search

ronaldoussoren / py2app

py2app is a Python setuptools command which will allow you to make standalone Mac OS X application bundles and plugins from Python scripts.
Other
349 stars 35 forks source link

unsafe use of @executable_path #186

Open ronaldoussoren opened 9 years ago

ronaldoussoren commented 9 years ago

Original report by Brecht Machiels (Bitbucket: brechtm, GitHub: brechtm).

I'm trying to use py2app to build an application of Zim, using Hombrew-provided Python 2.7.10 and GTK/PyGTK binaries. I get the following error when running ./dist/zim.app/Contents/MacOS/zim from the command line:

Oct 10 15:34:09  zim[21799] <Notice>: Traceback (most recent call last):
Oct 10 15:34:09  zim[21799] <Notice>:   File "/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/zim.py", line 37, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:     import zim
Oct 10 15:34:09  zim[21799] <Notice>:   File "/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/zim/__init__.py", line 186, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:     import zim.environ # initializes environment parameters
Oct 10 15:34:09  zim[21799] <Notice>:   File "/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/zim/environ.py", line 16, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:     from zim.fs import ENCODING, isdir
Oct 10 15:34:09  zim[21799] <Notice>:   File "/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/zim/fs.py", line 130, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:     from zim.signals import SignalEmitter, SIGNAL_AFTER
Oct 10 15:34:09  zim[21799] <Notice>:   File "/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/zim/signals.py", line 8, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:     import gobject
Oct 10 15:34:09  zim[21799] <Notice>:   File "gobject/__init__.pyc", line 26, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:   File "glib/__init__.pyc", line 22, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:   File "glib/_glib.pyc", line 14, in <module>
Oct 10 15:34:09  zim[21799] <Notice>:   File "glib/_glib.pyc", line 10, in __load
Oct 10 15:34:09  zim[21799] <Notice>: ImportError: dlopen(/Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/lib/python2.7/lib-dynload/glib/_glib.so, 2): Library not loaded: @executable_path/../Frameworks/libpyglib-2.0-python.0.dylib
Oct 10 15:34:09  zim[21799] <Notice>:   Referenced from: /Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/lib/python2.7/lib-dynload/glib/_glib.so
Oct 10 15:34:09  zim[21799] <Notice>:   Reason: unsafe use of @executable_path in /Users/brechtm/Documents/Code/pyzim/dist/zim.app/Contents/Resources/lib/python2.7/lib-dynload/glib/_glib.so with restricted binary

This seems to be some kind of security mechanism in OS X, but I have not been able to find much information about this particular problem.

Replacing "@executable_path/../Frameworks/libpyglib-2.0-python.0.dylib" with an absolute path seems to allow the dlopen to succeed. Also replacing it with a path based on @loader_path (@loader_path/../../../../../Frameworks/libpyglib-2.0-python.0.dylib) seems to work. Can py2app somehow use @loader_path instead of @executable_path?

I'm running pyapp 0.9 on OS X 10.11.

ronaldoussoren commented 9 years ago

Original comment by Brecht Machiels (Bitbucket: brechtm, GitHub: brechtm).

This is related and possibly useful: https://bugzilla.mozilla.org/show_bug.cgi?id=1011449

ronaldoussoren commented 3 years ago

py2app does not use @executable_path, this is something in the binary wheel used.

2fde755a903bb9f20c3095b41f1ef4088f435690 adds support for @loader_path.