Hi Everyone,

I'm working on OS X 10.12. I'm build libgcrypt 1.8.5 from the release tarball.

OS X 10.12 has System Integrity Protection (SIP). SIP sanitizes the environment for programs within the SIP boundary, like /bin/sh and /usr/bin/env. That means if you set DYLD_LIBRARY_PATH and then call a script with a shebang of #!/bin/sh (/bin/sh is within the SIP boundary), then DYLD_LIBRARY_PATH will be stripped.

It looks like SIP is causing one self test failure:

PASS: pkcs1v2
dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib
  Referenced from: /Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random
  Reason: image not found
random: running '/Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random --in-recursion --early-rng-check' failed
FAIL: random

In the above message, there is no /usr/local/lib/libgcrypt.20.dylib because it is currently being tested. There are two in the build directory, but DYLD_LIBRARY_PATH has been scrubbed.

$ find . -name 'libgcrypt*.dylib'
./libgcrypt-1.8.5/src/.libs/libgcrypt.20.dylib
./libgcrypt-1.8.5/src/.libs/libgcrypt.dylib

The fix is to set DYLD_LIBRARY_PATH inside the last script. Whatever script runs tests/.libs/random is the one that should set DYLD_LIBRARY_PATH. Since <my home directory>/... is _not_ within the SIP security boundary, DYLD_LIBRARY_PATH will persist.

$ system_profiler SPSoftwareDataType
Software:

    System Software Overview:

      System Version: macOS 10.12.6 (16G2136)
      Kernel Version: Darwin 16.7.0
      Boot Volume: MacintoshHD
      Boot Mode: Normal
      Computer Name: Mac-mini
      User Name: Jeffrey Walton (jwalton)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 29 days 9 minutes

Also see questions like System Integrity Protection breaks DYLD_LIBRARY_PATH for python scripts.