Problem install extensions into SQLite Browser

[cbitterfield]

Version: (MacM1, osx 13.2) DB Browser for SQLite Version 3.12.2 Built for arm64-little_endian-lp64, running on arm64 Qt Version 5.15.6 SQLCipher Version 4.5.1 community (based on SQLite)

select load_extension('/usr/local/lib/sqlean/stats'); select median(value) from generate_series(1, 99);

Results in: Execution finished with errors.

Result: dlopen(/usr/local/lib/sqlean/stats.dylib, 0x000A): tried: '/usr/local/lib/sqlean/stats.dylib' (code signature in <9D31DCA1-36E5-34B2-9FF0-BE51FE7B72E7> '/usr/local/lib/sqlean/stats.dylib' not valid for use in process: mapped file has no Team ID and is not a platform binary (signed with custom identity or adhoc?)), '/System/ At line 1: select load_extension('/usr/local/lib/sqlean/stats');

Works from Command line: sqlite> .load /usr/local/lib/sqlean/stats.dylib sqlite> select median(value) from generate_series(1, 99); 50.0 sqlite> Even adding it the OSX Application folder produced the same results: Execution finished with errors. Result: dlopen(/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib, 0x000A): tried: '/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib' (code signature in <9D31DCA1-36E5-34B2-9FF0-BE51FE7B72E7> '/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib' not valid for use in process: mapped file has no Team At line 1: select load_extension('/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats');

PS: I am sure the issue is related to M1 Codesigning

codesign -dv -r- stats.dylib 
Executable=/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib
Identifier=stats.dylib
Format=Mach-O thin (arm64)
CodeDirectory v=20400 size=516 flags=0x20002(adhoc,linker-signed) hashes=13+0 location=embedded
Signature=adhoc
Info.plist=not bound
TeamIdentifier=not set
Sealed Resources=none
# designated => cdhash H"0fd9e8853f07bf426f3388a50c006ec45e588684"

The TeamIdentifier seems to be the issue

https://wiki.lazarus.freepascal.org/Code_Signing_for_macOS

[nalgeon]

Have you tried removing the extension binary from the quarantine?

xattr -d com.apple.quarantine "/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib"

[cbitterfield]

I saw that and removed that file and replaced with a new one.

——————————————————— Colin A. Bitterfield Mailto: @.*** Mobile: (571) 533-4700 ———————————————————

On Apr 2, 2023 at 1:31 PM -0700, Anton Zhiyanov @.***>, wrote:

Have you tried removing the extension binary from the quarantine? xattr -d com.apple.quarantine "/Applications/DB Browser for SQLite.app/Contents/PlugIns/sqlean/stats.dylib" — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[nalgeon]

Sorry, I don't see how that answers my question 🤔

[nalgeon]

I'm going to close the issue as I haven't received an answer. Let me know when you are ready to resume the conversation.

[cbitterfield]

I removed the quarantine and tried to call apple

The issue seems to be related to being opened from within an application

I tried moving the db browser app to user/applications no change

Using spxtl —access it shows the library as rejected

——————————————————— Colin A. Bitterfield Mailto: @.*** Mobile: (571) 533-4700 ———————————————————

On Apr 5, 2023 at 1:11 AM -0400, Anton Zhiyanov @.***>, wrote:

I'm going to close the issue as I haven't received an answer. Let me know when you are ready to resume the conversation. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[nalgeon]

Did you run the exact command I wrote earlier? What was the output?

[cbitterfield]

Anton,

Good Morning

Yes, I did.

The issue is related to the download “APP” from "https://sqlitebrowser.org/“. The application is set for “Hardened Runtime” meaning it will not load libraries that are not fully signed with a Team ID. (Adhoc signing is not enough).

Loading the same application in MacPorts works as expected. I would assume the Brew install would be the same. This might be worthy of a note on the site.

Also; you might want to contact the above sight about including a set of “hardened” libraries as an option.

I went three rounds with Apple Developer and Apple support plus two days of research. Going forward; you probably need a section on adhoc signing for M1 platforms. I did not need to sign the libraries for the MacPorts version to work.

Also; you might want to add a Makefile entry for Mac-M1 and Mac-Intel (Most people don’t associate M1/Silicon as ARM).

I hope this helps.

I think you libraries are really useful and cool. Perhaps you can get them implemented via MacPorts.

——————————————————— Colin A. Bitterfield Mailto: @.*** Mobile: (571) 533-4700 ———————————————————

On Apr 5, 2023 at 10:33 AM -0400, Anton Zhiyanov @.***>, wrote:

Did you run the exact command I wrote earlier? What was the output? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[nalgeon]

Oh, I see. Thanks for the detailed explanation! I'll investigate further.

[cbitterfield]

I requested the SQLiteBrowser people add your libraries in their build. They thought it was a good idea.

——————————————————— Colin A. Bitterfield Mailto: @.*** Mobile: (571) 533-4700 ———————————————————

On Apr 5, 2023 at 11:31 AM -0400, Anton Zhiyanov @.***>, wrote:

Oh, I see. Thanks for the detailed explanation! I'll investigate further. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[nalgeon]

Thank you very much! I haven't looked into the issue yet, but I'll come back when I have new information.