12:13, Henning Hraban Ramm  wrote:
> 
> Hi Gerben!
> 
>> Am 23.10.2021 um 11:58 schrieb Gerben Wierda via macports-users 
>> :
>> 
>> # remotes:
>> #   upstream: github/macports/macports-ports is the original macports.org 
>> repo in github
>> #   origin: github/gctwnl/macports-ports is my FORK of 
>> github/macports/macports-ports on github
>> # local:
>> #   ~/MacPortsDev/macports-ports is the local CLONE of 
>> github/gctwnl/macports-ports
>> 
>> albus:macports-ports sysbh$ git branch -a
>>  dovecot-2.3.16
>> * master
>>  upstream
>>  remotes/origin/HEAD -> origin/master
>>  remotes/origin/dovecot-2.3.16
>>  remotes/origin/master
>>  remotes/origin/multiple-unbounds
>>  remotes/upstream/boost_1.72.0_update
>>  remotes/upstream/dar
>>  remotes/upstream/kencu-py-sphinxcontrib-svg2pdfconverter
>>  remotes/upstream/master
>>  remotes/upstream/py38-reproject
>>  remotes/upstream/wireshark3-3-0-5
>> 
>> But I do not fully understand the remotes/origin ones. Specifically: 
>> remotes/origin/multiple-unbounds. I did some work on unbound as well 
>> (enabling to run multiple parallel unbound resolvers from launchd) and this 
>> has been pulled into the main repository. When that had happened, I deleted 
>> my branch. Apparently I forgot to do something because it still shows up in 
>> remotes/origin. Why, though? What did I forget to do?
> 
> Origin is your fork of upstream, and when you deleted your local branch, you 
> apparently didn’t delete the same branch on origin.
> Each repository is independent.
> 

Yes, I’m reading this now. And I’ve also just read that to explicitly delete 
the remote branch I need to do

git push origin -d remote-branch-name

So, somewhat surprisingly (for me at least) is that to remove an origin branch 
I need the ‘git push’ command.

G

Why does git branch -a

[Gerben Wierda via macports-users]

Hello fellow macports users,

As I sometimes try to support stuff myself on macports (very little time for 
it, so only now and then and that means I tend to forget stuff…) I have created 
instructions for myself to get me back up to speed when it is time again to try 
to do some stuff with macports on git

For this, I have this snippet of documentation:

# Definitions
# remotes:
#   upstream: github/macports/macports-ports is the original macports.org repo 
in github
#   origin: github/gctwnl/macports-ports is my FORK of 
github/macports/macports-ports on github
# local:
#   ~/MacPortsDev/macports-ports is the local CLONE of 
github/gctwnl/macports-ports

# Updating the master of my fork from the master of the original:

git checkout master # Go to branch master in my local clone
git pull upstream master# Update my local clone master from the 
master of the remote upstream
# (overwrites my local master with 
remote github/macports/master)
git reset --hard upstream/master# Resets index and working tree of 
local clone/master from remote upstream
git push origin master --force  # Push local clone 
(~/MacPortsDev/macports-ports) master back
# to my own remote fork 
(github/gctwnl/macports-ports)
# NOTE: this closes all open 
pull-requests!
# username: gctwnl
# password: GitHub Token (in BitWarden)

When I today ran git branch -a  after that I got:

albus:macports-ports sysbh$ git branch -a
  dovecot-2.3.16
* master
  upstream
  remotes/origin/HEAD -> origin/master
  remotes/origin/dovecot-2.3.16
  remotes/origin/master
  remotes/origin/multiple-unbounds
  remotes/upstream/boost_1.72.0_update
  remotes/upstream/dar
  remotes/upstream/kencu-py-sphinxcontrib-svg2pdfconverter
  remotes/upstream/master
  remotes/upstream/py38-reproject
  remotes/upstream/wireshark3-3-0-5

I understand the first three: I’m on master, I still have the dovecot-2.3.16 
branch in my clone as I haven’t removed it yet. I used it a while back as part 
of work by a number of people updating dovecot. Dovecot is now also at 2.3.16 
in the main repo. I am going to clean that up (haven’t yet)
I also understand the 6 remotes/upstream entries at the end, these are branches 
in the main repo.
But I do not fully understand the remotes/origin ones. Specifically: 
remotes/origin/multiple-unbounds. I did some work on unbound as well (enabling 
to run multiple parallel unbound resolvers from launchd) and this has been 
pulled into the main repository. When that had happened, I deleted my branch. 
Apparently I forgot to do something because it still shows up in 
remotes/origin. Why, though? What did I forget to do?

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: How do i find missing dependents using the port command?

