Unable to set "special" environment variable

A gist requires me to set DYLD_FALLBACK_LIBRARY_PATH for a Rust compilation. I tried everything, but I’m completely unable to set this env variable. It is always empty. I tried a different name, that works… Just why?

name: Test

on:
  workflow_dispatch

jobs:
  test_job:
    runs-on: macos-latest
    steps:
      - name: Test
        run: |
          echo "PATHX=$(xcode-select --print-path)/Toolchains/XcodeDefault.xctoolchain/usr/lib/" >> $GITHUB_ENV
          
      - name: Test
        run: |
          echo "DYLD_FALLBACK_LIBRARY_PATH=$PATHX" >> $GITHUB_ENV
      

      - name: Test
        run: |
          echo ${PATHX:-is_empty}
          echo ${DYLD_FALLBACK_LIBRARY_PATH:-is_empty}
         

Output:

Run echo ${PATHX:-is_empty}
  echo ${PATHX:-is_empty}
  echo ${DYLD_FALLBACK_LIBRARY_PATH:-is_empty}
  shell: /bin/bash -e {0}
  env:
    PATHX: /Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/
    DYLD_FALLBACK_LIBRARY_PATH: /Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/
/Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/
is_empty

Looks like a System Integrity Protection issue

1 Like

It’s possible to work around SIP, you just need binaries that aren’t system binaries and that don’t live in system paths.

Here’s an example using brew to install bash and then using that bash:

Note: I didn’t fill in $PATHX, but that’s not a big deal

Very nice. Indeed this works perfectly. I suppose I will then always have to use the shell installed by brew, right (as shown)?

Updated script (the PATHX was just a test if it works with non-suspect variable names):


name: Test

on:
  workflow_dispatch

jobs:
  test_job:
    runs-on: macos-latest
    steps:
      - name: brew bash
        run: brew install bash

      - name: Test (shim env)
        shell: /usr/local/bin/bash {0}
        run: |
          echo "DYLD_FALLBACK_LIBRARY_PATH=$(xcode-select --print-path)/Toolchains/XcodeDefault.xctoolchain/usr/lib/" >> $GITHUB_ENV
      

      - name: Test
        shell: /usr/local/bin/bash {0}
        run: |
          echo ${DYLD_FALLBACK_LIBRARY_PATH:-is_empty}

Output:

“/Applications/Xcode_13.2.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/”

This even works for the desired use case.

Unfortunately the created binary does run on Intel hardware only, since it has external references to OpenCV4 installed by brew. Brew uses different paths on Intel and M1 (Intel /usr/local/opt/opencv/lib/, M1 /opt/homebrew/Cellar/opencv/4.5.5_2/lib/). This makes the app work fine running on Intel hardware, but failing on M1 with

~/Downloads $ ./calibration
dyld[34291]: Library not loaded: /usr/local/opt/opencv/lib/libopencv_gapi.405.dylib
  Referenced from: /Users/decades/Downloads/calibration
  Reason: tried: '/usr/local/opt/opencv/lib/libopencv_gapi.405.dylib' (no such file), '/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib//libopencv_gapi.405.dylib' (no such file)
Abort trap: 6

But this is another story :slight_smile:

Thanks for now.