发表新帖
发表新帖

“please check gdb is codesigned - see taskgated(8)” - How to get gdb installed with homebrew code signed?

前端 未结
关注
10 721
栀梦
栀梦 2020-12-02 04:20

I\'m under osx 10.8.4 and have installed gdb 7.5.1 with homebrew (motivation get a new gdb with new features such as --with-python etc... )

Long story short when I

相关标签:
10条回答
  • 情歌与酒
    2020-12-02 04:43

    gdb 8.3;

    My problem is the same as the guy above, solved by

    codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb
    0 讨论(0)
  • 误落风尘
    2020-12-02 04:44

    I made gdb work on OSX 10.9 without codesigning this way (described here):

    1. Install gdb with macports. (may be you can skip it)

    2. sudo nano /System/Library/LaunchDaemons/com.apple.taskgated.plist

      change option string from -s to -sp at line 22, col 27.

    3. Reboot the computer.

    4. Use gdb. If you installed it with mac ports then you must use ggdb command. Or made an alias in your config file:

    alias gdb='ggdb'

    and use 'gdb' command then.

    0 讨论(0)
  • 星月不相逢
    2020-12-02 04:46

    I upgraded to gdb 8.3 and was not able to make things working. This helped me:

    codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb

    Where content of gdb.xml is:

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.cs.debugger</key>
    <true/>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>
</plist>

    I found this solution here: https://timnash.co.uk/getting-gdb-to-semi-reliably-work-on-mojave-macos/

    Note: Without the entitlement I was able to run gdb only with sudo.

    0 讨论(0)
  • 孤城傲影
    2020-12-02 04:53

    This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.

    To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…

    Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.

    Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.

    Restart the taskgated service, and sign the binary.

    $ sudo killall taskgated
$ codesign -fs gdb-cert "$(which gdb)"

    source http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/

    On macOS 10.12 (Sierra) and later, you must also

    Use gdb 7.12.1 or later Additionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:

    set startup-with-shell off

    You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb

    echo "set startup-with-shell off" >> ~/.gdbinit

    SOURCE: https://sourceware.org/gdb/wiki/BuildingOnDarwin

    0 讨论(0)
  • 感动是毒
    2020-12-02 04:57

    For anyone who using Sierra 10.12.6 (and above) and Homebrew, /usr/local/bin/gdb is a symbolic link to /usr/local/Cellar/gdb/8.0/bin/gdb (or whatever version, e.g. 8.0.1).

    You need to codesign both link and target:

    codesign -fs gdb-cert /usr/local/bin/gdb
codesign -fs gdb-cert "/usr/local/Cellar/gdb/8.0/bin/gdb"

    Or, if you have greadlink (installed via brew install coreutils):

    codesign -fs gdb-cert $(which gdb)
codesign -fs gdb-cert $(greadlink -f $(which gdb))
    0 讨论(0)
  • 渐次进展
    2020-12-02 05:03

    I can recommend to follow this gist: https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#file-codesign_gdb-md

    With trick to overcome: unknown error = -2,147,414,007 during Certificate Creation described here: https://apple.stackexchange.com/a/309123

    Notes:

    Path for gdb installed as homebrew package should be something like: /usr/local/Cellar/gdb/9.2/bin/gdb

    And csrutil enable --without debug will cause a message about requesting unsupported configuration, like here: https://totalfinder.binaryage.com/system-integrity-protection

    Test:

    ○ → sw_vers -productVersion
10.13.6

○ → gdb ./a.out
GNU gdb (GDB) 9.2
...
Thread 3 hit Breakpoint 1, main () at main.c:14
14          data_t d = {0};
    0 讨论(0)
 看不清?
提交回复
热议问题