Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
  • Identity type: Self Signed Root
  • Certificate type: Code Signing
  • Check: let me override defaults
  1. Continue until "specify a location for..."
  2. Set Keychain location to System
  3. Create certificate and close Certificate Assistant.
  4. Find certificate in System keychain.
  5. Double click certificate
  6. Expand Trust, set Code signing to always trust
  7. Restart taskgated in terminal: killall taskgated
  8. Codesign gdb using your certificate: codesign -fs gdbc /usr/local/bin/gdb
  9. Shut down your mac and restart in recovery mode (hold down command-R until apple logo appears)
  10. Open terminal window
  11. Modify System Integrity Protection to allow debugging: csrutil enable --without debug
  12. Reboot your Mac. Debugging with gdb should now work as expected.
@lokoum
Copy link

lokoum commented Jun 21, 2018

@ChrisCharrison @OUCHUNYU

I am on 10.13.5 an can fully debug using GDB :

➜  /tmp gdb --version
GNU gdb (GDB) 8.0.1
[...]

Did you try to use GDB without CLion ? because I can read from intelliJ :

As for the debugger, CLion includes bundled GDB 8.1 for Linux and Windows (note, no GDB is bundled for Cygwin on Windows)
and GDB 8.0 for macOS, bundled LLDB 5.0 on macOS and Linux. 
Custom GDB 7.8.x-8.1.x can be selected in CLion settings as well.

(https://intellij-support.jetbrains.com/hc/en-us/articles/206556469-What-compiler-debugger-can-I-use-within-CLion-)

so are you certain that you are using the GDB you installed from brew ?

Did you try to re-install it following my steps ? (see my comment on top)

EDIT:

The GDB 8.2 branch has been created : https://www.gnu.org/software/gdb/news/
So may be we will be able to update our gdb, I will update this thread after some tests.

@kgbook
Copy link

kgbook commented Jul 26, 2018

degrade to gdb 8.0.1, it works for me.

@schemacs
Copy link

schemacs commented Apr 17, 2019

codesign -fs gdbc /usr/local/bin/gdb should be changed to codesign --entitlements gdb-entitlement.xml -fs gdb-cert /usr/local/bin/gdb on 10.14 according to Sign and entitle the gdb binary

gdb-entitlement.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.debugger</key>
    <true/>
</dict>
</plist>
</pre>

@Sergey1983
Copy link

Sergey1983 commented May 31, 2019

Mac OS Sierra 10.13.6
gdb 8.0.1

I discovered that I already had gdbcert1 in my System.
Followed everything from 7.
Works!

@V3rochka
Copy link

V3rochka commented Oct 19, 2019

Mac OS Mojave
gdb 8.3

Works after following @ElisabeteCoelho 's suggestion and add entitlements as @schemacs had described

(Skipped 12 - 15)
Thanks!

Copy link

ghost commented Nov 16, 2019

Thanks!!!!

@sarnobat
Copy link

sarnobat commented Dec 19, 2019

codesign -fs gdbc /usr/local/bin/gdb should be changed to codesign --entitlements gdb-entitlement.xml -fs gdb-cert /usr/local/bin/gdb on 10.14 according to Sign and entitle the gdb binary

gdb-entitlement.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.debugger</key>
    <true/>
</dict>
</plist>
</pre>

This worked for me, after a lot of frustration with the more common answer. Thank you.

@tcwan
Copy link

tcwan commented Mar 18, 2020

codesign -fs gdbc /usr/local/bin/gdb should be changed to codesign --entitlements gdb-entitlement.xml -fs gdb-cert /usr/local/bin/gdb on 10.14 according to Sign and entitle the gdb binary
gdb-entitlement.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.debugger</key>
    <true/>
</dict>
</plist>
</pre>

This worked for me, after a lot of frustration with the more common answer. Thank you.

I found that I need to do the codesigning from the administrator account (my user account is not administrator). Otherwise I get a errSecInternalComponent error.

Relevant hint

@niepiekm
Copy link

niepiekm commented Apr 16, 2020

I just followed the steps to codesign gdb 9.1 but I had to make sure I called codesign with sudo. Similarly, I need to run sudo gdb to be able to debug an app.

