On macOS, GateKeeper is your security buddy. It prevents your system to open malicious software and has been updated and strictened over the years.

In macOS 10.15 Catalina, any binary file loaded by a software is by default considered suspicious, especially if you download it from a web browser. Any downloaded file is put in quarantine by the system, by setting com.apple.quarantine extended attribute. This applies to PHP extensions, materialized by .so files (shared object files).

Issue description

If you have manually downloaded and installed the PHP probe, you may encounter the following issue when running PHP:

A system popup appears, displaying the following error message: "blackfire.so can't be opened because Apple cannot check it for malicious software"

Warning: PHP Startup: Unable to load dynamic library '/usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so' (tried: /usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so (dlopen(/usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so, 9): no suitable image found.  Did find:
/usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so: code signature in (/usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so) not valid for use in process using Library Validation: library load disallowed by system policy
/usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so: stat() failed with errno=22), /usr/local/lib/php/pecl/20180731//usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so.so (dlopen(/usr/local/lib/php/pecl/20180731//usr/local/Cellar/blackfire-php73/1.30.0/blackfire.so.so, 9): image not found)) in Unknown on line 0

Check the binary signature

You may check that the binary is the one we officially distribute by checking its signature and integrity, as described in Apple Code Sigining documentation, thanks to codesign  command.

This command confirms whether the code binaries are actually signed, the signature is valid, all the sealed components are unaltered, and the signature passes some basic consistency checks.

codesign -vvvv blackfire.so

The command above should output the following:

blackfire.so: valid on disk
blackfire.so: satisfies its Designated Requirement


The quick and easy way 

  • With your terminal, go to the directory where you installed blackfire.so;

  • Run xattr blackfire.so;
    It should display com.apple.quarantine;

  • Run xattr -d com.apple.quarantine blackfire.so ;

  • You can now use PHP and Blackfire safely. 

Using System Preferences

  • Go to System Preferences / Security and Privacy / General;

  • You will see a note saying that "blackfire.so is blocked from use because it is not from an identified developer";

  • Click on "Allow anyway" button;

  • Run PHP again;

  • The system popup will be displayed again, but now you have an "Open" button;

  • Click on "Open" button;

  • You can now use PHP and Blackfire safely;

Did this answer your question?