search

WiseLibs / better-sqlite3

The fastest and simplest library for SQLite3 in Node.js.
MIT License
5.44k stars 395 forks source link

[Bug]: Report dlopen error after codesign and notarize #1110

Closed coolswitch closed 6 months ago

coolswitch commented 10 months ago

Platform and Version

Mac OS 13.6.1 (22G313) - arm64

xcode: v14.3

better-sqlite3: v8.7.0

electron: v23.3.10

node: v18.12.1

electron/rebuild: v3.3.1

Project Configuration

package.json

  "scripts": {
    "rebuild": "electron-rebuild -f -w better-sqlite3"
  },
  "resolutions": {
    "**/node-abi": "^3.45.0"
  },

codesign use electron-osx-sign, notarize use xcrun notarytool.

.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
   <dict>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.device.audio-input</key>
    <true/>
    <key>com.apple.security.device.camera</key>
    <true/>
    <key>com.apple.security.personal-information.location</key>
    <true/>
    <key>com.apple.security.personal-information.photos-library</key>
    <true/>
    <key>com.apple.security.automation.apple-events</key>
    <true/>
  </dict>
</plist>

Actual Behavior

This error is reported After package with codesign and notarize (before i use sqlite3 everything was fine):

dlopen(/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr, 0x0001): 
  tried: '/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
    (code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F> 
        '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
            not valid for use in process: 
            mapped file has no cdhash, 
            completely unsigned? 
            Code has to be at least ad-hoc signed.
    ), 
  '/System/Volumes/Preboot/Cryptexes/OS/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
    (no such file), 
  '/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
    (code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F> 
        '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
            not valid for use in process: 
            mapped file has no cdhash, completely unsigned? 
            Code has to be at least ad-hoc signed.
    ), 
  '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr'
    (code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F> 
        '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
            not valid for use in process: 
            mapped file has no cdhash, 
            completely unsigned? 
            Code has to be at least ad-hoc signed.
    ),
  '/System/Volumes/Preboot/Cryptexes/OS/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
    (no such file), 
  '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
    (code signature in <759507C3-C1E3-35DA-8818-7DC6E12E0E7F> 
        '/private/var/folders/ml/g74vfb4n091018f8kwg96q5h0000gn/T/.com.qmp.one.mac.IqpPdr' 
        not valid for use in process: 
        mapped file has no cdhash, 
        completely unsigned? 
        Code has to be at least ad-hoc signed.
    )
    at process.func [as dlopen] (node:electron/js2c/asar_bundle:2:1822)
    at Module._extensions..node (node:internal/modules/cjs/loader:1259:18)
    at Object.func [as .node] (node:electron/js2c/asar_bundle:2:2049)
    at Module.load (node:internal/modules/cjs/loader:1044:32)
    at Module._load (node:internal/modules/cjs/loader:885:12)
    at f._load (node:electron/js2c/asar_bundle:2:13330)
    at Module.require (node:internal/modules/cjs/loader:1068:19)
    at require (node:internal/modules/cjs/helpers:103:18)
    at bindings (/Users/abc/Work/project/out/MyApp-darwin-x64/MyApp.app/Contents/Resources/app.asar/node_modules/bindings/bindings.js:112:48)
    at new Database (/Users/abc/Work/project/out/MyApp-darwin-x64/MyApp.app/Contents/Resources/app.asar/node_modules/better-sqlite3/lib/database.js:48:64) {
  code: 'ERR_DLOPEN_FAILED'
}

Did i do something wrong or miss something?

How i fix it

neoxpert commented 10 months ago

Afaik it might be required to unpack the native modules before handing everything over to the notarize service. How to configure this depends on the tools you are using for packaging / notarizing.

coolswitch commented 9 months ago

Signing the .node file separately after rebuild solved my problem.

Thanks!