#51905: Bear is broken on 10.11 (.5) because of Library Validation ----------------------------+---------------------- Reporter: jlargentaye@… | Owner: cal@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Resolution: | Keywords: upstream Port: Bear | ----------------------------+---------------------- Changes (by cal@…): * keywords: => upstream Comment: Even though I do not get the message when I run `bear make`, I know quite well what the problem is; Apple's SIP changes no longer allow `DYLD_INSERT_LIBRARIES` to affect binaries with the SIP-bit enabled. Unfortunately Apple's approach to marking binaries with the bit was "stick it on everything in /usr/bin and /bin", which includes tools used by many build systems such as the Shell, make, ln, mkdir, mv, rm, rmdir, chmod, cp, touch, install, and also clang and clang++. This wouldn't be a problem if Apple's fallback solution for starting a SIP-binary with `DYLD_INSERT_LIBRARIES` set was disabling the entitlements (as if you were running a copy of the binary), but it isn't, so there's no good way around that for now. The way we've solved that in MacPorts for our own use of `DYLD_INSERT_LIBRARIES` is hooking `execvp` and `posix_spawn` and transparently creating a copy of all SIP binaries without the SIP-bit. Instead of the original binary, we then run the copy (which isn't affected by the loader restriction) but set up argv[] in such a way that the binary itself doesn't notice under normal conditions. A similar approach (or different workaround) would have to be implemented for Bear upstream. Please report the problem there, if it hasn't been reported already. -- Ticket URL: <https://trac.macports.org/ticket/51905#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X