Codesign gdb on macOS

codesign_gdb.md

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

1. Open Keychain Access
2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
3. Give it a name (e.g. gdbc)

• Identity type: Self Signed Root
• Certificate type: Code Signing
• Check: let me override defaults

4. Continue until "specify a location for..."
5. Set Keychain location to System
6. Create certificate and close Certificate Assistant.
7. Find certificate in System keychain.
8. Double click certificate
9. Expand Trust, set Code signing to always trust
10. Restart taskgated in terminal: killall taskgated
11. Codesign gdb using your certificate: codesign -fs gdbc /usr/local/bin/gdb
12. Shut down your mac and restart in recovery mode (hold down command-R until apple logo appears)
13. Open terminal window
14. Modify System Integrity Protection to allow debugging: csrutil enable --without debug
15. Reboot your Mac. Debugging with gdb should now work as expected.

Big Sur 11.4
gdb 11.1

Gdb is running sometimes other times it will hang / block after (gdb) run and will not let me terminate the process. I think it might be a part of this issue as described here. Might debug further later but for now switching to lldb

To get gdb running:

Used this procedure starting from the 1.1. Create a certificate in the System Keychain with the addition of echo "set startup-with-shell off" >> ~/.gdbinit

I had previous run the csrutil enable --without debug in recovery mode too. It is possible that that step is necessary. Probably would recommend to try without first according it @niilz it is not needed.

@gravitylow notice me senpai

macOs monterey 12.1 . nov 14 2021

application/utilities > good
Keychain Access > good
Certificate Assistant > ??? this option no appears
Create a certificate> ??? this option no appears

It only worked for me after I added --entitlements switch (as mentioned in https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#gistcomment-2891198).

I created gdb-entitlements.xml in current directory, and

$ sudo codesign --entitlements gdb-entitlement.xml -fs gdbc /usr/local/bin/gdb

Big Sur (11.6), gdb (10.1)

Managed to codesign build and gdb 12.1 +multiarch on Venture 13.2.1 on Mac Mini M2 a few weeks ago.

The I updated to Ventura 13.3. Macports had a new gdb port to 13.1.
I tried to update gdb to 13.1, which currently fails compilation on Apple Silicon due to some dylib machine architecture mismatch.

Reverted to gdb 12.1 +multiarch, tried to build, but now codesigning fails.

sudo codesign --entitlements gdb-entitlement.xml -fs gdb-cert /opt/local/bin/ggdb
/opt/local/bin/ggdb: errSecInternalComponent

Edit: Found out that I cannot do this from a SSH session from my user account.
I needed to log into the Administrator account directly from macOS and run the codesign from the terminal as a local session. This is because codesign will trigger a system administrator password dialog before it can proceed.

@schemacs
Thanks it works! Mine is old Monteray 12.5 with Intel core i5, and the gdb is 13.1

Tried above in MacOS Ventura (M1)—not working for me unfortunately :(

Does anyone know how to get this fixed? I really want to get GDB working.

Tried above in MacOS Ventura (M1)—not working for me unfortunately :(

Does anyone know how to get this fixed? I really want to get GDB working.

Same issue here