Recent Changes - Search:

Home Page

Main

Downloads
Windows
macOS
Linux (via apt / rpm )
Linux wxWidgets
Release Notes

Wiki
Documentation
FAQ

Build CodeLite
Linux
Windows
macOS

Devs
Debug CodeLite Linux
Building Clang
Build wxWidgets (MSW)
Coding Guidelines
Create a Plugin

Main /

MacOS-CodesignGdb

On this page... (hide)

Signing GDB on macOS

First, you want to install the latest gdb using brew:

  • brew install gdb
  • Copy the below content into a script macos-codesign-gdb.sh and give it execution permission chmod +x macos-codesign-gdb.sh

Script content: 


#!/bin/bash

CERT="gdb_codesign"

function error() {
    echo error: "$@"
    exit 1
}

function cleanup {
    # Remove generated files
    rm -f "$TMPDIR/$CERT.tmpl" "$TMPDIR/$CERT.cer" "$TMPDIR/$CERT.key" > /dev/null 2>&1
}

trap cleanup EXIT

# Check if the certificate is already present in the system keychain
security find-certificate -Z -p -c "$CERT" /Library/Keychains/System.keychain > /dev/null 2>&1
if [ $? -eq 0 ]; then
    echo Certificate has already been generated and installed
    exit 0
fi

# Create the certificate template
cat <<EOF >$TMPDIR/$CERT.tmpl
[ req ]
default_bits       = 2048        # RSA key size
encrypt_key        = no          # Protect private key
default_md         = sha512      # MD to use
prompt             = no          # Prompt for DN
distinguished_name = codesign_dn # DN template
[ codesign_dn ]
commonName         = "$CERT"
[ codesign_reqext ]
keyUsage           = critical,digitalSignature
extendedKeyUsage   = critical,codeSigning
EOF

echo Generating and installing gdb_codesign certificate

# Generate a new certificate
openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -config "$TMPDIR/$CERT.tmpl" -extensions codesign_reqext -batch -out "$TMPDIR/$CERT.cer" -keyout "$TMPDIR/$CERT.key" > /dev/null 2>&1
[ $? -eq 0 ] || error Something went wrong when generating the certificate

# Install the certificate in the system keychain
sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain "$TMPDIR/$CERT.cer" > /dev/null 2>&1
[ $? -eq 0 ] || error Something went wrong when installing the certificate

# Install the key for the certificate in the system keychain
sudo security import "$TMPDIR/$CERT.key" -A -k /Library/Keychains/System.keychain > /dev/null 2>&1
[ $? -eq 0 ] || error Something went wrong when installing the key

# Kill task_for_pid access control daemon
sudo pkill -f /usr/libexec/taskgated > /dev/null 2>&1

# Exit indicating the certificate is now generated and installed
exit 0
  • Run the script
  • Open the Keychain Access application, locate the gdb_codesign certificate, double click it and change the Trust to Always Trust
  • On macOS Mojave and later, you will also need the following:
    • Create a file named gdb.xml with the following content: 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.debugger</key>
    <true/>
</dict>
</plist>
  • Save it and run codesign: codesign --entitlements gdb.xml -fs gdb_codesign /usr/local/bin/gdb
  • On macOS older than Mojave, you need to run codesign like this: codesign -fs gdb_codesign /usr/local/bin/gdb
  • Reboot you mac
Edit - History - Print - Recent Changes - Search
Page last modified on August 17, 2019, at 08:46 AM