- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- OSX - Unsigned library raises error for python3 mo...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OSX - Unsigned library raises error for python3 modular input?
Hi, I developed a modular input making use of Python Cryptodome library (https://pycryptodome.readthedocs.io). When executing it on a Mac OsX Ventura, it raises the error:
... _raw_ecb.abi3.so' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
When executing the same code with a brew-installed python3.7, the code runs fine.
Minimal example
# create and activate a virtual environment:
python3.7 -m venv venv
source venv/bin/activate
# install necessary lib
python3.7 -m pip install pycryptodomex
# exit the virtual env
deactivate
# move to where the packages have been stored
cd venv/lib/python3.7/site-packages
Test #1
Execute "python3.7", and then type:
from Cryptodome.Cipher import AES
---> no error is raised
Test #2
Start the python3 interpreter bundled in splunk
splunk cmd python3
>>> from Cryptodome.Cipher import AES
OSError: Cannot load native module 'Cryptodome.Cipher._raw_ecb': Not found '_raw_ecb.cpython-37m-darwin.so', Cannot load '_raw_ecb.abi3.so'
...
.../_raw_ecb.abi3.so' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.), Not found '_raw_ecb.so'
I found this interesting article about similar problems on Inkscape: https://gitlab.com/inkscape/inkscape/-/issues/2299 and then I executed:
codesign -d --entitlements - /Applications/Splunk/bin/python3.7m
Executable=/Applications/Splunk/bin/python3.7m
[Dict]
[Key] com.apple.security.cs.disable-executable-page-protection
[Value] [Bool] true
There is no allowance for unsigned libraries, apparently.
I tried this with Splunk v8.2.7 and v9.0.2 on an Intel-based Mac OSx Ventura.
Do you have any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if I have the answer to your question but I want to update you regarding one thing:
- Splunk's Python built is not the same as what is published as Python build.
- Splunk removes a lot of unused packages and adds more Splunk-related python packages.
I hope this helps!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for pointing that out. It is known to me, and this is the first time I encounter such an issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having roughly the same issue with the cryptography dependancy. Did you ever find a solution?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
not really, I have to try other packages, or re-implement the modular input using golang and https://github.com/prigio/splunk-go-sdk
Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off
What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience
Take Your Breath Away with Splunk Risk-Based Alerting (RBA)
