The tools are written in C++ and are compiled using CMake with an ios specific toolchain targetting the correct platform sdk.
One of the parts of this toolkit is the dynamic loading of language specific dylibs via dlopen.
I have seen that this can only be done if the dylib has been signed with the same certificate as the application.
Note that we are still using "free" developer certificates generated automatically by XCode.
When I run the test application, at the point where the dylib should be loaded via dlopen, the load fails and dlerror returns the following :
However, when I check the code signature with :dlopen(<path to dylib>, 0x0001): code signature invalid (errno=1) sliceOffset=0x00000000, codeBlobOffset=0x0205D0F0, codeBlobSize=0x000453B0 for '<path to dylib>'
codesign -d --verbose=2 --extract-certificates <path>
I get the same certificate output from both the application bundle and the dylib in question.
For example :
Now, when I run the command :Identifier=libnormaliser_fr
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=265332 flags=0x0(none) hashes=8286+2 location=embedded
Signature size=4755
Authority=Apple Development: <our apple id>
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=4 Jan 2021 at 09:27:14
Info.plist=not bound
TeamIdentifier=<our team id>
Sealed Resources=none
Internal requirements count=1 size=192
it outputs :codesign --verify --deep --verbose=2
I am testing on an iPad with iOS version 14.0.1, by the way../libxxx.dylib: valid on disk
./libxxx.dylib: satisfies its Designated Requirement
So, something is still missing, but what ?
Can anyone help me with this please ?