2

I have created a python application that I build into a Unix executable using Pyinstaller. The application runs fine until I attempt to code sign it. After code signing, I get the following error when attempting to run the executable:

rosetta error: /var/db/oah/526469a4f4887ee6ca553807c3196c9533da7ef706c684764b83169e8658f8e2/ba3f613b849de777b4a89fdb1760c3c2343ac52546e2629e28f83fbf530a8f27/libffi.8.dylib.aot: unable to mmap __TEXT: 1

Is it possible to code sign dylib files such as this?

Steps to reproduce the error:

  1. Create conda environment with python v3.9
  2. Activate environment and conda install numpy and pyinstaller
  3. Create python script that imports numpy. Doesn't matter what the python script does, can just be one line as long as it imports numpy.
  4. Use pyinstaller to build a distribution for the python file, with code signing like so:
pyinstaller -y --clean --codesign-identity='<apple-id>' --osx-entitlements-file='<path-to-entitlements.plist-file>' <name-of-python-script>
  1. Run the Unix executable that is produced inside the dist folder.
Michael Pesce
  • 21
  • 3
  • Same command you use for signing anything else (`codesign -f -s - your.dylib` if self-signing, modify appropriately if you have a "real" certificate). I assume you tried it and it failed, though? – Charles Duffy Sep 19 '22 at 20:23
  • I am able to code sign the file, but I receive the rosetta error when trying to run the app after code signing. – Michael Pesce Sep 19 '22 at 20:24
  • Could you provide steps sufficient to let someone else reproduce that error? – Charles Duffy Sep 19 '22 at 20:24
  • btw, you might want to check the system logs -- when the OS kills something due to a signature failure there's a message with relevant details. – Charles Duffy Sep 19 '22 at 20:25
  • Sure, I will modify the question and add the steps that lead to this error – Michael Pesce Sep 19 '22 at 20:27
  • (it's apparently been enough days since I last fixed a code signing bug that I don't have an example in dmesg anymore, but it roughly is of the form `kernel: CODE SIGNING: cs_invalid_page(..`, at least if something has a signature but has changed since it was made) – Charles Duffy Sep 19 '22 at 20:29
  • it's also worth checking `codesign --verify`, and comparing `codesign --display` between the Python executable and the library it's trying and failing to load) – Charles Duffy Sep 19 '22 at 20:31
  • Okay I tried running codesign --verify and codesign --display. Verify had no output for either file, and display outputted "Executable=". Is this the expected output? – Michael Pesce Sep 19 '22 at 20:44
  • I have updated the question with the steps to reproduce the issue – Michael Pesce Sep 19 '22 at 21:00

0 Answers0