I'm using PyBind11 to allow use of Python code within my C++ application. The application links successfully, but on the py::module::import below:
LOGICAL WebServer::
CheckForPort()
{
EPython::Prepare();
auto socket = py::module::import("socket");
auto s = socket.attr("socket")(socket.attr("AF_INET"),socket.attr("SOCK_STREAM"));
if (s == Py_None)
return L_TRUE;
auto rc = s.attr("connect_ex")("localhost",8810);
//
// Returns zero if port in in use
//
return (rc.cast<int>() == 0);
}
I get a run-time error
libc++abi: terminating due to uncaught exception of type pybind11::error_already_set: ImportError: dlopen(/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so, 0x0002): tried: '/Users/Shared/Develop/IntelApps/WinTD 5/DerivedData/WinTDOSX/Build/Products/Debug/math.cpython-311-darwin.so' (no such file), '/usr/lib/system/introspection/math.cpython-311-darwin.so' (no such file, not in dyld cache), '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' (code signature in <855730B8-106D-389C-BF65-36A98463EDB5> '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs),
I have no idea how to fix the code signature error---this is intended for distribution, so that presumably would be a file on the user's computer. I tried to link in the .so file, but that's a rabbit hole as there are a near endless set of further dependencies.
This is a library validation failure. The general rule with library validation is that, if a process is running an executable with library validation turned on, it can only load libraries signed by Apple or from the same team as the main executable.
The best way to solve this depends on your specific circumstances. You wrote:
this is intended for distribution
Distribution how?
If you plan to distribute this with a full Python runtime, you would sign both this library and all of Python with your code signing identity. Then the runtime and the library would have the same Team ID, and you’re off to the races.
However, if you plan to distribute just this library and expect other folks to load it into their runtime, then the answer is gonna depend on how that runtime is signed. If it has library validation enabled, your users will either have to sign the library to match the runtime or re-sign the runtime to disable library validation.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"