[Gerben Wierda via macports-users]

> On 28 Sep 2021, at 17:48, Bill Cole 
>  wrote:
> 
> On 2021-09-28 at 10:27:12 UTC-0400 (Tue, 28 Sep 2021 16:27:12 +0200)
> Gerben Wierda via macports-users 
> is rumored to have said:
> 
>> [snip]
>> 
>> What is the way to find this out using a port command?
> 
> In principle, 'port rdeps ' will show you a recursive tree of 
> dependencies for any port. Also, 'port rdependents ' will show you 
> all ports that are dependents (recursively) of any *installed* port.
> 
> In practice, those are sometimes not exactly correct, because they depend on 
> port maintainers noticing dependencies and stating them in the Portfile.  For 
> example, the error message you showed implies that certbot depends on chardet 
> indirectly via the acme package, but that is not reflected in the MacPorts 
> dependency map. The Changelog for certbot indicates that this dependency was 
> added upstream in v1.18.0 and removed in 1.19.0, so the current MacPorts 
> dependency map is correct not to show it NOW, but for most of August, that 
> dependency existed in the code but not in the Portfile.

So, the error appeared because I did the cleanup when that was the case. Quick 
fix: add py39-chardet and get certbot 1.18.0 working again. Real fix: update 
port definitions and then certbot (to 1.19.0)

(Have done the quick fix first because updating the tree and everything I am 
running requires proper attention)

Thanks,

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

How do i find missing dependents using the port command?

[Gerben Wierda via macports-users]

A while back I have done a lot of cleanup, using looking at dependents, 
reinstalling stuff so it no longer depends on, say, older versions of python, 
etc.

Now, recently I’ve started reaching certbot/letsencrypt warnings that my 
certificates are about to expire. I used to have a fully automatic setup that 
did the updates in the background. Apparently, that has died. And it turns out 
certbot doesn’t work anymore because some part of python is missing:

Traceback (most recent call last):
  File "/opt/local/bin/certbot", line 33, in 
sys.exit(load_entry_point('certbot==1.18.0', 'console_scripts', 
'certbot')())
  File "/opt/local/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/metadata.py",
 line 77, in load
module = import_module(match.group('module'))
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/__init__.py",
 line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1030, in _gcd_import
  File "", line 1007, in _find_and_load
  File "", line 986, in _find_and_load_unlocked
  File "", line 680, in _load_unlocked
  File "", line 850, in exec_module
  File "", line 228, in _call_with_frames_removed
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/main.py",
 line 2, in 
from certbot._internal import main as internal_main
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/_internal/main.py",
 line 23, in 
from certbot import crypto_util, configuration
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/crypto_util.py",
 line 34, in 
from certbot import interfaces
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/interfaces.py",
 line 14, in 
from certbot import configuration
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/configuration.py",
 line 8, in 
from certbot import util
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/util.py",
 line 24, in 
from certbot._internal import constants
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/certbot/_internal/constants.py",
 line 4, in 
import pkg_resources
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 3243, in 
def _initialize_master_working_set():
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 3226, in _call_aside
f(*args, **kwargs)
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 3255, in _initialize_master_working_set
working_set = WorkingSet._build_master()
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 568, in _build_master
ws.require(__requires__)
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 886, in require
needed = self.resolve(parse_requirements(requirements))
  File 
"/opt/local/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
 line 772, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'chardet' distribution was not found 
and is required by acme

Other than that the cleaning up has removed chardet. Looking at chardet in what 
is available, I find:

py39-cchardet @2.1.7 (python, devel, textproc)
cChardet is high speed universal character encoding detector.

py39-chardet @4.0.0 (python, devel, textproc)
Universal character encoding detector

I suspect I need the chardet extension.

What is the way to find this out using a port command? 

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: code::blocks and X11 via MacPorts: is this as it is supposed to be?

[Gerben Wierda via macports-users]

> On 13 Sep 2021, at 22:50, Eric Gallager  wrote:
> 
> Codeblocks has alternative variants that don't use X11 if X11 isn't
> working for you; try installing with the +wxwidgets30 variant instead
> of the +wxgtk30 variant.

The +wxgtk30 variant lacks functionality, it seems, and doesn’t work. E.g. 
installing it and trying to create a new project does not give you the choice 
to select an object type. All categories and such are empty. 

Back to the GTK variant, but that one doesn’t work fully either, but I guess it 
is an Apple thing because the problem is that it cannot create a directory for 
a project (so probably a rights issue)

(I’m testing this for someone else who has little technical skills)

G

> 
> On Sun, Sep 12, 2021 at 4:33 PM Gerben Wierda via macports-users
>  wrote:
>> 
>> port was already installed and login-logout
>> 
>>  xorg-server @1.20.11_1 (active)
>> 
>> (it said ‘port install org’ in the original message because of 
>> auto-‘correct’, btw)
>> 
>> Gerben Wierda (LinkedIn)
>> R Enterprise Architecture (main site)
>> Book: Chess and the Art of Enterprise Architecture
>> Book: Mastering ArchiMate
>> 
>> On 12 Sep 2021, at 22:23, Chris Jones  wrote:
>> 
>> 
>> sudo port install xorg-server
>> 
>> Logout and back in again
>> 
>> On 12 Sep 2021, at 11:17 am, Gerben Wierda via macports-users 
>>  wrote:
>> 
>> I’ve been trying out code::blocks and X11 installed via MacPorts and I’m 
>> under the impression something is missing.
>> 
>> I installed using
>> 
>> sudo port install org
>> sudo port install codeblocks
>> 
>> Logging out and in again made sure the correct environment variables are 
>> set.  When I then open codeblocks, I see a lot of error messages like this:
>> 
>> (codeblocks:75317): Gtk-CRITICAL **: 12:02:13.796: 
>> gtk_box_gadget_distribute: assertion 'size >= 0' failed in GtkScrollbar
>> 
>> But the system does seem to launch.
>> 
>> Trying to launch xeyes as a test, gets me a huge entire-screen sized xeyes 
>> and no way to turn that into a small window somewhere.
>> 
>> Is that as it is supposed to be?
>> 
>> Gerben Wierda (LinkedIn)
>> R Enterprise Architecture (main site)
>> Book: Chess and the Art of Enterprise Architecture
>> Book: Mastering ArchiMate
>> 
>> 

