Problems with PyBind11

I'm using PyBind11 to allow use of Python code within my C++ application. The application links successfully, but on the py::module::import below:

LOGICAL WebServer::
CheckForPort()
{
    EPython::Prepare();
    auto socket = py::module::import("socket");
    auto s = socket.attr("socket")(socket.attr("AF_INET"),socket.attr("SOCK_STREAM"));
    if (s == Py_None)
        return L_TRUE;
    auto rc = s.attr("connect_ex")("localhost",8810);
    //
    //  Returns zero if port in in use
    //
    return (rc.cast<int>() == 0);
}

I get a run-time error

libc++abi: terminating due to uncaught exception of type pybind11::error_already_set: ImportError: dlopen(/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so, 0x0002): tried: '/Users/Shared/Develop/IntelApps/WinTD 5/DerivedData/WinTDOSX/Build/Products/Debug/math.cpython-311-darwin.so' (no such file), '/usr/lib/system/introspection/math.cpython-311-darwin.so' (no such file, not in dyld cache), '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' (code signature in <855730B8-106D-389C-BF65-36A98463EDB5> '/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/lib-dynload/math.cpython-311-darwin.so' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs),

I have no idea how to fix the code signature error---this is intended for distribution, so that presumably would be a file on the user's computer. I tried to link in the .so file, but that's a rabbit hole as there are a near endless set of further dependencies.

Answered by DTS Engineer in 807001022

This is a library validation failure. The general rule with library validation is that, if a process is running an executable with library validation turned on, it can only load libraries signed by Apple or from the same team as the main executable.

The best way to solve this depends on your specific circumstances. You wrote:

this is intended for distribution

Distribution how?

If you plan to distribute this with a full Python runtime, you would sign both this library and all of Python with your code signing identity. Then the runtime and the library would have the same Team ID, and you’re off to the races.

However, if you plan to distribute just this library and expect other folks to load it into their runtime, then the answer is gonna depend on how that runtime is signed. If it has library validation enabled, your users will either have to sign the library to match the runtime or re-sign the runtime to disable library validation.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This is a library validation failure. The general rule with library validation is that, if a process is running an executable with library validation turned on, it can only load libraries signed by Apple or from the same team as the main executable.

The best way to solve this depends on your specific circumstances. You wrote:

this is intended for distribution

Distribution how?

If you plan to distribute this with a full Python runtime, you would sign both this library and all of Python with your code signing identity. Then the runtime and the library would have the same Team ID, and you’re off to the races.

However, if you plan to distribute just this library and expect other folks to load it into their runtime, then the answer is gonna depend on how that runtime is signed. If it has library validation enabled, your users will either have to sign the library to match the runtime or re-sign the runtime to disable library validation.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Problems with PyBind11
 
 
Q