0 
sql.Register("sqlite3_with_extensions",
&sqlite3.SQLiteDriver{
    Extensions: []string{
        "regex_match",
    },
})

I am working on loading an SQLite3 extension in Go, specifically using the sqlite3.SQLiteDriver to register the extension "regex_match". However, when I run the program, I encounter the error: "dlopen(regex_match.dylib, 0x000A): tried: 'regex_match.dylib' (relative path not allowed in hardened program), '/usr/lib/regex_match.dylib' (no such file)]."

This error typically occurs on systems where security features, such as macOS' App Sandbox or Hardened Runtime, are enabled. These features prevent the use of relative paths when loading external resources like libraries or extensions. So I did sign and notarized my dylib even after that my other binary which contains above code is giving error.

Other solutions also I tried

1.setting environment variable for this dylib.

2.tried signed and unsigned binary FYI my binary is also signed and both dylib and binary are signed with same certificate.

3.Gave full disk access to both my binary and regex_match.dylib.

I'm looking for guidance on how to properly load the SQLite3 extension while adhering to system security requirements.

Update -

Go lang package used- "github.com/mattn/go-sqlite3"

Reference link - https://pkg.go.dev/github.com/mattn/go-sqlite3

Platform - Darwin.

Improve this question
5
  • [1/2] You do not tell which package (and which exact version of it) you're using (and on which platform, though it can be guessed from .dylb that it's darwin—i.e. macos). Since we're forced to guess, I guess the sql.Register code, when told to load "named extensions"—such as that regex_match—tries to load a dynamically-linked library with that name (plus platform-dependent filename extension). It tries two places: the current working directory and /usr/lib, and both tries fail with different errors, which the driver communicates to you. … Commented Sep 16, 2024 at 16:43
  • [2/2] … So the answer would be: "modify the driver's code so that it does not use the current working directory but calculates the full pathname for the 1st attempt using some other techique or allows the caller to specify the full path. To me, this appears like a topic to discuss with the driver's developers, not here on SO. Commented Sep 16, 2024 at 16:44
  • @kostix Thanks for response. I have updated required details. this just an simple library so it can be discussed over here. Commented Sep 17, 2024 at 6:04
  • go-sqlite3 directly calls sqlite3_load_extension which is documented in a somewhat moot manner, but you can see how it's implemented in the SQLite's source code (sqlite3LoadExtension internal function), and that one first attempt to load the extension "as is"—treating it as a file name. Given that, it should suffice to change "regex_match" in your code to the full pathname of that regex_match.dyld file. Commented Sep 17, 2024 at 9:42
  • «this just an simple library so it can be discussed over here»—no, this logic is flawed for the simple reason SO is not designed for multiple backs-and-forths—that is, precisely what we're doing here. To understand the reasoning, please consider that the SO's mission is to create a searcheable library of practical questions and answers to them; it is not a service where one can solve any of their problems paid free. IOW, that's not a free support site dedicated to solving arbitrary problems. Please see this. Commented Sep 17, 2024 at 9:45
Related questions
2
How do I load dylib sqlite3 extensions in golang?
1
How can I load an extension on sqlite3 in nodejs?
1
HOW TO sqlite3_load_extension from within Objective-c [error: dlopen(...) image not found]
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.