Re: code::blocks and X11 via MacPorts: is this as it is supposed to be?

[Gerben Wierda via macports-users]

port was already installed and login-logout

  xorg-server @1.20.11_1 (active)

(it said ‘port install org’ in the original message because of auto-‘correct’, 
btw)

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 12 Sep 2021, at 22:23, Chris Jones  wrote:
> 
> 
> sudo port install xorg-server
> 
> Logout and back in again
> 
>> On 12 Sep 2021, at 11:17 am, Gerben Wierda via macports-users 
>>  wrote:
>> 
>> I’ve been trying out code::blocks and X11 installed via MacPorts and I’m 
>> under the impression something is missing.
>> 
>> I installed using
>> 
>> sudo port install org
>> sudo port install codeblocks
>> 
>> Logging out and in again made sure the correct environment variables are 
>> set.  When I then open codeblocks, I see a lot of error messages like this:
>> 
>> (codeblocks:75317): Gtk-CRITICAL **: 12:02:13.796: 
>> gtk_box_gadget_distribute: assertion 'size >= 0' failed in GtkScrollbar
>> 
>> But the system does seem to launch.
>> 
>> Trying to launch xeyes as a test, gets me a huge entire-screen sized xeyes 
>> and no way to turn that into a small window somewhere.
>> 
>> Is that as it is supposed to be?
>> 
>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>> R Enterprise Architecture <https://ea.rna.nl/> (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> <https://ea.rna.nl/the-book/>
>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> 

code::blocks and X11 via MacPorts: is this as it is supposed to be?

[Gerben Wierda via macports-users]

I’ve been trying out code::blocks and X11 installed via MacPorts and I’m under 
the impression something is missing.

I installed using

sudo port install org
sudo port install codeblocks

Logging out and in again made sure the correct environment variables are set.  
When I then open codeblocks, I see a lot of error messages like this:

(codeblocks:75317): Gtk-CRITICAL **: 12:02:13.796: gtk_box_gadget_distribute: 
assertion 'size >= 0' failed in GtkScrollbar

But the system does seem to launch.

Trying to launch xeyes as a test, gets me a huge entire-screen sized xeyes and 
no way to turn that into a small window somewhere.

Is that as it is supposed to be?

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Conflicty between MacPorts and Anaconda

[Gerben Wierda via macports-users]

What happened was that I used bash, and my env was set in .profile, including 
my PATH setting for MacPorts. What Anaconda did was create a .bash_profile and 
the existence of that file prevents .profile to be read. Hence MacPorts 
commands are not available anymore in the shell.

conda did a lot more (e.g. setting prompt) which I don’t want.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 31 Aug 2021, at 17:39, Mircea Trandafir  wrote:
> 
> I have anaconda and Macports installed side-by-side, with different versions 
> of python in each of them. It all runs smoothly, so it can be done. And I 
> also have MacTeX installed separately, again without any issues with 
> interaction with anaconda. As Ryan said, we need more information to figure 
> out what is the problem with your setup. 
> 
> -- 
> Mircea Trandafir
> Associate professor
> Department of Business and Economics
> University of Southern Denmark
> Campusvej 55, 5230 Odense M 
> Denmark 
> Email: mircea.tranda...@sam.sdu.dk 
> Web: http://www.mirceatrandafir.com 
> 
>> On Aug 31, 2021, at 12:54 PM, Ryan Schmidt  wrote:
>> 
>> On Aug 30, 2021, at 09:32, Gerben Wierda wrote:
>>> 
>>> I had to install Anaconda (Python environment) to collaborate with someone. 
>>> I installed, but it adapted my shell environment in such a way that I’ve 
>>> lost MacPorts (and LMTX ConTeXt). Does anybody have experience with the 
>>> combination of Anaconda and MacPorts and what the correct way is to use 
>>> them side by side?
>> 
>> I don't know anything about Anaconda...
>> 
>> When you say you've "lost MacPorts" does that mean that when you type "port" 
>> something it says the command is not found? If so, that means that your PATH 
>> environment variable is not set up correctly. When you installed MacPorts, 
>> it edited your shell startup script (which varies depending on which SHELL 
>> you are using) to add the MacPorts paths /opt/local/bin and /opt/local/sbin 
>> to PATH, while preserving any other additions you made. Maybe the Anaconda 
>> installer also modified the PATH in that same shell startup file but did not 
>> preserve your other PATH modifications. Or if you are using the Bash shell, 
>> which supports I think three possible startup files, maybe Anaconda edited a 
>> different one, one which takes precedence and causes Bash to ignore the 
>> other startup file that contained your MacPorts PATH settings.
>> 

Re: Conflicty between MacPorts and Anaconda

[Gerben Wierda via macports-users]

Yes, Anaconda overwrote the PATh settings by creating a .bash_profile file (and 
editing several others). The way it does this happens deep in some python 
scripts (e.g. changing shell prompts happen as well). The thing is invasive.

