Hi Jeff,
On Tue, Mar 31, 2020 at 06:51:37AM -0400, Jeffrey Walton wrote:
I believe the reason the patch works is, the environment is scrubbed before run-tests.sh is run. run-tests.sh then sets DYLD_LIBRARY_PATH (and friends). Since the test runner is calling programs outside the SIP boundary, the variables persist.
I verified as much by copying /bin/bash to ~/bash and running it from there. Indeed, exported DYLD-variables propagate to ~/bash.
- Disable SIP as @theronic suggests.
- Set DYLD_LIBRARY_PATH in main via setenv()
- Link statically
- Use otool to fix up the paths
- Link with runtime path.
- Link with @origin or @executable relative paths.
(2) may work, but it is not needed (based on my experience). Just set LD_LIBRARY_PATH and DYLD_LIBRARY_PATH in the test runner.
I forgot to mention... DYLD_FALLBACK_LIBRARY_PATH may work. Apple used to have a man page on it, but I can't find it anymore.
It's in dyld(1).
The man page used to say, don't use DYLD_LIBRARY_PATH . Instead, use DYLD_FALLBACK_LIBRARY_PATH . The problem is, the fallback path is checked after other paths (iirc). That means an old Nettle in /usr/local might be loaded instead of the new Nettle in .lib/
Indeed, DYLD_FALLBACK_LIBRARY_PATH is not stripped but will also not prevent an already installed libnettle from being used for the tests.