[exim] MacOS development was Re: After upgrade to Exim 4.95 …

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Andrew C Aitchison
Data:  
Para: exim-users
CC: Martin D Kealey, lasse.torngren
Tópicos Antigos: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"
Assunto: [exim] MacOS development was Re: After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"
On Tue, 20 Sep 2022, Martin D Kealey via Exim-users wrote:

> Lasse Törngren <lasse.torngren@???> wrote:
>
> I am using a couple of Macs as servers, and has one server running MacOS
>> Mojave and Exim 4.94 without any issue.
>>
>> I have tried to upgrade to Exim 4.95 on this machine, and to Exim 4.96 on
>> a new server that I am setting up with MacOS Big Sur. On both servers I get
>> Exim Panic with “setgroups: Invalid argument” at local (virtual) delivery.
>>
>
> Disclaimers:
> 1. There's currently no support for MacOS because there are no active
> developers with access to that platform.
> 2. I don't have access to anything running MacOS, so I can only offer
> general guidance.


I have got my hands on a 2007 Mac Book Pro running Snow Leopard and
i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5666) (dot 3)

I have successfully built pcre2, but cannot build exim until
I have an "exim" user on the machine*.
How do I create a *system* user to a Mac ?

* Yes I *could* *build* exim without an exim user,
but I would not be able to *test* the executable ...

> If you know your way around C code and would like to help, I'd encourage
> you to join the exim-dev list, and discuss a possible fix, with a view to
> incorporating it in the next Exim release, and reinstating support for
> MacOS.


I will move this discussion there.

Does anyone know that Snow Leopard is too old to be useful ?
There is a newer mac in the house, though it is used, unlike the
Snow Leopard machine we unpacked from storage.

> The message “*setgroups: Invalid argument*” originates from one of the
> functions `priv_drop_temp` and `priv_restore` in the source file `
> src/src/priv.c`, which was a new addition for the 4.95 release. (I would
> start by patching the messages so you can see which of those two functions
> is failing.)
>
> It might also be informative to explore the versions of those functions
> implemented in sshd, and see if they've been patched to cope with setgroups
> behaviour on MacOS.
>
> In the meantime, if you write a wrapper that starts Exim with an empty
> supplementary group set, that might alleviate some of the problems.
>
> I note that in the source file `src/src/exim.c` circa line 3943 it has `
> setgroups` gated thus:
> ```
>
>> #ifndef OS_SETGROUPS_ZERO_DROPS_ALL
>>    && setgroups(0, NULL) != 0
>> #endif
>>    && setgroups(1, group_list) != 0

>
> ```
> which suggests that the same conditional logic should be applied in `
> src/src/priv.c`.


Lasse and I have tried that and also established
that the process has 20+ supplementary group permissions
which is more than NGROUPS_MAX on Snow Leopard
(not sure what it is on his machine:
     egrep NGROUPS_MAX /usr/include/sys/syslimits.h
  should tell us ).


-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???