Google Git
Sign in
go / build / c11bf72ba9c70bce1f2fe8b1eb6dd77d6ae65aa9^! / .
commitc11bf72ba9c70bce1f2fe8b1eb6dd77d6ae65aa9[log] [tgz]
authorBrad Fitzpatrick <bradfitz@golang.org>Tue Apr 02 18:55:28 2019 +0000
committerBrad Fitzpatrick <bradfitz@golang.org>Tue Apr 02 23:38:05 2019 +0000
tree45dc1334765c5f97ea4af3d5da283454d354f495
parentd636fbf4cd343fa9faee779584e5c7c3af605230 [diff]
cmd/buildlet: use sudo to enable developer mode on Macs

Apparently Josh's intuition in CL 170339 was correct. We do need sudo.
Sometimes. It's weird. It works without sudo with gomote, but not
during start-up. The environment is slightly different.

In any case, sudo works. Verified on macOS 10.10, 10.11, 10.12, and 10.14.

Updates golang/go#31123

Change-Id: Idc4ace816a5d8e19bbb124663ca186fdf74b188c
Reviewed-on: https://go-review.googlesource.com/c/build/+/170438
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

diff --git a/cmd/buildlet/buildlet.go b/cmd/buildlet/buildlet.go
index 2c9971e..3dce7b7 100644
--- a/cmd/buildlet/buildlet.go
+++ b/cmd/buildlet/buildlet.go

@@ -1655,10 +1655,7 @@
 	// TODO: setup RAM disk for tmp and set *workDir
 
 	disableMacScreensaver()
-
-	// Enable developer mode for runtime tests. (Issue 31123)
-	// Best effort; ignore any error.
-	exec.Command("/usr/sbin/DevToolsSecurity", "-enable").Run()
+	enableMacDeveloperMode()
 
 	version, err := exec.Command("sw_vers", "-productVersion").Output()
 	if err != nil {
@@ -1710,6 +1707,30 @@
 	}
 }
 
+// enableMacDeveloperMode enables developer mode on macOS for the
+// runtime tests. (Issue 31123)
+//
+// It is best effort; errors are logged but otherwise ignored.
+func enableMacDeveloperMode() {
+	// Macs are configured with password-less sudo. Without sudo we get prompts
+	// that "SampleTools wants to make changes" that block the buildlet from starting.
+	// But oddly, not via gomote. Only during startup. The environment must be different
+	// enough that in one case macOS asks for permission (because it can use the GUI?)
+	// and in the gomote case (where the environment is largley scrubbed) it can't do
+	// the GUI dialog somehow and must just try to do it anyway and finds that passwordless
+	// sudo works. But using sudo seems to make it always work.
+	// For extra paranoia, use a context to not block start-up.
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	out, err := exec.CommandContext(ctx, "/usr/bin/sudo", "/usr/sbin/DevToolsSecurity", "-enable").CombinedOutput()
+	if err != nil {
+		log.Printf("Error enabling developer mode: %v, %s", err, out)
+		return
+	}
+	log.Printf("DevToolsSecurity: %s", out)
+}
+
 func vmwareGetInfo(key string) string {
 	cmd := exec.Command("/Library/Application Support/VMware Tools/vmware-tools-daemon",
 		"--cmd",