Recent

Author Topic: Codesigning GDB: Almost there, but not quite  (Read 10516 times)

Rockwell

  • Newbie
  • Posts: 4
Codesigning GDB: Almost there, but not quite
« on: December 14, 2014, 06:14:48 pm »
Hi.

I'm at the point where I need to codesign GDB, but I can't seem to get it done. I used the path of my GDB as seen in 'Options', to write this command into the CLI:

sudo codesign -s gdb-cert /sw/bin/fsf-gdb

I installed everything needed for Lazarus, as far as I can tell.

I get this error, still:
'The GDB command:
"-exec-run"
returned the error:
",msg="Unable to find Mach task port for process-id 538: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))""'

The codesign command returned nothing. What did I do wrong? How can I fix this?
All I tried to run was a simple Hello, World program.

Thanks

jwdietrich

  • Hero Member
  • *****
  • Posts: 1232
    • formatio reticularis
Re: Codesigning GDB: Almost there, but not quite
« Reply #1 on: December 14, 2014, 08:00:55 pm »
Did you read the instructions at http://wiki.freepascal.org/Code_Signing_for_Mac_OS_X?

In general I would recommend to enter

Code: [Select]
codesign -f -s <signature> <path to GDB> -r="host => anchor apple and identifier com.apple.translate designated => identifier <BundleIdentifier>"
where <signature> is the alphanumeric key of your Developer ID (you find it in your system's keychain, either in brackets after your name or in the line "User ID"). For <BundleIdentifier> you may use e.g. "org.gnu.gdb"

Usually, GDB is at /usr/bin/gdb, but locations may be different if it has been installed via Fink or Homebrew.
function GetRandomNumber: integer; // xkcd.com
begin
  GetRandomNumber := 4; // chosen by fair dice roll. Guaranteed to be random.
end;

http://www.formatio-reticularis.de

Lazarus 2.2.6 | FPC 3.2.2 | PPC, Intel, ARM | macOS, Windows, Linux

Rockwell

  • Newbie
  • Posts: 4
Re: Codesigning GDB: Almost there, but not quite
« Reply #2 on: December 14, 2014, 09:23:52 pm »
Did you read the instructions at http://wiki.freepascal.org/Code_Signing_for_Mac_OS_X?

In general I would recommend to enter

Code: [Select]
codesign -f -s <signature> <path to GDB> -r="host => anchor apple and identifier com.apple.translate designated => identifier <BundleIdentifier>"
where <signature> is the alphanumeric key of your Developer ID (you find it in your system's keychain, either in brackets after your name or in the line "User ID"). For <BundleIdentifier> you may use e.g. "org.gnu.gdb"

Usually, GDB is at /usr/bin/gdb, but locations may be different if it has been installed via Fink or Homebrew.

I'm a little unsure here, I can't find a developer ID. You don't mean the $100/year Apple developer ID?

jwdietrich

  • Hero Member
  • *****
  • Posts: 1232
    • formatio reticularis
Re: Codesigning GDB: Almost there, but not quite
« Reply #3 on: December 15, 2014, 12:05:54 am »
I'm a little unsure here, I can't find a developer ID. You don't mean the $100/year Apple developer ID?

I do, and you will need it. Without one you won't be able to sign any code.
function GetRandomNumber: integer; // xkcd.com
begin
  GetRandomNumber := 4; // chosen by fair dice roll. Guaranteed to be random.
end;

http://www.formatio-reticularis.de

Lazarus 2.2.6 | FPC 3.2.2 | PPC, Intel, ARM | macOS, Windows, Linux

Rockwell

  • Newbie
  • Posts: 4
Re: Codesigning GDB: Almost there, but not quite
« Reply #4 on: December 15, 2014, 12:36:25 am »
I'll be going back to Linux. Paying yearly for the basic use of my computer is absurd. Thanks for your help, though

jwdietrich

  • Hero Member
  • *****
  • Posts: 1232
    • formatio reticularis
Re: Codesigning GDB: Almost there, but not quite
« Reply #5 on: December 15, 2014, 12:55:44 am »
Well, it is also advisable to have a Developer ID for distributing your application (although it is not absolutely necessary, since users can start your program via a detour).

The correct place to complain is Apple.
function GetRandomNumber: integer; // xkcd.com
begin
  GetRandomNumber := 4; // chosen by fair dice roll. Guaranteed to be random.
end;

http://www.formatio-reticularis.de

Lazarus 2.2.6 | FPC 3.2.2 | PPC, Intel, ARM | macOS, Windows, Linux

Rockwell

  • Newbie
  • Posts: 4
Re: Codesigning GDB: Almost there, but not quite
« Reply #6 on: December 15, 2014, 01:10:52 am »
I didn't mean to give you the impression that I was complaining to you, I just found it absurd. I need Pascal for a course, I wasn't planning on distributing anything.
Thanks for solving my issue

zbyna

  • Jr. Member
  • **
  • Posts: 63
Re: Codesigning GDB: Almost there, but not quite
« Reply #7 on: December 15, 2014, 01:42:25 pm »
Hi.

