[TxMt] Library Validation Entitlement for Plugins

Rob Brackett rob at robbrackett.com
Tue Sep 24 19:29:03 UTC 2019


Howdy, I maintain the EditorConfig plugin for TextMate (https://github.com/Mr0grog/editorconfig-textmate <https://github.com/Mr0grog/editorconfig-textmate>). I haven’t had much time to work on it recently, but I was trying to update it for the latest TextMate this morning. However, MacOS won’t actually load my bundle inside TextMate. I see this message when TextMate starts:

Failed to load ‘editorconfig-textmate’ (~/Library/Application Support/TextMate/PlugIns/editorconfig-textmate.tmplugin): The bundle “editorconfig-textmate” couldn’t be loaded because it is damaged or missing necessary resources.

I’m fairly certain the cause is that TextMate now uses the hardened runtime (https://github.com/textmate/textmate/commit/412e6798ca206b15cdc8f86a1387835a3f4f82e7 <https://github.com/textmate/textmate/commit/412e6798ca206b15cdc8f86a1387835a3f4f82e7>).

I saw Allan’s message about a similar issue with the Emmet plugin on July 13th: https://lists.macromates.com/textmate/2019-July/041039.html <https://lists.macromates.com/textmate/2019-July/041039.html>
…but enabling the hardened runtime when signing the bundle doesn’t solve the issue for me.

I think the actual problem in this case is that TextMate (not my plug-in) is missing the `com.apple.security.cs.disable-library-validation` entitlement for hardening. Apple’s docs (https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation <https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation>) say:

> Typically, the Hardened Runtime’s library validation prevents an app from loading frameworks, plug-ins, or libraries unless they’re either signed by Apple or signed with the same team ID as the app. The macOS dynamic linker (dyld) provides a detailed error message when this happens. Use the Disable Library Validation Entitlement to circumvent this restriction.

Obviously I can’t and shouldn’t sign the plug-in with TextMate’s team ID! So it sounds like this is probably required for third-party plug-ins. Are there other third-party plug-ins that are functioning with the latest version of TextMate? Something else I might be missing here?

Thanks,

Rob Brackett
rob at robbrackett.com <mailto:rob at robbrackett.com>
@Mr0grog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macromates.com/textmate/attachments/20190924/95c6c160/attachment.html>


More information about the TextMate mailing list