Question MacOS installer improvement suggestion

Adding yourself to sudoers and using sudo commands without password is very bad practice.  This is a brilliant way to use sudo in long running scripts and you need to enter your password only once. I use this method for a very long time in my own MacOS and Linux scripts.

Some people (like me) do not want to use MacPorts, since they already use brew. Using both on same computer is not really wise. Current install script looks for gmake in /usr/local/bin/ but for us with brew gmake is in /opt/homebrew/bin. As a workaround I made a symbolic link and installer worked without any problem:

It would probably be best to check if there is gmake in /opt/homebrew/bin if it doesn't exist in /usr/local/bin/ and use the one that exists. If none of them exists, script should exit with a message that gmake is required.

 

Sternas wrote:

Thanks Sir
System Level knowledge

 

1) Your sudo suggestion is an other way to give to CT the correct user privileges.
Our methodology works on Linux, MacOS, OpenIndiana, Solaris, FreeBSD, NetBSD, OpenBSD and DragonFly.
On all above OSes with CT you can build app and system stuff like sys daemons, sys libraries and modules without problem.

2) We select MacPorts because you can totally remove it from your MacOS,
can you do the same with Homebrew ?

We will test again Homebrew. Tomorrow, I will add this task to LAB To-Do list.


 

Long time ago I used same method as you, and I were adding myself to sudoers file on every system, until one day my colleague (senior system admin) didn't see what I did on one of our web servers. After very long security lecture I never did that on any system again. So yes, that method works, but it's basically a security hole. I guess it can be used on local machine as long as you remove yourself from sudoers file right after you finish installation.

This method that I suggested is absolutely secure and works fine on Ubuntu and MacOS. It should also works on any other linux distro (unfortunately I didn't test it myself on other distros).

I just remembered something important about homebrew. On Intel, default homebrew path is also /usr/local, so it's same as for MacPorts and everything should work without any modification. But, they decided to use different path for ARM installation and that is /opt/homebrew. Even if you are using Rosetta 2 to install CT (as I did earlier today), since I originally installed brew without Rosetta emulation, my path is different.

Yes, you can uninstall brew at any time. There is an uninstall script.

Installation

Unistall
 If you need any help with brew or you need to test anything on brew and/or M1 with or without Rosetta, just let me know in PM.