4

This arose from How to install gdb (debugger) in Mac OSX El Capitan?.

I have macports working under el capitan no problem and have installed the gdb port but I can't get the codesigning to work. It all seems to have worked. The certificate is there and "Always Trust" is set. The binary shows:

$ codesign -d -v -v /opt/local/bin/ggdb 
Executable=/opt/local/bin/ggdb
Identifier=org.gnu.gdb
Format=Mach-O thin (x86_64)
CodeDirectory v=20100 size=25320 flags=0x0(none) hashes=1261+2 location=embedded
Signature size=1392
Authority=gdb-cert
Signed Time=23 Oct 2015, 07:56:53
Info.plist entries=4
TeamIdentifier=not set
Sealed Resources=none
Internal requirements count=1 size=88

but I get

(gdb) r
Starting program: /Users/sal/Katiss/ecodriving 
Unable to find Mach task port for process-id 39278: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))

when I try to start debugging something.

Any ideas?

mstorsjo
  • 12,983
  • 2
  • 39
  • 62
Steve Linton
  • 349
  • 4
  • 12

2 Answers2

7

I just settled this problem by using the following command.

sudo dseditgroup -o edit -a yourusername -t user procmod

Which adds you to group procmod.

It's just because only users in procmod can use function task_for_pid, and you can find that the own group of /opt/local/bin/ggdb is procmod.

Yang Jiaqi
  • 91
  • 3
  • This does not solve it for me. Do you need to reboot or restart your session? – chqrlie Oct 31 '15 at 15:23
  • There are two separate alternatives: for `procmod` group members to be permitted to run a custom gdb, the -p option must be added to `taskgated`. The other option is to sign the binary, and add users to the `_developer` group. See my summary at http://stackoverflow.com/a/34221969/4402721 – drRobertz Dec 11 '15 at 11:50
  • This fixed it for me too. I imagine the ggdb binary's ownership is the issue, since membership of procmod is not a requirement per se - my own tools that use task_for_pid (owned by user tom, group staff) were unaffected by my quote-unquote upgrade to El Capitan. – Tom Seddon May 05 '16 at 13:36
1

I installed MacPorts gcc9 (gcc-9.2.0) on an older iMac (10.11.6 El Capitan), and recently needed to install the gdb port (gdb-9.1.0); predictably encountering the same code-signing / permission issue.

There's a list of instructions on github that worked perfectly for me, simply replacing: /usr/local/bin/gdb with: /opt/local/bin/ggdb. Since such snippets on github may be ephemeral, so I'll paste it here:

  1. Open Keychain Access
  2. In the menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
    • Identity type: Self Signed Root
    • Certificate type: Code Signing
    • Check: let me override defaults
  4. Continue until it prompts you for: "specify a location for..."
  5. Set Keychain location to System
  6. Create a certificate and close assistant.
  7. Find the certificate in System keychains, right click it > get info (or just double click it)
  8. Expand Trust, set Code signing to always trust
  9. Restart taskgated in terminal: killall taskgated
  10. Enable root account:
    1. Open System Preferences
    2. Go to User & Groups > Unlock
    3. Login Options > "Join" (next to Network Account Server)
    4. Click "Open Directory Utility"
    5. Go up to Edit > Enable Root User
  11. Run codesign -fs gdbc /usr/local/bin/gdb in terminal: this asks for the root password
  12. Disable root account (see #10)

Done!

Brett Hale
  • 21,653
  • 2
  • 61
  • 90