Subject: | OS X SIP breaks some tests in "make check" |
By default, OS X 10.11 enables a hardening feature called System
Integrity Protection. One of the consequences of SIP is that each
/bin/sh process unsets the DYLD_LIBRARY_PATH variable.
We have a few tests in make check which are implemented as shell
scripts, including (but probably not limited to) lib/krb5/krb/transit-
tests and lib/krb5/krb/walktree-tests. These test scripts will not
correctly find libraries in the build tree with SIP turned on. A
workaround is to run "make install" before "make check", but we should
try to work around the SIP protections, either by setting
DYLD_LIBRARY_PATH from within testing shell scripts or by avoiding the
use of shell scripts in make check.
Integrity Protection. One of the consequences of SIP is that each
/bin/sh process unsets the DYLD_LIBRARY_PATH variable.
We have a few tests in make check which are implemented as shell
scripts, including (but probably not limited to) lib/krb5/krb/transit-
tests and lib/krb5/krb/walktree-tests. These test scripts will not
correctly find libraries in the build tree with SIP turned on. A
workaround is to run "make install" before "make check", but we should
try to work around the SIP protections, either by setting
DYLD_LIBRARY_PATH from within testing shell scripts or by avoiding the
use of shell scripts in make check.