better-sqlite3
better-sqlite3 copied to clipboard
WiseLibs
[Bug]: Report dlopen error after codesign and notarize
Platform and Version
Mac OS 13.6.1 (22G313) - arm64
xcode: v14.3
better-sqlite3: v8.7.0
electron: v23.3.10
node: v18.12.1
electron/rebuild: v3.3.1
Project Configuration
package.json
"scripts": {
"rebuild": "electron-rebuild -f -w better-sqlite3"
},
"resolutions": {
"**/node-abi": "^3.45.0"
},
codesign use electron-osx-sign, notarize use xcrun notarytool.
.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.disable-library-validation</key>
<true/>
<key>com.apple.security.device.audio-input</key>
<true/>
<key>com.apple.security.device.camera</key>
<true/>
<key>com.apple.security.personal-information.location</key>
<true/>
<key>com.apple.security.personal-information.photos-library</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
</dict>
</plist>
Actual Behavior
This error is reported After package with codesign and notarize (before i use sqlite3 everything was fine):
dlopen(/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr, 0x0001):
tried: '/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F>
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
not valid for use in process:
mapped file has no cdhash,
completely unsigned?
Code has to be at least ad-hoc signed.
),
'/System/Volumes/Preboot/Cryptexes/OS/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(no such file),
'/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F>
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
not valid for use in process:
mapped file has no cdhash, completely unsigned?
Code has to be at least ad-hoc signed.
),
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F>
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
not valid for use in process:
mapped file has no cdhash,
completely unsigned?
Code has to be at least ad-hoc signed.
),
'/System/Volumes/Preboot/Cryptexes/OS/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(no such file),
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
(code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F>
'/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
not valid for use in process:
mapped file has no cdhash,
completely unsigned?
Code has to be at least ad-hoc signed.
)
at process.func [as dlopen] (node:electron/js2c/asar_bundle:2:1822)
at Module._extensions..node (node:internal/modules/cjs/loader:1259:18)
at Object.func [as .node] (node:electron/js2c/asar_bundle:2:2049)
at Module.load (node:internal/modules/cjs/loader:1044:32)
at Module._load (node:internal/modules/cjs/loader:885:12)
at f._load (node:electron/js2c/asar_bundle:2:13330)
at Module.require (node:internal/modules/cjs/loader:1068:19)
at require (node:internal/modules/cjs/helpers:103:18)
at bindings (/Users/abc/Work/project/out/MyApp-darwin-x64/MyApp.app/Contents/Resources/app.asar/node_modules/bindings/bindings.js:112:48)
at new Database (/Users/abc/Work/project/out/MyApp-darwin-x64/MyApp.app/Contents/Resources/app.asar/node_modules/better-sqlite3/lib/database.js:48:64) {
code: 'ERR_DLOPEN_FAILED'
}
Did i do something wrong or miss something?
How i fix it
Afaik it might be required to unpack the native modules before handing everything over to the notarize service. How to configure this depends on the tools you are using for packaging / notarizing.
Signing the .node file separately after rebuild solved my problem.
Thanks!