I have removed it from my system.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 31 Aug 2021, at 11:54, Ryan Schmidt  wrote:
> 
> On Aug 30, 2021, at 09:32, Gerben Wierda wrote:
>> 
>> I had to install Anaconda (Python environment) to collaborate with someone. 
>> I installed, but it adapted my shell environment in such a way that I’ve 
>> lost MacPorts (and LMTX ConTeXt). Does anybody have experience with the 
>> combination of Anaconda and MacPorts and what the correct way is to use them 
>> side by side?
> 
> I don't know anything about Anaconda...
> 
> When you say you've "lost MacPorts" does that mean that when you type "port" 
> something it says the command is not found? If so, that means that your PATH 
> environment variable is not set up correctly. When you installed MacPorts, it 
> edited your shell startup script (which varies depending on which SHELL you 
> are using) to add the MacPorts paths /opt/local/bin and /opt/local/sbin to 
> PATH, while preserving any other additions you made. Maybe the Anaconda 
> installer also modified the PATH in that same shell startup file but did not 
> preserve your other PATH modifications. Or if you are using the Bash shell, 
> which supports I think three possible startup files, maybe Anaconda edited a 
> different one, one which takes precedence and causes Bash to ignore the other 
> startup file that contained your MacPorts PATH settings.
> 

Conflicty between MacPorts and Anaconda

[Gerben Wierda via macports-users]

I had to install Anaconda (Python environment) to collaborate with someone. I 
installed, but it adapted my shell environment in such a way that I’ve lost 
MacPorts (and LMTX ConTeXt). Does anybody have experience with the combination 
of Anaconda and MacPorts and what the correct way is to use them side by side?

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

dovecot needs an update to 2.3.15 (security)

[Gerben Wierda via macports-users]

There is a reasonably serious problem with dovecot security: 
https://threatpost.com/email-bug-message-snooping-credential-theft/167125/ 
 
which has been made public since June 21. It does require a man-in-the-middle 
attack, so it is not that easy to exploit, but it is pretty serious as it 
breaches credentials.

I have created a ticket in trac for the maintainers (as well as this message 
here) as I did know where I should inform the maintainers.

Yours,

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Is MacPorts considered stable on Big Sur?

[Gerben Wierda via macports-users]

And then I found it after all: https://trac.macports.org/wiki/BigSurProblems 
<https://trac.macports.org/wiki/BigSurProblems> Sorry.

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 3 Jun 2021, at 00:40, Gerben Wierda via macports-users 
>  wrote:
> 
> My production ‘server’ system still runs Mojave. I was planning to move to 
> Catalina somewhere the coming months. But I might move to BigSur instead. 
> What would stop me is if ports I need won’t work properly on Big Sur. When 
> Big Sur was new, I recall that some core changes affected MacPorts and 
> certain ports.
> 
> Is there an overview somewhere that will tell me of remaining problems/issues 
> with MacPorts and/or ports on Big Sur?
> 
> Thanks,
> 
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R Enterprise Architecture <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture 
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> 

Is MacPorts considered stable on Big Sur?

[Gerben Wierda via macports-users]

My production ‘server’ system still runs Mojave. I was planning to move to 
Catalina somewhere the coming months. But I might move to BigSur instead. What 
would stop me is if ports I need won’t work properly on Big Sur. When Big Sur 
was new, I recall that some core changes affected MacPorts and certain ports.

Is there an overview somewhere that will tell me of remaining problems/issues 
with MacPorts and/or ports on Big Sur?

Thanks,

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: Reclaim was not 'safe'

[Gerben Wierda via macports-users]

> On 11 May 2021, at 01:11, Ryan Schmidt  wrote:
> 
> 
> 
> On May 9, 2021, at 17:07, Gerben Wierda wrote:
> 
>> I relied on the fact that man page/help of reclaim said it would not remove 
>> active installs. So, having read that, I assumed it was unable to damage the 
>> running setup and I assumed it would only remove everything inactive, 
>> compile stuff, etc.
>> 
>> That was a mistake I now know. Reclaim will remove active unrequested 
>> installs. But the help/man does not say so.
> 
> I'm really sorry that it uninstalled ports that you needed; that's really not 
> helpful.
> 
> The port-reclaim(1) manpage and `port help reclaim` say:
> 
> "port reclaim will find files that can be removed to reclaim disk space by 
> uninstalling inactive ports on your system as well as unnecessary unrequested 
> ports, and removing unneeded or unused installation files. The user is then 
> provided interactive options for files to remove. No files are removed 
> initially, until the user selects them from the provided list."

