5 Replies
      Latest reply on Jun 14, 2019 6:50 AM by mixage
      ThomasT Level 1 Level 1 (0 points)



        Unless I add the com.apple.security.cs.disable-library-validation entitlement, my application won't run with the hardened runtime. When I try to run it, one of the dynamic libraries fails to load, because it was blocked by code signing. Here is the message I get:


        dyld: Library not loaded: @executable_path/../Frameworks/libsndfile.1.dylib
          Referenced from: /xxx/./TwistedWave.app/Contents/MacOS/TwistedWave
          Reason: no suitable image found.  Did find:
            /xxx/./TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib: code signing blocked mmap() of '/xxx/./TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib'
            /xxx/./TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib: stat() failed with errno=1
            /xxx/TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib: code signing blocked mmap() of '/xxx/TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib'
            /xxx/TwistedWave.app/Contents/MacOS/../Frameworks/libsndfile.1.dylib: stat() failed with errno=1


        The application is signed, and I have verified that this particular library was signed:


        $ codesign -v -v TwistedWave.app/Contents/Frameworks/libsndfile.1.dylib
        TwistedWave.app/Contents/Frameworks/libsndfile.1.dylib: valid on disk
        TwistedWave.app/Contents/Frameworks/libsndfile.1.dylib: satisfies its Designated Requirement


        What is happening, and what should I do about it?


        I was able to get the application notarized with the com.apple.security.cs.disable-library-validation entitlement.




        • Re: Library fails to load with hardened runtime
          eskimo Apple Staff Apple Staff (11,415 points)

          What’s the deployment target for that library?  You can determine this with the following command:

          $ otool -l /path/to/your.dylib | grep -B 1 -A 3 LC_VERSION_MIN
          Load command 9
               cmd LC_VERSION_MIN_MACOSX
           cmdsize 16
           version 10.11
               sdk 10.14

          The hardened runtime requires library validation, which in turn only works for 10.9 and later.  I’ve seen problems like this where the library contains no deployment target info, and things go badly from there.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"