@zhenni
Copy link

zhenni commented May 14, 2020

Cannot use gdb after all the steps... But I found lldb works fine now.
macOS Mojave 10.14.6
GDB 9.1

@hemulens
Copy link

hemulens commented May 16, 2020

Cannot use gdb after all the steps... But I found lldb works fine now.
macOS Mojave 10.14.6
GDB 9.1

@zhenni, same for me. I have been using these guidelines, but I don't know where to put the entitlement XML file. Do you know it by any chance?

@fantasyczl
Copy link

fantasyczl commented May 17, 2020

Thanks

@bucketzxm
Copy link

bucketzxm commented Jul 15, 2020

Cannot use gdb after all the steps... But I found lldb works fine now.
macOS Mojave 10.14.6
GDB 9.1

maybe you can try to use sudo gdb or use the gdb-entitlement.xml

@zhenni
Copy link

zhenni commented Jul 16, 2020

Thanks, @bucketzxm. Hi @hemulens I think I tried all these things mentioned, but failed. I finally use lldb instead.

@abisarwan-go
Copy link

abisarwan-go commented Oct 11, 2020

and add
'set startup-with-shell off' in ~/.gdbinit

how to do these 2 instructions
i dont get it, should i write in terminal?

@tamakiii
Copy link

tamakiii commented Oct 29, 2020

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit
  • Create code signing ceertificate with Keychain Access app
  • codesign with --entitlements option
    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)
    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

@kkonevets
Copy link

kkonevets commented Nov 14, 2020

does not work on Big Sur

@kingassune
Copy link

kingassune commented Dec 16, 2020

I'm having the same issues right now. Big Sur is trash.

@stiofand
Copy link

stiofand commented Jan 15, 2021

Same issue on Catalina for me

@assishb
Copy link

assishb commented Jan 19, 2021

Same error on BigSur!

@yushangakki
Copy link

yushangakki commented Feb 26, 2021

This works on MacOS Big Sur 11.2.1.

@phire0
Copy link

phire0 commented Mar 9, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

Thank you for this, works perfectly and I don't have to mess around with SIP.

@kayahans
Copy link

kayahans commented Apr 9, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

Works perfectly for catalina 10.15.7, thanks a lot for the instructions

@ijpq
Copy link

ijpq commented Apr 17, 2021

i found the ultimate resolution : link
solved on macos 10.15.7 & gdb 10.1

@tstevelt
Copy link

tstevelt commented Jun 16, 2021

big sur key chain access does not have the options listed in step 3. Instead has Keychain Item Name:, Account Name: Password:
Screen Shot 2021-06-16 at 4 33 54 PM

@niilz
Copy link

niilz commented Sep 14, 2021

@ijpg, @schemacs That link worked perfectly for me on BigSur (11.5.2) 👍

(confirming: I also did NOT have to do the whole --without debug in recovery mode)

Copy link

ghost commented Oct 20, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

How or where do I add 'set startup-with-shell off' to '~/.gdbinit'?
I put the xml-file in /usr/local/bin where gdb is located, is this correct?
These instructions are beyond my understanding/knowledge... 🙈 I would be so happy if anyone could help

@CarterFendley
Copy link

CarterFendley commented Oct 29, 2021

Big Sur 11.4
gdb 11.1

Gdb is running sometimes other times it will hang / block after (gdb) run and will not let me terminate the process. I think it might be a part of this issue as described here. Might debug further later but for now switching to lldb

To get gdb running:

Used this procedure starting from the 1.1. Create a certificate in the System Keychain with the addition of echo "set startup-with-shell off" >> ~/.gdbinit

I had previous run the csrutil enable --without debug in recovery mode too. It is possible that that step is necessary. Probably would recommend to try without first according it @niilz it is not needed.

@gravitylow notice me senpai

@benzainz
Copy link

benzainz commented Nov 15, 2021

macOs monterey 12.1 . nov 14 2021

application/utilities > good
Keychain Access > good
Certificate Assistant > ??? this option no appears
Create a certificate> ??? this option no appears

@nirbhayc
Copy link

nirbhayc commented Dec 5, 2021

It only worked for me after I added --entitlements switch (as mentioned in https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#gistcomment-2891198).

I created gdb-entitlements.xml in current directory, and

$ sudo codesign --entitlements gdb-entitlement.xml -fs gdbc /usr/local/bin/gdb

Big Sur (11.6), gdb (10.1)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment