Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[macOS][CI] Update XCode to 12.3 and Update min macOS version to 10.12 #6896

Merged
merged 2 commits into from
Jan 21, 2021
Merged

[macOS][CI] Update XCode to 12.3 and Update min macOS version to 10.12 #6896

merged 2 commits into from
Jan 21, 2021

Conversation

sharvilshah
Copy link
Member

This updates:

  • CMAKE_OSX_DEPLOYMENT_TARGET to 10.12. This in turn sets mmacosx-version-min CFLAG to 10.12
  • Updates to the latest XCode. CMake uses the XCode path to build against the latest 11.1 SDK (Note: this CI image is still on 10.15 Catalina)

The benefit of this is, that we still support older macOS versions, while incorporating newer changes.

➜  vtool -show ./osqueryi
./osqueryi:
Load command 9
      cmd LC_VERSION_MIN_MACOSX
  cmdsize 16
  version 10.12
      sdk 11.1
Load command 10
      cmd LC_SOURCE_VERSION
  cmdsize 16
  version 0.0

➜  ./osqueryi -A os_version;
+-------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+
| name  | version | major | minor | patch | build | platform | platform_like | codename | arch   |
+-------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+
| macOS | 11.1    | 11    | 1     | 0     | 20C69 | darwin   | darwin        |          | x86_64 |
+-------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+

➜  SYSTEM_VERSION_COMPAT=1 ./osqueryi -A os_version;
+----------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+
| name     | version | major | minor | patch | build | platform | platform_like | codename | arch   |
+----------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+
| Mac OS X | 10.16   | 10    | 16    | 0     | 20C69 | darwin   | darwin        |          | x86_64 |
+----------+---------+-------+-------+-------+-------+----------+---------------+----------+--------+

Closes #6840

@mike-myers-tob mike-myers-tob added CI/CD Anything about the Continuous Integration or Continuous Deployment tool used by the repository macOS labels Jan 11, 2021
@theopolis
Copy link
Member

Can you help me understand what problem is solved by changing the Minimum-supported API?

@sharvilshah
Copy link
Member Author

sharvilshah commented Jan 13, 2021
edited

Ah, I should have provided more context, sorry.

macOS provides "availability" macros in the OS header files <os/availablility.h>. The core functionality that this provides is that we can compile/link with new features available on newer macOS versions (by basically checking via API_AVAILABLE(macos(10.x)), while having reasonable guarantees that we can continue running on older macOS versions.

However, for this to work we need -mmacos-version-min compile flag, which is what CMAKE_OSX_DEPLOYMENT_TARGET sets. Here is the documentation blurb in that header file:

For these macros to function properly, a program must specify the OS version range 
it is targeting.  The min OS version is specified as an option to the compiler:
-mmacosx-version-min=10.x when building for Mac OS X, and -miphoneos-version-min=x.x
when building for the iPhone.  The upper bound for the OS version is rarely needed,
but it can be set on the command line via: -D__MAC_OS_X_VERSION_MAX_ALLOWED=10xx for
Mac OS X and __IPHONE_OS_VERSION_MAX_ALLOWED = 1xxx for iPhone.

Although this is anecdotal, previously I have been successfully able to use these macros (endpointsecurity) on Sierra (10.12/10.13) but not on El Capitan (10.11).
Apple has not stopped signing installers for older macOS versions, which now requires much finagle-ing to get those VMs up and running.

Hence updating min supported API from 10.11 to 10.12.

I would in fact make the case that we should move the min supported API to 10.13/10.14, given that 10.12 Sierra came out in 2016 and stopped receiving security updates in 2019.

@directionless
Copy link
Member

This came up in office hours. As noted there, we need to bump to 10.12 for:

  • endpoint security
  • weak library links
  • available macros

Those seem like good reasons to me. Os there anything we need to do to test this, or any blockers?

@directionless directionless added this to the 4.7.0 milestone Jan 19, 2021
@theopolis
Copy link
Member

I think this is good to go, but heads up can you search the ./docs folder if we mention CMAKE_OSX_DEPLOYMENT_TARGET or 10.11 and update those instances?

@mike-myers-tob mike-myers-tob merged commit 56755f6 into osquery:master Jan 21, 2021
@alessandrogario alessandrogario mentioned this pull request Jan 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theopolis theopolis theopolis approved these changes

Assignees
No one assigned
Labels
CI/CD Anything about the Continuous Integration or Continuous Deployment tool used by the repository macOS
Projects
None yet
Milestone
4.7.0
Development

Successfully merging this pull request may close these issues.

FYI Regarding Big Sur version reporting
4 participants
@sharvilshah @theopolis @directionless @mike-myers-tob