Skip to content

Instantly share code, notes, and snippets.

@gravitylow
Forked from hlissner/codesign_gdb.md
Last active October 23, 2024 09:17
Show Gist options
  • Save gravitylow/fb595186ce6068537a6e9da6d8b5b96d to your computer and use it in GitHub Desktop.
Save gravitylow/fb595186ce6068537a6e9da6d8b5b96d to your computer and use it in GitHub Desktop.
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
  • Identity type: Self Signed Root
  • Certificate type: Code Signing
  • Check: let me override defaults
  1. Continue until "specify a location for..."
  2. Set Keychain location to System
  3. Create certificate and close Certificate Assistant.
  4. Find certificate in System keychain.
  5. Double click certificate
  6. Expand Trust, set Code signing to always trust
  7. Restart taskgated in terminal: killall taskgated
  8. Codesign gdb using your certificate: codesign -fs gdbc /usr/local/bin/gdb
  9. Shut down your mac and restart in recovery mode (hold down command-R until apple logo appears)
  10. Open terminal window
  11. Modify System Integrity Protection to allow debugging: csrutil enable --without debug
  12. Reboot your Mac. Debugging with gdb should now work as expected.
@stiofand
Copy link

Same issue on Catalina for me

@assishb
Copy link

assishb commented Jan 19, 2021

Same error on BigSur!

@yushangakki
Copy link

This works on MacOS Big Sur 11.2.1.

@phire0
Copy link

phire0 commented Mar 9, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

Thank you for this, works perfectly and I don't have to mess around with SIP.

@kayahans
Copy link

kayahans commented Apr 9, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

Works perfectly for catalina 10.15.7, thanks a lot for the instructions

@ijpq
Copy link

ijpq commented Apr 17, 2021

i found the ultimate resolution : link
solved on macos 10.15.7 & gdb 10.1

@tstevelt
Copy link

big sur key chain access does not have the options listed in step 3. Instead has Keychain Item Name:, Account Name: Password:
Screen Shot 2021-06-16 at 4 33 54 PM

@niilz
Copy link

niilz commented Sep 14, 2021

@ijpg, @schemacs That link worked perfectly for me on BigSur (11.5.2) 👍

(confirming: I also did NOT have to do the whole --without debug in recovery mode)

Copy link

ghost commented Oct 20, 2021

This worked for me. There was no need to disable SIP.

  • Add set startup-with-shell off to ~/.gdbinit

  • Create code signing ceertificate with Keychain Access app

  • codesign with --entitlements option

    • $ codesign --entitlements gdb.xml -fs gdb $(which gdb)
  • Kill taskgated (and wait for a while)

    • $ sudo pkill taskgated

macOS Catalina (10.15.7)
GNU gdb 10.1
gcc Apple clang version 12.0.0 (clang-1200.0.32.21)

How or where do I add 'set startup-with-shell off' to '~/.gdbinit'?
I put the xml-file in /usr/local/bin where gdb is located, is this correct?
These instructions are beyond my understanding/knowledge... 🙈 I would be so happy if anyone could help

@CarterFendley
Copy link

CarterFendley commented Oct 29, 2021

Big Sur 11.4
gdb 11.1

Gdb is running sometimes other times it will hang / block after (gdb) run and will not let me terminate the process. I think it might be a part of this issue as described here. Might debug further later but for now switching to lldb

To get gdb running:

Used this procedure starting from the 1.1. Create a certificate in the System Keychain with the addition of echo "set startup-with-shell off" >> ~/.gdbinit

I had previous run the csrutil enable --without debug in recovery mode too. It is possible that that step is necessary. Probably would recommend to try without first according it @niilz it is not needed.

@gravitylow notice me senpai

@benzainz
Copy link

macOs monterey 12.1 . nov 14 2021

application/utilities > good
Keychain Access > good
Certificate Assistant > ??? this option no appears
Create a certificate> ??? this option no appears

@nirbhayc
Copy link

nirbhayc commented Dec 5, 2021

It only worked for me after I added --entitlements switch (as mentioned in https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#gistcomment-2891198).

I created gdb-entitlements.xml in current directory, and

$ sudo codesign --entitlements gdb-entitlement.xml -fs gdbc /usr/local/bin/gdb

Big Sur (11.6), gdb (10.1)

@tcwan
Copy link

tcwan commented Mar 30, 2023

Managed to codesign build and gdb 12.1 +multiarch on Venture 13.2.1 on Mac Mini M2 a few weeks ago.

The I updated to Ventura 13.3. Macports had a new gdb port to 13.1.
I tried to update gdb to 13.1, which currently fails compilation on Apple Silicon due to some dylib machine architecture mismatch.

Reverted to gdb 12.1 +multiarch, tried to build, but now codesigning fails.

sudo codesign --entitlements gdb-entitlement.xml -fs gdb-cert /opt/local/bin/ggdb
/opt/local/bin/ggdb: errSecInternalComponent

Edit: Found out that I cannot do this from a SSH session from my user account.
I needed to log into the Administrator account directly from macOS and run the codesign from the terminal as a local session. This is because codesign will trigger a system administrator password dialog before it can proceed.

@UponTheSky
Copy link

@schemacs
Thanks it works! Mine is old Monteray 12.5 with Intel core i5, and the gdb is 13.1

@david-alvarez-rosa
Copy link

Tried above in MacOS Ventura (M1)—not working for me unfortunately :(

Does anyone know how to get this fixed? I really want to get GDB working.

@GOODMIA2024
Copy link

Tried above in MacOS Ventura (M1)—not working for me unfortunately :(

Does anyone know how to get this fixed? I really want to get GDB working.

Same issue here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment