Problem with plv8 on macOS Catalina

jlg 2019-12-17 20:03:04 UTC #1

I just updated our xTuple/PostgreSQL server to macOS 10.15.2 (aka Catalina), upgraded MacPorts, reinstalled PostgreSQL and plv8 per instructions. When I run anything in xTuple that requires plv8, I now get the following error:

ERROR: could not load library "/opt/local/lib/postgresql96/plv8.so": dlopen(/opt/local/lib/postgresql96/plv8.so, 10): no suitable image found. Did find:
/opt/local/lib/postgresql96/plv8.so: code signature in (/opt/local/lib/postgresql96/plv8.so) not valid for use in process using Library Validation: library load disallowed by system policy

Has anyone else run into this issue? Looking for ideas...

jlg 2019-12-17 21:12:45 UTC #2

Found a solution, posting it because anybody who updates to Catalina will probably need it.

Based on the solution at https://github.com/Jackett/Jackett/issues/5589

On my system:

# cd /opt/local/bin/postgresql96
# xattr -p com.apple.quarantine plv8.so
0083;5bc65145;Safari;C16AB864-F5EB-40F8-97FF-30E58E960010
# xattr -w com.apple.quarantine "00c1;5bc65145;Safari;C16AB864-F5EB-40F8-97FF-30E58E960010" plv8.so
# xattr -p com.apple.quarantine plv8.so
00c1;5bc65145;Safari;C16AB864-F5EB-40F8-97FF-30E58E960010

Explanation:

Part of Apple's system security now requires all executables to be signed with a valid developer certificate, and unsigned executables are quarantined (i.e., not permitted to run). Thankfully, Apple provided a CLI way to whitelist executables. The "xattr -p" command returns the current quarantine attributes of the listed executable. You'll need to run this on your system and copy the returned string, because it will probably not match the one shown here. The "xattr -w" command writes a new quarantine attribute for the listed executable. Note the change in the first four characters of the attribute string: changing whatever's there to "00c1" whitelists the executable so that the system will allow it to run. Run the "xattr -p" command again, to be sure your change made it into the system.