Perl library locations, and System Integrity Protection

perlpermissionsip

My system perl seems to have a bunch of cruft left over from previous installations:

% which perl
/usr/bin/perl

% perl -V | perl -ne 'print if /INC/...//'
  @INC:
    /Library/Perl/5.18/darwin-thread-multi-2level
    /Library/Perl/5.18
    /Network/Library/Perl/5.18/darwin-thread-multi-2level
    /Network/Library/Perl/5.18
    /Library/Perl/Updates/5.18.2/darwin-thread-multi-2level
    /Library/Perl/Updates/5.18.2
    /System/Library/Perl/5.18/darwin-thread-multi-2level
    /System/Library/Perl/5.18
    /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level
    /System/Library/Perl/Extras/5.18
    .

Among the stuff in /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level is an old version of Moose.pm that doesn't work, so I want to get rid of it:

% perl -MMoose -e1
Invalid version format (version required) at /Library/Perl/5.18/Module/Runtime.pm line 396.
BEGIN failed--compilation aborted.

% perldoc -l Moose
/System/Library/Perl/Extras/5.18/darwin-thread-multi-2level/Moose.pm

However, I can't:

% sudo rm /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level/Moose.pm
Password:
override rw-r--r--  root/wheel restricted,compressed for /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level/Moose.pm? y
rm: /System/Library/Perl/Extras/5.18/darwin-thread-multi-2level/Moose.pm: Operation not permitted

I'm guessing that in my various OS updates over the years, Apple has moved some of my user-installed modules to this /System/Library/Perl/Extras directory, but then protected it with System Integrity Protection, so now I can't get rid of it (easily). Does that sound likely?

If so – how the heck did this stuff get there? According to What is the "rootless" feature in El Capitan, really? , any extra junk in /System that Apple didn't want there should have been moved to /Library/SystemMigration/History/Migration-(some UUID)/QuarantineRoot, right? I've never disabled SIP on this machine.

So: what's the best way to deal with this? I can temporarily disable SIP and blow away /System/Library/Perl/Extras/5.18 or whatever – but I'd like some assurance that this isn't something Apple actually expects to be there. Is there a definitive list of what should be present in /System on my OS (which is High Sierra, 10.13.4 (17E199))?

Best Answer

A couple ideas:

  • Examine the manifest in the latest High Sierra installer or do a clean install on spare disk and compare it to your system
  • Check the dates on the various directories

A couple comments:

  • When I do a 10.x upgrade, i.e from Sierra to High Sierra, I always do a clean install consisting of backing up my home dir, reformatting the drive, then installing OS and reinstalling apps and restoring my files. Removes the crud from previous versions.
  • For any development work (perl, python, java, shell scripts, etc.) on my Mac I never use the Apple supplied versions - I always use something like MacPorts or install and compile my own if necessary - that way you can manage the versions you use and also escape Apple's redesign of standard locations for libraries, include files, etc. Take it one step further and use docker and docker-compose if you really want to avoid this problem.
Related Question