I'm at the point where I need to codesign GDB, but I can't seem to get it done. I used the path of my GDB as seen in 'Options', to write this command into the CLI:

sudo codesign -s gdb-cert /sw/bin/fsf-gdb

I installed everything needed for Lazarus, as far as I can tell.

I get this error, still:
'The GDB command:
"-exec-run"
returned the error:
",msg="Unable to find Mach task port for process-id 538: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))""'

The codesign command returned nothing. What did I do wrong? How can I fix this?
All I tried to run was a simple Hello, World program.

Thanks

Hi,
it reminds me my own situation  :)
Have you install gdb yourself ?
There is pretty good guide what to do here (with screenshots):
http://ntraft.com/installing-gdb-on-os-x-mavericks/
and here
http://wiki.lazarus.freepascal.org/GDB_on_OS_X_Mavericks_and_Xcode_5#

I have a free developer account means I am registered but I did not join any paid program (b/c of testing Swift ...)
I really did not have to use my id to setup codesigning gdb for lazarus in Yosemite.
« Last Edit: December 15, 2014, 01:56:34 pm by zbyna »

Jonas Maebe

  • Hero Member
  • *****
  • Posts: 1058
Re: Codesigning GDB: Almost there, but not quite
« Reply #8 on: December 15, 2014, 03:38:41 pm »
Did you read the instructions at http://wiki.freepascal.org/Code_Signing_for_Mac_OS_X?

In general I would recommend to enter

Code: [Select]
codesign -f -s <signature> <path to GDB> -r="host => anchor apple and identifier com.apple.translate designated => identifier <BundleIdentifier>"
where <signature> is the alphanumeric key of your Developer ID (you find it in your system's keychain, either in brackets after your name or in the line "User ID"). For <BundleIdentifier> you may use e.g. "org.gnu.gdb"

Usually, GDB is at /usr/bin/gdb, but locations may be different if it has been installed via Fink or Homebrew.

I'm a little unsure here, I can't find a developer ID. You don't mean the $100/year Apple developer ID?

No, you don't need a $100/year Apple developer ID to codesign gdb, a self-signed certificate works fine. See the earlier mentioned wiki pages or https://www.sourceware.org/gdb/wiki/BuildingOnDarwin (which also demonstrates that you do not need such a complex code signing command as shown above).

You only need a paid developer ID if you want to distribute a program via the Apple store, or if you want to distribute software outside the Apple store and not require the users to right-click the application and choose "Open" the *first* time they want to run it (afterwards, they can just double-click it).

jwdietrich

  • Hero Member
  • *****
  • Posts: 1232
    • formatio reticularis
Re: Codesigning GDB: Almost there, but not quite
« Reply #9 on: December 15, 2014, 08:48:30 pm »
No, you don't need a $100/year Apple developer ID to codesign gdb, a self-signed certificate works fine. See the earlier mentioned wiki pages or https://www.sourceware.org/gdb/wiki/BuildingOnDarwin (which also demonstrates that you do not need such a complex code signing command as shown above).

You only need a paid developer ID if you want to distribute a program via the Apple store, or if you want to distribute software outside the Apple store and not require the users to right-click the application and choose "Open" the *first* time they want to run it (afterwards, they can just double-click it).

Thanks for clarifying. I wasn't aware of this distinction.
function GetRandomNumber: integer; // xkcd.com
begin
  GetRandomNumber := 4; // chosen by fair dice roll. Guaranteed to be random.
end;

http://www.formatio-reticularis.de

Lazarus 2.2.6 | FPC 3.2.2 | PPC, Intel, ARM | macOS, Windows, Linux

TinSoldier

  • Newbie
  • Posts: 4
Re: Codesigning GDB: Almost there, but not quite
« Reply #10 on: December 21, 2014, 07:31:11 am »
I installed gdb via homebrew and I spent a few hours trying to figure out how to sign it.

I did eventually succeed, but I found it to be practically useless with Lazarus. It complained about "stabs" even though I set up the options according to the instructions. Plus it would crash even trying to debug a basic "Hello World" program.

Instead, I downloaded the command line tools for Xcode 4.4 and figured out how to find gdb within the pkg. The actual package is in a hidden folder called "Packages" on the disk image, which I accessed via the command line. Then I used the "Go To Folder..." menu option in Finder to go to "/Volumes/Command Line Tools/Packages" to find the "DeveloperToolsCLI.pkg" and copied it to my home directory. Then I used Unpkg to expand the folder. There's a gdb script in the usr/bin folder, but what I wanted was the usr/libexec/gdb/gdb-i386-apple-darwin. I copied that to /usr/libexec/gdb/gdb-i386-apple-darwin. Then I linked /usr/local/bin/gdb to /usr/libexec/gdb/gdb-i386-apple-darwin.

Although I haven't tried any complex debugging tasks, it seems to work. gdb is version 6.3.50-20050815.

 

TinyPortal © 2005-2018