Sierra, SIP, and Lib folder during debug

Hi Gang,

In addition to the problems with the IDE and plugins due to the com.apple.quarantine EA we previously discussed, is it possible that something similar could be happening to apps being run under the debugger on Sierra? If I completely disable SIP from the recovery partition, my debug run is predictable and successful. However, that same code on the same machine with SIP enabled results in all sort of issue that I just can’t find an answer for.

OS X 10.12.0 & 10.12.1b4
Xojo 16r3

What sort of issues do you have when debugging?

Functions missing (function not found exceptions), failures reading my on device definition files, other things that can come up due to apparent translocation of the debugged app.

Plugins in your debug app are inside the bundle, so a relocation won’t matter.
But only apps from Internet are flagged by GateKeeper.

Yikes, translocation shouldn’t be kicking in for applications created via the debugger, it’s possible that for some reason the debugged application is being tagged with Quarantine, but I don’t know if it would create these issues.

Is there anything logged in the console?

If all else fails, you might want to consider reverting back to El Cap. I’ve seen a couple of other developers (who use Obj-C/Swift) revert back due to issues with Sierra. I’m starting to get the feeling that not even Apple use Sierra for development.

Wow, now Apple users are downgrading upgrading to a more familiar experience.
Come full circle, have we? :confused:

You might try to partially disable SIP for the filesystem integrity. This is actually unsupported, but works on macOS Sierra.
After booting in recovery mode:

csrutil enable --without fs

Additionally you can enable again the option to disable GateKeeper (which is unavailable by default in Sierra):

sudo spctl --master-disable

[quote=292523:@Christian Schmitz]Plugins in your debug app are inside the bundle, so a relocation won’t matter.
But only apps from Internet are flagged by GateKeeper.[/quote]
Then I’ve definitely got something else going on. I’m going to do another fresh installation onto a fresh out of the wrapper drive and NOT install 12.1b4.

[quote=292560:@Tim Parnell]Wow, now Apple users are downgrading upgrading to a more familiar experience.
Come full circle, have we? :/[/quote]
I wish I could “upgrade” back to 10.4.11 :).

@Massimo Valle - unfortunately, our customers are buying brand new Macs and 10.11 is not an option, so I have to sort out the issues that Sierra has created for us and disabling SIP is not an option for the major percentage of them.

Tim, I understand your application need to work on freshly installed macOS Sierra. My suggestion was just to determine if it’ something related to thr filesystem and/or GateKeeper.

You must have missed my opener - If I disable SIP, everything works :slight_smile: . Doesn’t seem to have any relationship to Gatekeeper status. since I even have a Build Automation codesign step for my debug builds.

I didn’t miss your initial request. Was just trying to restrict disabling the SIP for filesystem stuff ONLY to restrict the field of investigation. For what it worth…

New thought that I’m chasing - I copy 4 folders into the bundle as the last part of the build automation before the codesign step. Maybe that’s where this is coming from. I was able to narrow down the function not found error to one of my dylib files that are added as part of that step.

Ahh… so the dylibs are added into the application bundle via a build script or build step?

I wonder if some of the dylibs have quarantine enabled and SIP is then blocking the application from loading them?

You could try using the xattr terminal command to remove all meta data of the dylibs, then copy them in, code sign and run.

Since things run okay in the built app, I’ve just decided to turn off SIP on my dev machine since I wasted almost 4 days tracking this. I wish I could send an invoice to Apple…