setfacl: ... Not supported when using Docker on OSX

[simongroenewolt]

I've created a fresh project using

composer create-project bolt/project myproject "2.0.0-beta.6.1"

When running

docker compose up

I get the following errors:

php_1 | setfacl: config: Not supported
php_1 | setfacl: config/bolt: Not supported
php_1 | setfacl: config/bolt/config.yaml: Not supported
php_1 | setfacl: config/bolt/contenttypes.yaml: Not supported
php_1 | setfacl: config/bolt/menu.yaml: Not supported
php_1 | setfacl: config/bolt/permissions.yaml: Not supported
php_1 | setfacl: config/bolt/taxonomy.yaml: Not supported
php_1 | setfacl: config/bundles.php: Not supported
php_1 | setfacl: config/checkpoint.txt: Not supported
php_1 | setfacl: config/extensions: Not supported

and the php container fails to start.

I think these errors are caused by the setfacl calls on these lines in docker/php/docker-entrypoint.sh

setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX config public/files public/theme public/thumbs var
setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX config public/files public/theme public/thumbs var

Simple workaround could be commenting those lines when using osx as a host, although that might lead to other issues down the road.

[tilllt]

as far as i could see there should be OSX specific commands to set the ACL's since setfacl does not exist, in OSX (unlike Linux) ACL's seem to be set using "chmod".
https://ss64.com/osx/chmod.html

Access Control List (ACL) Management
Some UNIX-based and UNIX-like operating systems provide setfacl, chacl, or acledit/aclget/aclput for setting file and directory ACLs. OS X does not. Instead, OS X provides file ACL modification through the chmod command. Regrettably, there is no standardized syntax for getting and setting ACLs on the command line (nor even a standard set of supported rights across operating systems). Currently, the only way to portably handle ACLs is to avoid them entirely or to require your users to write an OS-specific plug-in. If you must use ACLs in a cross-platform script, you must special-case the code on a per-OS basis. The easiest way to do this is to use the output of the uname command. (See the uname manual page for more information.)

https://developer.apple.com/library/archive/documentation/OpenSource/Conceptual/ShellScripting/PortingScriptstoMacOSX/PortingScriptstoMacOSX.html

[simongroenewolt]

Hmm, that's not very good news. But even if a specific osx command would be a solution, the problem with the current setfacl commands would persist, as it is run from the container and not from the host.
Unfortunately when searching I've not found a good way to check for the support for setfacl on a filesystem. (Because in that case it could just check and skip the commands issuing a warning to the user)

[tilllt]

I think the equivalent OSX command for the user "www-data" (first line) would be something along:
chmod -R +a "www-data allow read,write,execute" config public/files public/theme public/thumbs var

cant check, not using OSX anymore

I mean IF this is causing problems, it should be entirely possible to set the MacOS ACL's manually (or from a script) from the terminal, or not?

[tilllt]

... but then again, i am always confused about user mapping from container to host, dont know how this is handled on OSX vs Linux.