Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#39349 closed enhancement (fixed)

gdb @7.6 add note about codesigning

Reported by: gthb (Gunnlaugur Thor Briem) Owned by: dweber@…
Priority: Normal Milestone:
Component: ports Version: 2.1.3
Keywords: Cc: cooljeanius (Eric Gallager), ClintO (Clint O), jul_bsd@…
Port: gdb

Description

After installing gdb, the resulting gdb can't attach to programs until it has been codesigned. This only comes up as an error message within gdb itself, and it took me a little while to find out how to do the codesigning.

The attached patch adds a note to the port, to help people along by pointing them to http://sourceware.org/gdb/wiki/BuildingOnDarwin

Attachments (1)

Portfile-gdb.diff (384 bytes) - added by gthb (Gunnlaugur Thor Briem) 4 years ago.

Download all attachments as: .zip

Change History (20)

Changed 4 years ago by gthb (Gunnlaugur Thor Briem)

comment:1 Changed 4 years ago by larryv (Lawrence Velázquez)

  • Cc dweber@… removed
  • Owner changed from macports-tickets@… to dweber@…

comment:2 follow-up: Changed 4 years ago by cooljeanius (Eric Gallager)

For reference, Homebrew already does this with their gdb formula: https://github.com/Homebrew/homebrew-dupes/blob/master/gdb.rb#L21

Although I'm not sure if this is necessary for the Macports gdb port though? MacPorts's gdb is already setgid and procmod: browser:trunk/dports/devel/gdb/Portfile#L50

Also if we do end up including this note with the gdb port, we'd probably also want to do it with the gdb-apple port as well...

comment:3 Changed 4 years ago by cooljeanius (Eric Gallager)

  • Cc egall@… added

Cc Me!

comment:4 Changed 4 years ago by ClintO (Clint O)

  • Cc clint.olsen@… added

Cc Me!

comment:5 Changed 4 years ago by ClintO (Clint O)

I tried following the instructions included in the description, and it still does not work for me. I still get the error message about checking that "gdb is codesigned". Even though when I type:

$ codesign -vvv `which ggdb`
/opt/local/bin/ggdb: valid on disk
/opt/local/bin/ggdb: satisfies its Designated Requirement

The instructions are pretty obtuse to say the least. The first process you must do is create a certificate yet this is the second step in the instructions.

comment:6 in reply to: ↑ 2 ; follow-up: Changed 4 years ago by seanfarley (Sean Farley)

Replying to egall@…:

Although I'm not sure if this is necessary for the Macports gdb port though? MacPorts's gdb is already setgid and procmod: browser:trunk/dports/devel/gdb/Portfile#L50

Also if we do end up including this note with the gdb port, we'd probably also want to do it with the gdb-apple port as well...

I just ran into this issue as well. The procmod is correct except that for newer OSes you need to make sure that the taskgated daemon is configured to use the '-p' option in /System/Library/LaunchDaemons/com.apple.taskgated.plist, e.g.

            <key>ProgramArguments</key>
            <array>
                    <string>/usr/libexec/taskgated</string>
                    <string>-sp</string>
            </array>

No code signing is needed if this is done :-)

comment:7 in reply to: ↑ 6 ; follow-up: Changed 4 years ago by ClintO (Clint O)

Replying to sean@…:

I just ran into this issue as well. The procmod is correct except that for newer OSes you need to make sure that the taskgated daemon is configured to use the '-p' option in /System/Library/LaunchDaemons/com.apple.taskgated.plist, e.g.

            <key>ProgramArguments</key>
            <array>
                    <string>/usr/libexec/taskgated</string>
                    <string>-sp</string>
            </array>

No code signing is needed if this is done :-)


I tried this method. My plist file was missing the -p argument. Now I have taskgated seemingly running as you've specified:

root           35239   0.0  0.0  2433208   1548   ??  Ss   10:50AM   0:00.01 /usr/libexec/taskgated -sp

However things still fail for me:

$ ggdb --args ./mmap /tmp/foo
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin12.3.0".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /Users/clint/Documents/mmap/mmap...Reading symbols from /Users/clint/Documents/mmap/mmap.dSYM/Contents/Resources/DWARF/mmap...done.
done.
(gdb) r
Starting program: /Users/clint/Documents/mmap/mmap /tmp/foo
Unable to find Mach task port for process-id 35244: (os/kern) protection failure (0x2).
 (please check gdb is codesigned - see taskgated(8))

comment:8 in reply to: ↑ 7 Changed 4 years ago by seanfarley (Sean Farley)

Replying to clint.olsen@…:

I tried this method. My plist file was missing the -p argument. Now I have taskgated seemingly running as you've specified:

root           35239   0.0  0.0  2433208   1548   ??  Ss   10:50AM   0:00.01 /usr/libexec/taskgated -sp


Hmm, did you restart the computer? Also, just to make sure, what permissions does ggdb have? Mine are:

$ ls -l $(which ggdb)
-rwxr-sr-x 1 root procmod 5379656 May 20 15:40 /opt/local/bin/ggdb


However things still fail for me:


They work for me (and I have no code signing certificates installed at all):

$ ggdb a.out
GNU gdb (GDB) 7.6
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin12.3.0".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
No symbol table is loaded.  Use the "file" command.
Breakpoint 1 (PetscError) pending.
Reading symbols from /Users/sean/sandbox/a.out...Reading symbols from /Users/sean/sandbox/a.out.dSYM/Contents/Resources/DWARF/a.out...done.
done.
(gdb) c
The program is not being run.
(gdb) r
Starting program: /Users/sean/sandbox/a.out
Hello, World!
[Inferior 1 (process 729) exited normally]

comment:9 follow-ups: Changed 4 years ago by ClintO (Clint O)

I did not restart the computer, but I restarted taskgated after fighting with launchctl for awhile. Is a reboot really necessary? I will try it if you think it's required.

