test: posix_spawnp broken 10 on darwin

Please describe the problem.

We observer error in our CI:

      ./Test/Framework.hs:86:
      addurl on file:///private/tmp/nix-build-git-annex-10.20231129.drv-0/git-annex-10.20231129-src/.t/25/tmprepo0/myurl failed with unexpected exit code (transcript follows)
      addurl file:///private/tmp/nix-build-git-annex-10.20231129.drv-0/git-annex-10.20231129-src/.t/25/tmprepo0/myurl 
      git-annex: security: createProcess: posix_spawnp: does not exist (No such file or directory)
      failed
      addurl: 1 failed

https://github.com/cachix/pre-commit-hooks.nix/actions/runs/8355807260/job/22871621632

What steps will reproduce the problem?

build git-annex and run tests on darwin

What version of git-annex are you using? On what operating system?

10.20231129

RSS Atom

comment 1

This error message seems to indicate that git-annex tried to run a program named "security", which does not exist.

I can reproduce the error message like so:

ghci> createProcess (proc "security" [])
*** Exception: security: createProcess: posix_spawnp: does not exist (No such file or directory)

Since git-annex definitely does not normally try to run a program named "security" -- it doesn't even contain any String with that value -- I am puzzled by what could be causing it to do so. My best guess is something in your git configuration might be set. For example:

joey@darkstar:~/tmp/xx>git config annex.freezecontent-command security
joey@darkstar:~/tmp/xx>git-annex addurl file:///bin/sh
addurl file:///bin/sh
(to _bin_sh) sh: 1: security: not found

Which well, rules out that particular git config, but there are several git configs that specify a command to run, so some other one.

However, the test suite also runs with GIT_CONFIG_NOSYSTEM set, so git won't read the system gitconfig file, and it also sets HOME to a temp directory to avoid reading ~/.gitconfig. So normally even such a git config setting should not affect the test suite.

Comment by joey — Fri Mar 22 14:47:02 2024

Remove comment

Happens on nix on MacOS as well

I just had the same problem. An addurl test failing while building on MacOS with nix-shell -p git-annex. I recorded a video of it coincidentally. I don't know what's with the security program it tries to call. I was using a MacOS VM via Docker-OSX.

Comment by nobodyinperson — Sat Apr 13 15:51:54 2024

Remove comment

comment 3

This seems like a bug in Nix.

"security" is a MacOS command. https://ss64.com/mac/security.html

Several haskell packages contain code that runs it. For example https://hackage.haskell.org/package/certificate in System/Certificate/X509/MacOS.hs:

createProcess (proc "security" ["find-certificate" ...

I've not checked which one is getting pulled into git-annex here, it may vary depending on versions of intermediate library dependencies. This search finds several other possibilities: https://hackage-search.serokell.io/?q=%22security%22

And presumably on Nix that program is not in PATH. So it needs to either depend on it, or patch out call to it.

The Nix maintainers of git-annex have been emailed about this.

Comment by joey — Mon May 27 14:49:20 2024

Remove comment

Add a comment