http://linyehui.me/2017/02/17/proxychain4-pod-update-failed/
問題
我的問題是proxychains4 telnet 是沒問題的,但是proxychains4 pod update就會報下面這樣的警告,然後失敗:
[proxychains] preloading ./libproxychains4.dylib
dyld: warning: could not load inserted library ‘./libproxychains4.dylib’ into library validated process because no suitable image found. Did find:
./libproxychains4.dylib: code signing blocked mmap() of ‘./libproxychains4.dylib’
我的環境如下:
- macOS Sierra 10.12.3
- proxychains-ng 4.12_1
- SIP之前配置過用的是:csrutil enable –without debug,查詢的狀態如下:
1 2 3 4 5 6 7 8 9 10 11 12 13
$ csrutil status System Integrity Protection status: enabled (Custom Configuration). Configuration: Apple Internal: disabled Kext Signing: enabled Filesystem Protections: enabled Debugging Restrictions: disabled DTrace Restrictions: enabled NVRAM Protections: enabled BaseSystem Verification: enabled This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
尋找原因
一開始是找到了這篇issues:Proxychains4 with brew for MacOs error #109,以爲是我的proxychains4版本問題或者是我的SIP問題,所以做了以下嘗試:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# 進入系統的recovery mode,禁用SIP csrutil disable reboot # 重啓後卸載老的proxychains brew tap beeftornado/rmtree brew rmtree proxychains-ng # 重新安裝 proxychains-ng --universal # 確認下proxychains-ng的配置是否正確,如果不正確就再配置下proxychains.conf # 確認下telnet是否正常 proxychains4 telnet google.com 80 # 再嘗試下pod update proxychains4 pod update # 問題依舊:code signing blocked mmap() |
問題所在
在另外一個issue78:Not working on OS X 10.11 due to SIP #78中看到了被點讚了4次的這個回答,讓我最後解決了問題:
It only happens if you execute a system binary using proxychains, e.g. proxychains4 ssh user@server. For now, a workaround is to copy the executable to another location (e.g. cp /usr/bin/ssh ~/XXX), and use it (e.g. proxychains4 ~/XXX/ssh user@server). You can modify the path variable so that ~/XXX/ssh is executed instead of /usr/bin/ssh, when you just type “ssh”.
一句話描述問題:
proxychain嘗試注入系統bin目錄下的二進制文件會出現這種情況,解決方案就是換個非系統目錄的文件來執行和注入就可以了。
解決方案
根據上面的問題描述,再考慮pod update的實際操作,其實就是調用git去更新,而我的git用的是系統自帶的:
1 2 |
$ which git /usr/bin/git |
這樣一來問題就變成了讓pod update使用我自己安裝的git就可以了:
1 2 3 4 5 |
brew install git # 修改.bash_profile,增加下面的export配置,優先搜索/usr/local/bin目錄 # 這樣修改後,terminal下使用git就會優先使用我們剛剛安裝的git版本了 export PATH=/usr/local/bin:/usr/local/sbin:${PATH} |
好了,配置好了,再試一下,成功了:
1 |
proxychains4 pod update |
關於SIP
最後我驗證了下,SIP其實不需要disable,csrutil enable –without debug下proxychains也是能正常工作的
總結
說下我這裏能夠正常運行的環境和因素:
- macOS Sierra 10.12.3
- proxychains-ng 4.12_1
-
進入系統的recovery mode,打開terminal,csrutil enable –without debug
可以使用這個命令查詢的狀態,我的狀態如下:1 2 3 4 5 6 7 8 9 10 11 12 13
$ csrutil status System Integrity Protection status: enabled (Custom Configuration). Configuration: Apple Internal: disabled Kext Signing: enabled Filesystem Protections: enabled Debugging Restrictions: disabled DTrace Restrictions: enabled NVRAM Protections: enabled BaseSystem Verification: enabled This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state.
-
我的git使用的是brew install git的版本:
1 2
$ which git /usr/local/bin/git
參考材料
Not working on OS X 10.11 due to SIP #78
Proxychains4 with brew for MacOs error #109
code signing blocked mmap() #159