something went wrong with the code signing of my app, but I have not idea how to analyze this problem. I get the following error when launching my app:
dyld: Library not loaded: @rpath/QtSvg.framework/Versions/5/QtSvg Referenced from: /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/MyApp Reason: no suitable image found. Did find: /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg: code signing blocked mmap() of '/Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg' /Users/joachim/Programming/myapp-build-release/install/MyApp.app/Contents/MacOS/../Frameworks/QtSvg.framework/Versions/5/QtSvg: stat() failed with errno=1
All Frameworks and dylibs have been signed with
codesign --verbose --sign "$DEVID" -i $ID --timestamp $FRAMEWORK/Versions/Current/
The app bundle has been signed with
codesign --verbose --sign "$DEVID" --timestamp --options "runtime" --entitlements Entitlements.plist MyApp.app
with entitlement com.apple.security.cs.allow-jit enabled.
"codesign --verify" reports "valid on disk" and "satisfies its Designated Requirement" for all libs and the executable and bundle. All libs have unique identifiers (-i), got a secure timestamp, and I'm not using "--deep" signing. Referencing the lib with "@executable_path/../Frameworks" instead of "@rpath" doesn't make any difference.
The error disappears if I add the com.apple.security.cs.disable-library-validation entitlement or omit the hardened "runtime" option.
How can I check what exactly is blocking the library? Has "disable-library-validation" any drawbacks? Will I still be able to notarize the app?