个人中心
gpt4 book ai didi

How to code sign "libffi.8.dylib" on MacOS?(如何在MacOS上编码签名“libffi.8.dylib”?)

转载 作者:bug小助手 更新时间:2023-10-28 09:48:40 27 4
gpt4 key购买 nike



I have created a python application that I build into a Unix executable using Pyinstaller. The application runs fine until I attempt to code sign it. After code signing, I get the following error when attempting to run the executable:

我已经创建了一个Python应用程序,并使用Pyinstaller将其构建到Unix可执行文件中。在我尝试对应用程序进行代码签名之前,应用程序运行得很好。在代码签名之后,我在尝试运行可执行文件时收到以下错误:



rosetta error: /var/db/oah/526469a4f4887ee6ca553807c3196c9533da7ef706c684764b83169e8658f8e2/ba3f613b849de777b4a89fdb1760c3c2343ac52546e2629e28f83fbf530a8f27/libffi.8.dylib.aot: unable to mmap __TEXT: 1



Is it possible to code sign dylib files such as this?

有可能对这样的dylib文件进行编码签名吗?


Steps to reproduce the error:

重现错误的步骤:



  1. Create conda environment with python v3.9

  2. Activate environment and conda install numpy and pyinstaller

  3. Create python script that imports numpy. Doesn't matter what the python script does, can just be one line as long as it imports numpy.

  4. Use pyinstaller to build a distribution for the python file, with code signing like so:


pyinstaller -y --clean --codesign-identity='<apple-id>' --osx-entitlements-file='<path-to-entitlements.plist-file>' <name-of-python-script>


  1. Run the Unix executable that is produced inside the dist folder.


更多回答

Same command you use for signing anything else (codesign -f -s - your.dylib if self-signing, modify appropriately if you have a "real" certificate). I assume you tried it and it failed, though?

与您用来签署任何其他内容的命令相同(如果是自签名,则使用CoDesign-f-S-Your.dylib命令;如果您拥有“真正的”证书,则进行适当的修改)。我猜你试过了,但失败了?

I am able to code sign the file, but I receive the rosetta error when trying to run the app after code signing.

我可以对文件进行代码签名,但在代码签名后尝试运行应用程序时收到Rosetta错误。

Could you provide steps sufficient to let someone else reproduce that error?

你能提供足够的步骤让别人重现这个错误吗?

btw, you might want to check the system logs -- when the OS kills something due to a signature failure there's a message with relevant details.

顺便说一句,您可能想要检查系统日志--当操作系统由于签名失败而终止某些东西时,会有一条相关详细信息的消息。

Sure, I will modify the question and add the steps that lead to this error

当然,我会修改问题并添加导致此错误的步骤

优秀答案推荐

While I can't answer definitively, I think I have a solid guess.

虽然我不能肯定地回答,但我想我有一个可靠的猜测。


The error you're encountering is likely due to the fact that the dynamic library (dylib) file libffi.8.dylib is not being properly signed during the PyInstaller build process.

您遇到的错误很可能是因为动态库(Dylib)文件libffi.8.dylib在PyInstaller构建过程中没有正确签名。


If this is the case, here are the steps to manually sign the dylib file:

如果是这种情况,以下是手动签署dylib文件的步骤:



  1. First, locate the libffi.8.dylib file in your PyInstaller bundle. It should be in the dist/<your-app-name>/ directory.



  2. Use the codesign command to sign the dylib file. Replace <apple-id> with your Apple Developer ID and <path-to-libffi> with the path to the libffi.8.dylib file:




codesign --force --verify --verbose --sign "<apple-id>" "<path-to-libffi>"


  1. Verify that the dylib file is properly signed:


codesign --verify --verbose "<path-to-libffi>"


  1. Now, rebuild your PyInstaller bundle with the same command you used before. The libffi.8.dylib file should now be properly signed and the error should be resolved.


If you're still encountering the error, it's possible that there are other dylib files that also need to be signed. You can use the otool command to check for any unsigned dependencies:

如果您仍然遇到该错误,则可能还有其他dylib文件也需要签名。您可以使用oTool命令检查任何未签名的依赖项:


otool -L <path-to-your-executable>

This will list all the dylib files that your executable depends on. You can then manually sign these files using the codesign command as described above.

这将列出您的可执行文件所依赖的所有dylib文件。然后,您可以如上所述使用CoDesign命令手动签署这些文件。


If this is not the case, please let me know. But I hope this solves your issue.

如果不是这样,请让我知道。但我希望这能解决你的问题。


更多回答

I think the problem is not really the signing, but that the signing is not working correctly. I can codesign the file, but after I do it, the app breaks. It seems to be related to conda as you can read here

我认为问题不在于签名,而是签名工作不正常。我可以共同设计文件,但在我这样做之后,应用程序就崩溃了。它似乎与康达有关,你可以在这里阅读

@gernophil I didn't see your comment on the answer prior to posting. However, given the question and information provided in it, as stated, this is a likely solution. From the perspective of this site, I think we should update the question before I would remove this answer. Or, I can create a multi-part solution based off our continued efforts. Will dig deeper on what you linked both here and above. To confirm, you've attempted manually signing the dependencies as I described? Or are positive it's not a solution without attempting it?

@gernophil我在发帖之前没有看到你对答案的评论。然而,鉴于其中提供的问题和信息,如上所述,这是一个可能的解决方案。从这个网站的角度来看,我认为在我删除这个答案之前,我们应该更新这个问题。或者,我可以根据我们的持续努力创建一个由多个部分组成的解决方案。将更深入地挖掘您在此处和上面链接的内容。为了确认,您是否已尝试按照我所描述的那样手动签署依赖项?或者肯定不尝试就不能解决问题?

I did a little different. So the problem is, according to the notarytools, all files are correctly signed. Also I am not the one that asked the question, but for me all files that are not correctly singed after the first notarytool I resign with for i in "${files[@]}"; do codesign -s XXX --force --all-architectures --timestamp --options=runtime --deep --verbose=4 "$i" done. I'll make an answer later, but I am still testing.

我做了一点不同的事。所以问题是,根据公证工具,所有文件都得到了正确的签名。我也不是那个问这个问题的人,但对我来说,在我为I在“${files[@]}”中辞职的第一个公证工具之后,所有没有正确签名的文件;做协同设计-S XXX--FORCE--所有架构--时间戳--选项=运行时--深度--详细=4“$I”完成。我稍后会回答,但我还在测试中。

This is a more direct link to the discussion on github.

这是GitHub上讨论的更直接的链接。

27 4 0
文章推荐: Javascript compiler error in Chrome's console(Chrome控制台中出现脚本编译器错误)
文章推荐: xsd : element with unique value(Xsd:具有唯一值的元素)
文章推荐: How to include image in Message Box using ctypes in python(如何在PYTHON中使用ctype在消息框中包含图像)
文章推荐: NiFi | How to replace text based on length of field in JSON records(NiFi|如何根据JSON记录中的字段长度替换文本)
bug小助手
个人简介

我是一名优秀的程序员,十分优秀!

作者热门文章
滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com