XCode 11 - Catalina

I recently switched to Catalina and XCode 11. My project fails to run now with the following error -

“SDL.framework” cannot be opened because the developer cannot be verified.

I tried the instructions available at https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation#details

It doesnt work though.

Anyone else face the same issue? Any thoughts on how to get over this?

Thanks,

Vinay

Catalina’s GateKeeper has gotten stricter. Apps need to be “notarized”
by Apple, which in turn requires the “Hardened Runtime” to be enabled,
which in turn checks to make sure all libraries and plugins are signed
by the same developer (by default).

I don’t have enough information about specific your problem, but in
general your best solution is to:

  • Make sure all your libraries/frameworks/plugins are properly
    codesigned with the same key you sign your app with. Enable the
    hardened runtime when signing your app. Notarize.

  • Alternatively, if just for testing or for you & your friends, you
    can ignore all code signing. Don’t enable the hardened runtime.

  • Or if you really need SDL.framework to be signed differently than
    you and need the hardened runtime, you need to add the
    com.apple.security.cs.disable-library-validation entitlement for the
    codesigning phase.

-Eric

Are you using a prebuilt SDL framework or building it yourself?

Make sure your build settings are signing the framework.

Im using the prebuilt SDL framework. Still trying to figure this out.

Try building it yourself

I don’t remember if the prebuilt framework is signed by libSDL.org. If
it is, you should try stripping the signature. (Or building
SDL.framework yourself.)

This command will show a bunch of signature info if it is signed

codesign --verbose=4 --display SDL2.framework

This undocumented command will strip the signature (but it is

undocumented so it might be buggy)
codesign --remove-signature SDL2.framework

IIRC, stripping the signature makes it unable to ever be signed again.

I had problems with stripping the signature a year or two ago. But I
recently tried it again and it seemed to work for me. So I’m thinking
the tool is buggy and/or Apple fixed it in a more recent version.

The problem seems to be only with SDL_mixer. Its complaining about some frameworks that are embedded within the library itself.

SDL and SDL_image are fine.

Any ideas on how to get over this ?

SDL_mixer may have dylibs or frameworks bundled inside of it, such as
decoder helper libs like libmpg123 or Ogg and Vorbis. These also have
to be signed with your same certificate.

Try signing all those embedded libraries in SDL_mixer and then sign SDL_mixer.
Or you could try signing SDL_mixer with the following flags to
automatically try to get the whole thing signed:
Using the --deep flag for codesign usually will recursively get
everything signed.
Using the --force flag for codesign will usually overwrite any prior
code signature that was there.

1 Like