This is the mail archive of the
gdb@sourceware.org
mailing list for the GDB project.
Re: codesigning gdb on darwin?
- From: Jack Howarth <howarth at bromo dot med dot uc dot edu>
- To: gdb at sourceware dot org
- Date: Sat, 3 Apr 2010 21:46:26 -0400
- Subject: Re: codesigning gdb on darwin?
- References: <20100403234836.GA20199@bromo.med.uc.edu>
On Sat, Apr 03, 2010 at 07:48:36PM -0400, Jack Howarth wrote:
> Has anyone managed to codesign a local build of
> FSF gdb 7.1 on darwin9/10 using a local self-signed
> certificate? In my attempt, I first created and trusted
> a self-signed certificate in the KeyChain Access
> application, created a Info.plist for the fsf-gdb
> (built with a fsf- prefix) using the common name
> from that self-signed certificate, built fsf-gdb
> using -sectcreate __TEXT __info_plist ./gdb/Info.plist
> added on LDFLAGS and then codesigned the installed
> binary using the common name of the self signed
> certificate. This doesn't provided access to the
> required Mach port and 'codesign -d -r - /sw/bin/fsf-gdb'
> shows...
>
> Executable=/sw/bin/fsf-gdb
> library => identifier "libz.1.2.3.dylib" and anchor apple or identifier "libSystem.B.dylib" and anchor apple
> # designated => identifier "org.gnu.gdb" and certificate root = H"eee294eed062a327b66695ce2e283f03c31107da"
>
> Has anyone tried this? Before I sign the fsf-gdb binary
> 'codesign -d -r' reports it as unsigned, but signing it
> seems to silently default to org.gnu.gdb.
> Jack
To answer my own question, it appears that you have to use the
-i option in codesign...
codesign -f -s 'Jack Howarth' -i 'Jack Howarth' -vvvv /sw/bin/fsf-gdb
...produces...
/sw/bin/fsf-gdb: replacing existing signature
/sw/bin/fsf-gdb: signed Mach-O thin (i386) [Jack Howarth]
So now it is a matter of puzzling out how to give fsf-gdb enough
entitlements to access the required Mach port.
Jack