When I wrote “man page/help of reclaim said it would not remove active 
installs” I should have written “man page/help said of/about reclaim it would 
not remove active installs”. I did not say ‘port help reclaim’ or man 
port-reclaim’. I used the main ‘man port’. 

Where the flag is described ‘port help’ or 'man port' only says:

   reclaim
   Reclaims disk space by uninstalling inactive ports and removing 
unneeded installation files.

It doesn’t mention that it removes anything but inactive ports. This is what 
made me not care about lists being presented. Beside, tThe list was huge, most 
of it py38 or p5 somethings. So, I trusted that statement (which turned out to 
be not completely true)

My suggestion would be to adapt the main port help.


Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> 
> So it clearly says it will uninstall unrequested ports that are no longer 
> needed, which users are expected to have no problem with; in fact, this 
> functionality is one of the reasons why users are expected to want to run 
> reclaim: to reclaim disk space for things that are no longer needed. And it 
> says it will show you the list of everything it will uninstall before it does 
> it. So you have an opportunity to cancel before it does that. I'm not sure 
> how much more we can do to save the user from uninstalling things they didn't 
> mean to uninstall. Do you have a suggestion?
> 
> Users should definitely look through the output of `port installed 
> unrequested` and make sure that it does not contain anything you actually 
> want. If it does, use `sudo port setrequested` to tell MacPorts which ones 
> you actually do want, as Daniel said. Conversely, look through the output of 
> `port installed requested` and if anything is listed that you don't actually 
> want, use `sudo port unsetrequested` to mark it as not needed.

Re: Reclaim was not 'safe'

[Gerben Wierda via macports-users]

I relied on the fact that man page/help of reclaim said it would not remove 
active installs. So, having read that, I assumed it was unable to damage the 
running setup and I assumed it would only remove everything inactive, compile 
stuff, etc.

That was a mistake I now know. Reclaim will remove active unrequested installs. 
But the help/man does not say so.

G

Sent from my iPhone

> On 9 May 2021, at 21:26, Daniel J. Luke  wrote:
> 
> On May 9, 2021, at 12:20 PM, Gerben Wierda via macports-users 
>  wrote:
>> Anyway, the hard lesson was: reclaim is not ’safe’. I  thought, reclaim 
>> would only remove inactive installs, but it removed active ones as well.
>> 
>> It is not possible for me to retrace what went wrong exactly, sadly.
> 
> The first thing reclaim does is this:
> 
> --->  Checking for unnecessary unrequested ports
> Unrequested ports without requested dependents found:
> 
> If you (like me) have an MacPorts install that pre-dates the requested flag, 
> you'll have a bunch of ports in that list that you don't actually want 
> uninstalled. For reclaim to work best, you need to do `port setrequested` on 
> the ports you want to always keep - then the list of ports you see there will 
> be stuff that got installed that you no longer need. (You can also mark 
> things 'unrequested', see the port manpage - so you can fix things up if you 
> mistakenly mark something requested that you don't want).
> 
> Or, you can just hit 'n' for the first prompt.
> 
> -- 
> Daniel J. Luke
> 

Reclaim was not 'safe'

[Gerben Wierda via macports-users]

Naively assuming the logic of ‘port reclaim’ would be safe I ran this on my 
production installation of nameserver/webserver/mailserver

The result was catastrophic. After removing stuff it told me it needed to 
rebuild dovecot and after that most of my setup was gone. rspamd had been 
removed, redis had been removed, dcc had been removed, clamav, etc. In other 
words: reclaim says it only removes inactive ports, but when I ran it it 
completely hosed the set of active ports. tcl was haning on trying to start 
dovecot. A complete meltdown.

My guess afterwards is that at one time, years ago, I had installed 
mail-server, but I stopped using that collection at that time pretty much 
immediately as it also installed stuff that had nothing to do with a mail 
server, such as openldap (which I did not need) or BIND (where I use 
unbound/nsd). So a reclaim, done years later, noticed that e.g. rspamd had been 
installed as a sub of mail-server, mail-server was uninstalled (but aparently 
at that time the rest had remained or had been reinstalled separately), so it 
concluded it should remove the dependents, including those that were active. I 
am uncertain if this is true. I have been working all afternoon (backup 
software giving me problems) to restore my setup. It is now running again, so I 
can finally contact this mailing list again ;-)

Anyway, the hard lesson was: reclaim is not ’safe’. I  thought, reclaim would 
only remove inactive installs, but it removed active ones as well.

It is not possible for me to retrace what went wrong exactly, sadly.

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Re: How can I make unbound's accepting of incoming network connections in application firewall in Catalina 'stick'?

[Gerben Wierda via macports-users]

Sorry, no go.

I found a solution on superuser with 0 votes ;-). 
https://superuser.com/a/940696/582447

It turns out that I just had to turn the firewall off and on again. It might 
have been a necessary last step to make it regenerate something, but after that 
step, a reboot (or just port unload/load cycle) will just allow unbound to 
startup and accept incoming connections without further panels

Note, that on my active production server I run Murus (PF configurator) and 
Vallum (configurator for the application-level firewall), which, though 
somewhat hard to work with sometimes, work well in configuring this.

