Created
October 5, 2020 14:49
-
-
Save Wes974/5ad92883e91fcbb9554dab4aca6ae5b0 to your computer and use it in GitHub Desktop.
Signing gdb on macOS with codesign
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| CERT_ID='gdb-cert' # the name of the certificate used for signing | |
| if ! security find-certificate -c "$CERT_ID" &>/dev/null; then | |
| echo >&2 "> ❌ certificate($CERT_ID) not found" | |
| echo "Here is a brief note on how to create one:" | |
| echo | |
| echo "1. Open Keychain Access" | |
| echo "2. Open the menu item: Keychain Access -> Certificate Assistant -> Create a Certificate..." | |
| echo "3. Choose a name (gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults" | |
| echo '4. Click several times on Continue until you get to the "Specify a Location For The Certificate screen", then set Keychain to System' | |
| echo '5. Quit Keychain Access, and run this script again' | |
| echo | |
| echo 'Or refer to this: https://sourceware.org/gdb/wiki/PermissionsDarwin' | |
| exit 1 | |
| fi | |
| if ! GDB=$(command -v gdb); then | |
| echo >&2 "> ❌ gdb not found" | |
| exit 1 | |
| fi | |
| echo "> 🔦 Found gdb: $GDB" | |
| ENTITLEMENTS_XML=/tmp/gdb-entitlements.xml | |
| cat >"$ENTITLEMENTS_XML" <<EOF | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>com.apple.security.cs.debugger</key> | |
| <true/> | |
| </dict> | |
| </plist> | |
| </pre> | |
| EOF | |
| echo "> 🔏 Signing" | |
| codesign --entitlements "$ENTITLEMENTS_XML" -fs "$CERT_ID" "$GDB" | |
| expected_entitlements=$(cat "$ENTITLEMENTS_XML") | |
| rm -f "$ENTITLEMENTS_XML" | |
| entitlements=$(codesign -d --entitlements :- "$GDB") | |
| if [ "$entitlements" == "$expected_entitlements" ]; then | |
| echo "> ✅ Entitlements verified" | |
| else | |
| printf >&2 "> ❌ Entitlements verification failed!\n‼️ Expected:\n%s\n‼️ Found:\n%s" "$expected_entitlements" "$entitlements" | |
| exit 1 | |
| fi | |
| if codesign -vv "$GDB"; then | |
| echo "> ✅ Signature verified" | |
| echo "> ✅ Signing succeeded! You may need to restart for it to work." | |
| else | |
| echo "> ❌ Signature verification failed!" | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :100644 100644 3bd8d8ce 00000000 M gdb/darwin-nat.c | |
| diff --git a/gdb/darwin-nat.c b/gdb/darwin-nat.c | |
| index 3bd8d8ce..a35c44c0 100644 | |
| --- a/gdb/darwin-nat.c | |
| +++ b/gdb/darwin-nat.c | |
| @@ -1139,7 +1139,7 @@ darwin_nat_target::decode_message (mach_msg_header_t *hdr, | |
| res_pid, wstatus); | |
| /* Looks necessary on Leopard and harmless... */ | |
| - wait4 (inf->pid, &wstatus, 0, NULL); | |
| + wait4 (inf->pid, &wstatus, WNOHANG, NULL); | |
| inferior_ptid = ptid_t (inf->pid, 0, 0); | |
| return inferior_ptid; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment