Page MenuHome GnuPG

OS X 10.12 and dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib
Open, NormalPublic

Description

Hi Everyone,

I'm working on OS X 10.12. I'm build libgcrypt 1.8.5 from the release tarball.

OS X 10.12 has System Integrity Protection (SIP). SIP sanitizes the environment for programs within the SIP boundary, like /bin/sh and /usr/bin/env. That means if you set DYLD_LIBRARY_PATH and then call a script with a shebang of #!/bin/sh (/bin/sh is within the SIP boundary), then DYLD_LIBRARY_PATH will be stripped.

It looks like SIP is causing one self test failure:

PASS: pkcs1v2
dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib
  Referenced from: /Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random
  Reason: image not found
random: running '/Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random --in-recursion --early-rng-check' failed
FAIL: random

In the above message, there is no /usr/local/lib/libgcrypt.20.dylib because it is currently being tested. There are two in the build directory, but DYLD_LIBRARY_PATH has been scrubbed.

$ find . -name 'libgcrypt*.dylib'
./libgcrypt-1.8.5/src/.libs/libgcrypt.20.dylib
./libgcrypt-1.8.5/src/.libs/libgcrypt.dylib

The fix is to set DYLD_LIBRARY_PATH inside the last script. Whatever script runs tests/.libs/random is the one that should set DYLD_LIBRARY_PATH. Since <my home directory>/... is _not_ within the SIP security boundary, DYLD_LIBRARY_PATH will persist.


$ system_profiler SPSoftwareDataType
Software:

    System Software Overview:

      System Version: macOS 10.12.6 (16G2136)
      Kernel Version: Darwin 16.7.0
      Boot Volume: MacintoshHD
      Boot Mode: Normal
      Computer Name: Mac-mini
      User Name: Jeffrey Walton (jwalton)
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 29 days 9 minutes

Also see questions like System Integrity Protection breaks DYLD_LIBRARY_PATH for python scripts.

Details

Version
1.8.5

Event Timeline

JW updated the task description. (Show Details)
JW updated the task description. (Show Details)
JW updated the task description. (Show Details)
werner triaged this task as Normal priority.Apr 1 2020, 8:53 PM
werner added a project: MacOS.

IIUC, with libgcrypt in LIBGCRYPT-1.8-BRANCH (not yet released) and libgcrypt 1.9.3, the build process works well (the problem with SIP has been handled).

Could you please report back, if it's not the case?