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 15 Mar 2021, at 02:17, Steven Smith  wrote:
> 
> Just turn off your firewall! 
> 
> Seriously, the macOS firewall is an Application firewall. If that suits your 
> risk profile, you can control it through the command line:
> 
> /usr/libexec/ApplicationFirewall/socketfilterfw -h
> 
> Port- and packet-based filtering is handled by pfctl, and that’s a lot more 
> flexible than the macOS application firewall.
> 
>> On Mar 14, 2021, at 20:55, Gerben Wierda via macports-users 
>>  wrote:
>> 
>> I am running an extensive MacPorts (with postfix, dovecot, nginx, minion, 
>> etc.) on my macOS Server, which is still running macOS Mojave.
>> 
>> On one of the other Macs, running macOS Catalina, I run a backup unbound 
>> caching nameserver. This also offers me a way to do some minimal testing of 
>> the MacPorts setup on a more recent version of macOS (as a preparation for 
>> upgrading the Mojave system when Apple stops supporting it)
>> 
>> The unbound on macOS Catalina runs fine, except for one thing. After a 
>> reboot, unbound will not accept incoming connections until I have logged in 
>> an answer the application firewalls’ question:
>> 
>> Do you want the application “unbound” to accept incoming network connections?
>> Clicking Deny may limit the application’s behaviour. This setting can be 
>> changed in the Firewall pane of Security & Privacy preferences.
>> 
>> I can answer yes, check the entry in the application firewall (set to yes, 
>> accept, even before I allow it through the panel). But even if it is set to 
>> accept incoming connections, after a reboot I need to log in and answer 
>> again via the GUI before it accepts. Setting this in the Application 
>> firewall doesn’t ’stick’ for some reason.
>> 
>> This is not acceptable behaviour if I ever upgrade my Mojave Server, as that 
>> one must be able to do unsupervised reboots/running without any login.
>> 
>> Is there something special in Catalina I must do? Or is this expected 
>> behaviour?
>> 
>> Thanks,
>> 
>> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
>> R Enterprise Architecture <https://ea.rna.nl/> (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> <https://ea.rna.nl/the-book/>
>> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> 

Re: How can I make unbound's accepting of incoming network connections in application firewall in Catalina 'stick'?

[Gerben Wierda via macports-users]

It seems to be a code signing issue for /opt/local/sbin/unbound, but I haven’t 
found out how to get rid of it and MacPorts doesn’t handle it itself (i.e. 
forces the app to end into a good state or warn why it can’t do it).

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R Enterprise Architecture <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

> On 15 Mar 2021, at 01:55, Gerben Wierda via macports-users 
>  wrote:
> 
> I am running an extensive MacPorts (with postfix, dovecot, nginx, minion, 
> etc.) on my macOS Server, which is still running macOS Mojave.
> 
> On one of the other Macs, running macOS Catalina, I run a backup unbound 
> caching nameserver. This also offers me a way to do some minimal testing of 
> the MacPorts setup on a more recent version of macOS (as a preparation for 
> upgrading the Mojave system when Apple stops supporting it)
> 
> The unbound on macOS Catalina runs fine, except for one thing. After a 
> reboot, unbound will not accept incoming connections until I have logged in 
> an answer the application firewalls’ question:
> 
> Do you want the application “unbound” to accept incoming network connections?
> Clicking Deny may limit the application’s behaviour. This setting can be 
> changed in the Firewall pane of Security & Privacy preferences.
> 
> I can answer yes, check the entry in the application firewall (set to yes, 
> accept, even before I allow it through the panel). But even if it is set to 
> accept incoming connections, after a reboot I need to log in and answer again 
> via the GUI before it accepts. Setting this in the Application firewall 
> doesn’t ’stick’ for some reason.
> 
> This is not acceptable behaviour if I ever upgrade my Mojave Server, as that 
> one must be able to do unsupervised reboots/running without any login.
> 
> Is there something special in Catalina I must do? Or is this expected 
> behaviour?
> 
> Thanks,
> 
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R Enterprise Architecture <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture 
> <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> 

How can I make unbound's accepting of incoming network connections in application firewall in Catalina 'stick'?

[Gerben Wierda via macports-users]

I am running an extensive MacPorts (with postfix, dovecot, nginx, minion, etc.) 
on my macOS Server, which is still running macOS Mojave.

On one of the other Macs, running macOS Catalina, I run a backup unbound 
caching nameserver. This also offers me a way to do some minimal testing of the 
MacPorts setup on a more recent version of macOS (as a preparation for 
upgrading the Mojave system when Apple stops supporting it)

The unbound on macOS Catalina runs fine, except for one thing. After a reboot, 
unbound will not accept incoming connections until I have logged in an answer 
the application firewalls’ question:

Do you want the application “unbound” to accept incoming network connections?
Clicking Deny may limit the application’s behaviour. This setting can be 
changed in the Firewall pane of Security & Privacy preferences.

I can answer yes, check the entry in the application firewall (set to yes, 
accept, even before I allow it through the panel). But even if it is set to 
accept incoming connections, after a reboot I need to log in and answer again 
via the GUI before it accepts. Setting this in the Application firewall doesn’t 
’stick’ for some reason.