The permissions on ggdb are:

-rwxr-sr-x  1 root  procmod  5370096 Jul 23 00:10 /opt/local/bin/ggdb

comment:10 in reply to: ↑ 9 ; follow-up: Changed 4 years ago by seanfarley (Sean Farley)

Replying to clint.olsen@…:

I did not restart the computer, but I restarted taskgated after fighting with launchctl for awhile. Is a reboot really necessary? I will try it if you think it's required.


It won't hurt anything and will rule out that particular issue. You could try logging off but why not reboot?

The permissions on ggdb are:

-rwxr-sr-x  1 root  procmod  5370096 Jul 23 00:10 /opt/local/bin/ggdb


I don't know what else to try.

comment:11 in reply to: ↑ 10 ; follow-up: Changed 4 years ago by ClintO (Clint O)

Replying to sean@…:

Replying to clint.olsen@…:

I did not restart the computer, but I restarted taskgated after fighting with launchctl for awhile. Is a reboot really necessary? I will try it if you think it's required.


It won't hurt anything and will rule out that particular issue. You could try logging off but why not reboot?

The permissions on ggdb are:

-rwxr-sr-x  1 root  procmod  5370096 Jul 23 00:10 /opt/local/bin/ggdb


I don't know what else to try.


Well, that's why they pay you the big bucks I guess, because that worked :)

Wow, what an annoying problem. Thanks a lot for your help with this. I'm glad I can actually use a modern debugger now!

comment:12 in reply to: ↑ 11 ; follow-up: Changed 4 years ago by seanfarley (Sean Farley)

  • Resolution set to fixed
  • Status changed from new to closed

Replying to clint.olsen@…:

Replying to sean@…:

Replying to clint.olsen@…:

I did not restart the computer, but I restarted taskgated after fighting with launchctl for awhile. Is a reboot really necessary? I will try it if you think it's required.


It won't hurt anything and will rule out that particular issue. You could try logging off but why not reboot?

The permissions on ggdb are:

-rwxr-sr-x  1 root  procmod  5370096 Jul 23 00:10 /opt/local/bin/ggdb


I don't know what else to try.


Well, that's why they pay you the big bucks I guess, because that worked :)


Yay! Now I'll get double my previous pay for closing this ticket!

Wow, what an annoying problem. Thanks a lot for your help with this. I'm glad I can actually use a modern debugger now!


Indeed. I'll add a note to gdb and apple-gdb. Closing this ticket, finally :-)

comment:13 in reply to: ↑ 12 ; follow-up: Changed 4 years ago by cooljeanius (Eric Gallager)

Replying to sean@…:

Indeed. I'll add a note to gdb and apple-gdb. Closing this ticket, finally :-)

Have you done this yet? If so, which revision (for reference)?

comment:14 in reply to: ↑ 13 ; follow-up: Changed 4 years ago by seanfarley (Sean Farley)

Replying to egall@…:

Replying to sean@…:

Indeed. I'll add a note to gdb and apple-gdb. Closing this ticket, finally :-)

Have you done this yet? If so, which revision (for reference)?

Just pushed it. Should be fixed in r108537 and r108538.

comment:15 in reply to: ↑ 14 Changed 4 years ago by cooljeanius (Eric Gallager)

Replying to sean@…:

Replying to egall@…:

Replying to sean@…:

Indeed. I'll add a note to gdb and apple-gdb. Closing this ticket, finally :-)

Have you done this yet? If so, which revision (for reference)?

Just pushed it. Should be fixed in r108537 and r108538.

Thanks!

comment:16 in reply to: ↑ 9 Changed 4 years ago by yaseppochi (Stephen J. Turnbull)

Replying to clint.olsen@…:

I did not restart the computer, but I restarted taskgated after fighting with launchctl for awhile. Is a reboot really necessary? I will try it if you think it's required.

Just killing the running taskgated didn't help me; the kernel restarted it without rereading the plist, so the "-p" option wasn't present in the new process, either.

It seems it is really necessary. I tried using launchctl to unload and then reload /System/Library/LaunchDaemons/com.apple.taskgated.plist (I guess that's what you meant by "fighting with?") Both commands succeeded, but then there was no taskgated process, and trying to use ggdb failed, without leaving behind a taskgated process. Perhaps this information may help somebody make the upgrade to Mac OS X with taskgated more transparent (although I guess that's a problem that will solve itself in time).

Nevertheless, I suggest at least adding "Due to kernel caching, you usually need to restart Mac OS X for this option to take effect." to the message.

comment:17 Changed 4 years ago by jul_bsd@…

  • Cc jul_bsd@… added

Cc Me!

comment:18 Changed 4 years ago by jul_bsd@…

+1 to add to the message "Reboot to take effect" else not working

comment:19 Changed 4 years ago by seanfarley (Sean Farley)

Added in r119789. Thanks for the comments.

Note: See TracTickets for help on using tickets.