Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bash script fails with permission errors on Xcode 15 Beta 4 #14

Closed
neilt opened this issue Jul 18, 2023 · 6 comments
Closed

Bash script fails with permission errors on Xcode 15 Beta 4 #14

neilt opened this issue Jul 18, 2023 · 6 comments

Comments

@neilt
Copy link

neilt commented Jul 18, 2023
edited
Loading

I have a setup which executes a bash script in the source tree to modify some source files in the source tree.

This worked fine with Xcode Version 14.3.1 (14E300c) but fails with Xcode Version 15.0 beta 4 (15A5195m). I wonder if this is an Xcode beta problem or are there some new flags that need to be added to give permissions to the source directory? Clearly the source directory is being denied access. If new flags are needed, then where do they go?

This is SPM project run from Xcode.

The yaml file:

prebuild: # prebuild Command
    - name: "GenerateBuildInfo"
      launchPath: "/bin/bash" # bash, zsh, etc. can be specified
      script: "generateBuildInfo.sh"

The errors are:

/usr/bin/sandbox-exec -p "(version 1)
(deny default)
(import \"system.sb\")
(allow file-read*)
(allow process*)
(allow file-write*
    (subpath \"/private/tmp\")
    (subpath \"/private/var/folders/_m/85n1b_4n12b2gmb5kd002q240000gn/T\")
)
(deny file-write*
    (subpath \"/Users/neiltiffin/Maui-Dev/SinkHole47/sinkhole47/SH47_Server_swift/SH47ServerWebsocketCommandLine\")
)
(allow file-write*
    (subpath \"/Volumes/Dev01Portable/XcodeNewDerivedData/SH47ServerWebsocketCommandLine-hdcjufnkdirjzzgsqfyeqhtpmjmi/SourcePackages/plugins/sh47serverwebsocketcommandline.output/sh47-server/RunScriptPlugin\")
)
" /Volumes/Dev01Portable/XcodeNewDerivedData/SH47ServerWebsocketCommandLine-hdcjufnkdirjzzgsqfyeqhtpmjmi/SourcePackages/artifacts/runscriptplugin/run-script-bin/run-script-bin.artifactbundle/run-script-bin/bin/run-script-bin --config /Users/neiltiffin/Maui-Dev/SinkHole47/sinkhole47/SH47_Server_swift/SH47ServerWebsocketCommandLine/runscript.yml --timing prebuild

🏃[Start] RunScriptPlugin(prebuild)
🏃[script] GenerateBuildInfo...
./generateBuildInfo.sh: line 32: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 33: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 34: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 35: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 36: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 37: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
./generateBuildInfo.sh: line 38: Sources/sh47-server/_auto/gBuildInfo.auto_generated.swift: Operation not permitted
swift-driver version: 1.75.2 ./generateBuildInfo.sh: line 44: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 45: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 46: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 47: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 48: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 49: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
./generateBuildInfo.sh: line 50: Sources/sh47-server/_auto/gXcodeInfo.swift: Operation not permitted
🏃[End] RunScriptPlugin(prebuild)
@p-x9
Copy link
Owner

p-x9 commented Jul 19, 2023
edited
Loading

Until Xcode 14.x, you could probably get around the plug-in sandbox limitation by writing from a subprocess.
Directories other than those under pluginWorkDirectory are inherently write-restricted by the sandbox.

If you build from command, I can avoid the sandbox by setting the following flag, but I don't think it is a good practice.
(I couldn't even figure out how to set it in the Xcode project)

swift build --disable-sandbox

I will continue to investigate.
Thanks.

@neilt
Copy link
Author

neilt commented Jul 21, 2023

Thanks,

I wanted to mention one other thing. These permission failures did not cause a warning or error in the build process, I noted that the source revisions were not accurate and tracked it down to this. These errors should be propagated back to the build.

@neilt
Copy link
Author

neilt commented Jul 21, 2023

I don't know if this helps, but this references seems to talking about the same issue.

https://forums.swift.org/t/extensible-prebuild-plugin-such-as-swiftgen/56495/5

@p-x9
Copy link
Owner

p-x9 commented Jul 22, 2023

@neilt

These errors should be propagated back to the build.

I agree with this.
I will fix it so that it takes the error of the shell script it runs and re-throws it again.

@p-x9
Copy link
Owner

p-x9 commented Aug 17, 2023

It seems that the bug was the reason why it was working before Xcode14.

swiftlang/swift-package-manager#6814

@p-x9
Copy link
Owner

p-x9 commented Jun 17, 2024

It seems to be possible to disable the Sandbox in BuildToolPlugin by doing the following settings.

defaults write com.apple.dt.Xcode IDEPackageSupportDisablePluginExecutionSandbox -bool YES

@p-x9 p-x9 closed this as completed Jun 17, 2024
@p-x9 p-x9 pinned this issue Aug 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neilt @p-x9