Building GDB for Darwin

Creating the binary for Darwin isn't very difficult. The usual procedure applies: configure and make.

Building the 7.0 release unfortunately results in many "warning: format not a string literal and no format arguments" warnings. This problem has been fixed in CVS. To avoid such warnings building 7.0, configure with --disable-intl.

But if you try this gdb, you will get an error message such as: 

Starting program: /x/y/foo
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

In fact the Darwin kernel refuses to debug a process if you don't have special rights. (Debugging a process means having full control over another process which might be exploited by viruses).

With all known versions of Darwin, the kernel won't refuse if you are root. But of course you don't want to be root to debug.

With Tiger, the kernel will accept for process whose primary effective group is procmod or procview. That means that making gdb setgid procmod should work.

Later versions of Darwin should accept this convention provided that taskgated (the daemon that control the access) is invoked with option '-p'. This daemon is configured by /System/Library/LaunchDaemons/com.apple.taskgated.plist. I was able to use this rule provided that I am also a member of the procmod group.

The most up to date method to have the debug right is to sign gdb with any system-trusted signing authority. This is an easy process once you have a certificate. If the certificate is known as gdb-cert, just use: 

$ codesign -s gdb-cert gdb

Creating a certificate

Start Keychain Access application (/Applications/Utilities/Keychain Access.app)

Open menu /Keychain Access/Certificate Assistant/Create a Certificate...

Choose a name (gdb-cert in the example), select Code Signing as Certificate Type and also select the Let me override defaults. Click several times on continue as the default values are correct. Do not forget to store the certificate in the System keychain.

I wasn't able to directly store the certificate in the System keychain. So I created a certificate in the login keychain, then exported it, and then imported it in the System keychain.

Don't forget to trust this certificate for code signing: using contextual menu Get Info, open the Trust item, and select Always Trust for Code Signing.

None: BuildingOnDarwin (last edited 2009-10-22 01:35:41 by PedroAlves)

All content (C) 2008 Free Software Foundation. For terms of use, redistribution, and modification, please see the WikiLicense page.