This is not acceptable behaviour if I ever upgrade my Mojave Server, as that 
one must be able to do unsupervised reboots/running without any login.

Is there something special in Catalina I must do? Or is this expected behaviour?

Thanks,

Gerben Wierda (LinkedIn )
R Enterprise Architecture  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

Catalina: accepting incoming connections on unbound does not survive a reboot

[Gerben Wierda via macports-users]

I did not have this problem under Mojave, but since I have upgraded I do.

I am running a backup nameserver (in my split-DNS setup) on a mac desktop 
(unbound via MacPorts). After a reboot, the first user to log in gets a panel 
from the firewall with the question to allow incoming connections for unbound. 
System administrator user name and password are  given and incoming connections 
are then accepted. But after a reboot I have to do this again.

This worries me. My main server (stilll on Mojave until I have enough 
confidence in MacPorts under Catalina to upgrade) must be able to survive a 
reboot without any user interaction via the GUI (i.e. when I am away from the 
physical location).

I wonder if it has anything to do with how unbound has been installed via 
MacPorts.

Any tips?

Thanks,

Gerben

Fix for postfix not launching reliably at boot time

[Gerben Wierda via macports-users]

I think I shared this before, but I’m not certain so I am doing so now (again).

The MacPorts postfix master process will not launch reliably at boot if it is 
set up with ‘port load postfix’. The reason for the unreliable boot is that 
macOS during boot for about 60 seconds or so claims port 25 (and 587) because 
it launches its own postfix, then quickly kills it. When Apple’s postfix master 
launches first (there is no control in launchd what launches first) this can 
block the MacPorts version, which then fails. 

By changing /etc/postfix/master.cf of Apple’s postfix the boot by MacPorts 
launches reliably.

This means patching Apple’s files, which I frown upon, but I’m still using 
Mojave and I think Apple updates leave master.cf alone and macOS itself doesn’t 
really use postfix, it is a leftover. I don’t know if this is still possible in 
later versions of macOS. If it isn’t because Apple has locked these down, a 
more intelligent startup command could be written that works around this macOS 
behaviour.

14,15c14,16
< smtp  inet  n   -   n   -   1   postscreen
< smtpd pass  -   -   n   -   -   smtpd
---
> # GW: Commented postscreen, smtpd commands as Apple's postfix master gets run 
> for 60 sec at boot
> #smtp  inet  n   -   n   -   1   postscreen
> #smtpd pass  -   -   n   -   -   smtpd
18,19c19,20
< submission inet n   -   n   -   -   smtpd
<   -o smtpd_tls_security_level=encrypt
---
> #submission inet n   -   n   -   -   smtpd
> #  -o smtpd_tls_security_level=encrypt

Yours,

G

unbound port doesn't create/install startup wrapper correctly

[Gerben Wierda via macports-users]

I have an adapted Portfile for net/unbound. This Portfile enables the launch of 
multiple unbound servers in parallel. This is for instance needed for rspamd 
(also from MacPorts) if your forwarder is one of the big ones such as Google’s 
8.8.8.8 or Quad9’s 9.9.9.9 (which are blocked by some blacklist providers, 
making rspamd fail on certain actions). So, I am running two unbound daemons 
side by side, one om port 53 (the normal one, for all users) and one on port 
1053 for rspamd. That last one does not forward, but resolves using the formal 
root servers path.

To be able to do that, I have two unbound configurations files: unbound.conf 
and unbound-noforwarders.conf. 

Launching unbound should launch both. So, I have adapted the Portfile:

#
# Start
#
Start()
{
('/opt/local/sbin/unbound-anchor' -a '/opt/local/etc/unbound/root.key' 
2>&1) \
|| : && (chown unbound:unbound '/opt/local/etc/unbound/root.key' 
2>&1) \
&& (for i in '/opt/local/etc/unbound/unbound'*conf; \
do '/opt/local/sbin/unbound' -c "$i" 2>&1; done)
}

#
# Stop
#
Stop()
{
(for i in '/opt/local/var/run/unbound/unbound'*pid; \
do /bin/kill -15 $(cat "$i") 2>&1; done)
}

And that works fine. port load unbound leads to these processes:

0 67637 1   0  20  0  4322368   5800 -  Ss ??0:00.01 
/opt/local/bin/daemondo --label=unbound --start-cmd 
/opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper start ; 
--stop-cmd /opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper 
stop ; --restart-cmd 
/opt/local/etc/LaunchDaemons/org.macports.unbound/unbound.wrapper restart ; 
--verbosity=1 --pid=fileclean --pidfile /opt/local/var/run/unbound/unbound.pid
  500 67643 1   0  20  0  4330452  18200 -  Ss ??0:00.22 
/opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound-noforwarders.conf
  500 67645 1   0  20  0  4337620  17732 -  Ss ??0:00.15 
/opt/local/sbin/unbound -c /opt/local/etc/unbound/unbound.conf

To get that I have adapted the Portfile:

# Make it run on boot
# Redirect stderr on launchd-started items because launchd redirects stderr to 
a black hole
# Let macports (daemondo) manage the availability of process and pidfile as 
unbound fails to start at the first attempt
# because unbound is unable to get port 53. Unbound starts successfully at 
second attempt.
startupitem.create  yes
startupitem.nameunbound
startupitem.logfile /Library/Logs/unbound-startupitem.log
startupitem.logevents   yes
# the following entries handle multiple instances running in parallel
startupitem.start   "(\'${prefix}/sbin/unbound-anchor\' -a 
\'${prefix}/etc/${name}/root.key\' 2>&1) \\"\
"|| : && (chown ${unbounduser}:${unboundgroup} 
\'${prefix}/etc/${name}/root.key\' 2>&1) \\"\
"&& (for i in \'${prefix}/etc/${name}/${name}\'*conf; \\"\
"do \'${prefix}/sbin/unbound\' -c \"\$i\" 2>&1; done)"
startupitem.stop"(for i in \'${prefix}/var/run/${name}/${name}\'*pid; 
\\"\
"do /bin/kill -15 \$(cat \"\$i\") 2>&1; done)"
# The following ignores any second process and pidfile
startupitem.pidfile clean ${prefix}/var/run/${name}/${name}.pid

notes-append\
"An example configuration is provided at 
${prefix}/etc/${name}/${name}.conf-dist." \
"" \
"The startup item will start as many unbounds as there are 
${prefix}/etc/${name}*conf files." \
"Make sure each of these has a server that doesn't conflict with any 
other. Especially, make" \
"sure that they do not try to listen on the same interface, do not 
write the same pid file," \
"and make sure they have different log files." \
"  This setup enables the single management through macports of a set 
of unbound servers. The use" \
"of this is for instance for rspamd, which requires a DNS that does not 
forward to a public DNS" \
"server, while ordinary requests would benefit. Running one DNS 
resolver with forwarding on port 53," \
"while running another one without forwarding for rspamd on port 1053 
is a typical use case."


But, and here is my problem, when I install the upgraded unbound, I get the 
old/original wrapper. So, while the process ends with the notes shown above (so 
my adapted Portfile is actually used), the wrapper is incorrect after install.

What is going wrong here?

(I think I contributed the unbound fix a while back, but apparently it did not 
make it to the official port distribution)

G

MacPorts updates (mail-server install) apparently messing with installed configuration dates

[Gerben Wierda via macports-users]

I did an update of postfix, dovecot etc. on Feb 22. This worked fine and 
everything has been running smoothly since.

However, I just noticed these messages in my postfix log:

Mar 23 10:43:04 mail smtp/smtpd[70713]: warning: database 
/opt/local/etc/postfix/aliases.db is older than source file 
/opt/local/etc/postfix/aliases
Mar 23 10:43:04 mail smtp/smtpd[70713]: warning: database 
/opt/local/etc/postfix/rna_sender_canonical.db is older than source file 
/opt/local/etc/postfix/rna_sender_canonical
Mar 23 10:43:04 mail smtp/smtpd[70713]: warning: database 
/opt/local/etc/postfix/rna_recipient_overrides.db is older than source file 
/opt/local/etc/postfix/rna_recipient_overrides
Mar 23 10:43:04 mail smtp/smtpd[70713]: warning: database 
/opt/local/etc/postfix/rna_virtual_users.db is older than source file 
/opt/local/etc/postfix/rna_virtual_users
Mar 23 10:43:05 mail postfix/trivial-rewrite[70715]: warning: database 
/opt/local/etc/postfix/rna_virtual_domains.db is older than source file 
/opt/local/etc/postfix/rna_virtual_domains
Mar 23 10:43:05 mail postfix/trivial-rewrite[70715]: warning: database 
/opt/local/etc/postfix/transport.db is older than source file 
/opt/local/etc/postfix/transport
Mar 23 10:43:05 mail postfix/cleanup[70716]: warning: database 
/opt/local/etc/postfix/rna_sender_canonical.db is older than source file 
/opt/local/etc/postfix/rna_sender_canonical
Mar 23 10:43:05 mail postfix/cleanup[70716]: warning: database 
/opt/local/etc/postfix/rna_recipient_overrides.db is older than source file 
/opt/local/etc/postfix/rna_recipient_overrides
Mar 23 10:43:05 mail postfix/cleanup[70716]: warning: database 
/opt/local/etc/postfix/rna_virtual_users.db is older than source file 
/opt/local/etc/postfix/rna_virtual_users

And what seems to have happened is that the MacPorts maintenance has touched 
the dates on these files (without actually changing them):

-rw-r--r--   1 root  admin 12144 Feb 22 13:37 aliases
-rw-r--r--   1 root  admin 16384 Oct  4 15:53 aliases.db
-rw-r--r--   1 root  wheel 10519 Feb 22 13:37 aliases.sample

Hmm, that is not nice. It should leave those files such as my aliases file 
alone. Probably a fix/check for ownership?

Is this something that is fixable in the port or is this something inherent in 
the way MacPorts work when installing?

(Same happened with dovecot. I have been using the mail-server port as an 
umbrella, so it might have been that one)

G