How to get a "codesigned" gdb on OSX?

c++ macos debugging gdb code-signing
clstaudt picture clstaudt · Dec 17, 2012 · Viewed 39.3k times · Source

Because I need a Python-enabled gdb, I installed another version via 

brew tap homebrew/dupes
brew install gdb

I want to use this gdb with Eclipse CDT, where I entered the path to the binary in the Debugging settings. However, launching a program for debugging fails with the following message:

Error in final launch sequence
Failed to execute MI command:
-exec-run
Error message from debugger back end:
Unable to find Mach task port for process-id 39847: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))
Unable to find Mach task port for process-id 39847: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))

What does "codesigned" mean in this context? How can I get this gdbrunning?

Answer

Zak picture Zak · Sep 5, 2014

I.1 Codesigning the Debugger

The Darwin Kernel requires the debugger to have special permissions before it is allowed to control other processes. These permissions are granted by codesigning the GDB executable. Without these permissions, the debugger will report error messages such as:

Starting program: /x/y/foo
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

Codesigning requires a certificate. The following procedure explains how to create one:

  • Start the Keychain Access application (in /Applications/Utilities/Keychain Access.app)
  • Select the Keychain Access -> Certificate Assistant -> Create a Certificate... menu
  • Then:
    • Choose a name for the new certificate (this procedure will use "gdb-cert" as an example)
    • Set "Identity Type" to "Self Signed Root"
    • Set "Certificate Type" to "Code Signing"
    • Activate the "Let me override defaults" option
  • Click several times on "Continue" until the "Specify a Location For The Certificate" screen appears, then set "Keychain" to "System"
  • Click on "Continue" until the certificate is created
  • Finally, in the view, double-click on the new certificate, and set "When using this certificate" to "Always Trust"
  • Exit the Keychain Access application and restart the computer (this is unfortunately required)

Once a certificate has been created, the debugger can be codesigned as follow. In a Terminal, run the following command...

codesign -f -s  "gdb-cert"  <gnat_install_prefix>/bin/gdb

... where "gdb-cert" should be replaced by the actual certificate name chosen above, and should be replaced by the location where you installed GNAT.

source: https://gcc.gnu.org/onlinedocs/gcc-4.8.1/gnat_ugn_unw/Codesigning-the-Debugger.html

UPDATE: High-Sierra (Certificate Assistant - Unknown Error) https://apple.stackexchange.com/questions/309017/unknown-error-2-147-414-007-on-creating-certificate-with-certificate-assist

Related questions

How to compile and run C/C++ in a Unix console/Mac terminal?

How can I compile/run C or C++ in Unix console or a Mac terminal? (I know it, forget it, and relearn it again. Time to write it down.)

Read More
C++ IDE for Macs

I teach a C++ course using Visual Studio. One of my students has a Mac and was looking for an IDE to use on his machine. What would be good to recommend?

Read More
How do you install Boost on MacOS?

How do you install Boost on MacOS? Right now I can't find bjam for the Mac.

Read More