Cannot load unsigned dylibs on macOS with dart:ffi or native extensions

Now that the Dart SDK is signed (i.e. dart is signed), we don’t seem to be able to load unsigned dylibs anymore:

Unhandled exception:
Invalid argument(s): Failed to load dynamic library (dlopen(osdialog.dylib, 1): no suitable image found.  Did find:
	osdialog.dylib: code signature in (osdialog.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.)
#0      _open (dart:ffi-patch/ffi_dynamic_library_patch.dart:10:55)
#1      new DynamicLibrary.open (dart:ffi-patch/ffi_dynamic_library_patch.dart:17:12)
#2      main (file:///Users/mit/dev/playground/dart/ffi/osdialog/os.dart:11:36)
#3      _startIsolate.<anonymous closure> (dart:isolate-patch/isolate_patch.dart:305:19)
#4      _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:172:12)
| ~/dev/playground/dart/ffi/osdialog @ mit-macbookpro3 (mit)

Author: Fantashit

4 thoughts on “Cannot load unsigned dylibs on macOS with dart:ffi or native extensions

  1. If macOS, can you try the following workaround:

    1. Make sure you have the codesign tool in your terminal
    2. Locate the main dart binary
    3. Run codesign --remove-signature <path to dart binary>
    4. Run tests again

    You might want to take a backup copy of the dart command first, or re-install dart when done.

  2. @mkustermann Signing the shared libraries just causes dlopen to complain that the team IDs don’t match.

    Library Validation: mapping process and mapped file (non-platform) have different Team IDs)
    

    (and a similar error if you sign without a Team ID).

    Given that FFI is now a stable feature of Dart, I think the fact that there are unsigned SDKs available (and why they’re needed) should be as front-and-center as possible.

  3. We’re in control of the Entitlements.plist used to sign the Dart SDK executables (assuming potential security implications have been considered). Since we’re using internal signing infrastructure, this file is not in the open source repo so I bumped an earlier internal email thread on this topic with the necessary information.

Comments are closed.