Change Details

Hi Everyone, I'm working on OS X 10.12. It has System Integrity Protection (SIP). SIP sanitizes the environment for programs within the SIP boundary, like `/bin/sh` and `/usr/bin/env`. That means if you set `DYLD_LIBRARY_PATH` and then call a script with a shebang of `#!/bin/sh` (`/bin/sh` is within the SIP boundary), then `DYLD_LIBRARY_PATH` will be stripped. It looks like SIP is causing one self test failure: ``` PASS: pkcs1v2 dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib Referenced from: /Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random Reason: image not found random: running '/Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random --in-recursion --early-rng-check' failed FAIL: random ``` In the above message, there is no `/usr/local/lib/libgcrypt.20.dylib` because it is currently being tested. There are two in the build directory, but `DYLD_LIBRARY_PATH` has been scrubbed. ``` $ find . -name 'libgcrypt*.dylib' ./libgcrypt-1.8.5/src/.libs/libgcrypt.20.dylib ./libgcrypt-1.8.5/src/.libs/libgcrypt.dylib ``` The fix is to set `DYLD_LIBRARY_PATH` inside the last script. Whatever script runs `tests/.libs/random` is the one that should set `DYLD_LIBRARY_PATH`. Since `<my home directory>/.../libgcrypt-1.8.5/src/.libs.` is _not_ within the SIP security boundary, `DYLD_LIBRARY_PATH` will persist. ----- ``` $ system_profiler SPSoftwareDataType Software: System Software Overview: System Version: macOS 10.12.6 (16G2136) Kernel Version: Darwin 16.7.0 Boot Volume: MacintoshHD Boot Mode: Normal Computer Name: Mac-mini User Name: Jeffrey Walton (jwalton) Secure Virtual Memory: Enabled System Integrity Protection: Enabled Time since boot: 29 days 9 minutes ``` Also see questions like [[https://apple.stackexchange.com/q/286315 | System Integrity Protection breaks DYLD_LIBRARY_PATH for python scripts]].

Hi Everyone, I'm working on OS X 10.12. It has System Integrity Protection (SIP). SIP sanitizes the environment for programs within the SIP boundary, like `/bin/sh` and `/usr/bin/env`. That means if you set `DYLD_LIBRARY_PATH` and then call a script with a shebang of `#!/bin/sh` (`/bin/sh` is within the SIP boundary), then `DYLD_LIBRARY_PATH` will be stripped. It looks like SIP is causing one self test failure: ``` PASS: pkcs1v2 dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib Referenced from: /Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random Reason: image not found random: running '/Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random --in-recursion --early-rng-check' failed FAIL: random ``` In the above message, there is no `/usr/local/lib/libgcrypt.20.dylib` because it is currently being tested. There are two in the build directory, but `DYLD_LIBRARY_PATH` has been scrubbed. ``` $ find . -name 'libgcrypt*.dylib' ./libgcrypt-1.8.5/src/.libs/libgcrypt.20.dylib ./libgcrypt-1.8.5/src/.libs/libgcrypt.dylib ``` The fix is to set `DYLD_LIBRARY_PATH` inside the last script. Whatever script runs `tests/.libs/random` is the one that should set `DYLD_LIBRARY_PATH`. Since `<my home directory>/...` is _not_ within the SIP security boundary, `DYLD_LIBRARY_PATH` will persist. ----- ``` $ system_profiler SPSoftwareDataType Software: System Software Overview: System Version: macOS 10.12.6 (16G2136) Kernel Version: Darwin 16.7.0 Boot Volume: MacintoshHD Boot Mode: Normal Computer Name: Mac-mini User Name: Jeffrey Walton (jwalton) Secure Virtual Memory: Enabled System Integrity Protection: Enabled Time since boot: 29 days 9 minutes ``` Also see questions like [[https://apple.stackexchange.com/q/286315 | System Integrity Protection breaks DYLD_LIBRARY_PATH for python scripts]].

Hi Everyone, I'm working on OS X 10.12. It has System Integrity Protection (SIP). SIP sanitizes the environment for programs within the SIP boundary, like `/bin/sh` and `/usr/bin/env`. That means if you set `DYLD_LIBRARY_PATH` and then call a script with a shebang of `#!/bin/sh` (`/bin/sh` is within the SIP boundary), then `DYLD_LIBRARY_PATH` will be stripped. It looks like SIP is causing one self test failure: ``` PASS: pkcs1v2 dyld: Library not loaded: /usr/local/lib/libgcrypt.20.dylib Referenced from: /Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random Reason: image not found random: running '/Users/jwalton/Build-Scripts/libgcrypt-1.8.5/tests/.libs/random --in-recursion --early-rng-check' failed FAIL: random ``` In the above message, there is no `/usr/local/lib/libgcrypt.20.dylib` because it is currently being tested. There are two in the build directory, but `DYLD_LIBRARY_PATH` has been scrubbed. ``` $ find . -name 'libgcrypt*.dylib' ./libgcrypt-1.8.5/src/.libs/libgcrypt.20.dylib ./libgcrypt-1.8.5/src/.libs/libgcrypt.dylib ``` The fix is to set `DYLD_LIBRARY_PATH` inside the last script. Whatever script runs `tests/.libs/random` is the one that should set `DYLD_LIBRARY_PATH`. Since `<my home directory>/.../libgcrypt-1.8.5/src/.libs.` is _not_ within the SIP security boundary, `DYLD_LIBRARY_PATH` will persist. ----- ``` $ system_profiler SPSoftwareDataType Software: System Software Overview: System Version: macOS 10.12.6 (16G2136) Kernel Version: Darwin 16.7.0 Boot Volume: MacintoshHD Boot Mode: Normal Computer Name: Mac-mini User Name: Jeffrey Walton (jwalton) Secure Virtual Memory: Enabled System Integrity Protection: Enabled Time since boot: 29 days 9 minutes ``` Also see questions like [[https://apple.stackexchange.com/q/286315 | System Integrity Protection breaks DYLD_LIBRARY_PATH for python scripts]].