Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Codesign gdb on OSX

Note: these instructions are for pre-Sierra MacOS. Sierra and newer users see https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d by @gravitylow.

If you are getting this in gdb on OSX while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In the menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
    • Identity type: Self Signed Root
    • Certificate type: Code Signing
    • Check: let me override defaults
  4. Continue until it prompts you for: "specify a location for..."
  5. Set Keychain location to System
  6. Create a certificate and close assistant.
  7. Find the certificate in System keychains, right click it > get info (or just double click it)
  8. Expand Trust, set Code signing to always trust
  9. Restart taskgated in terminal: killall taskgated
  10. Enable root account:
    1. Open System Preferences
    2. Go to User & Groups > Unlock
    3. Login Options > "Join" (next to Network Account Server)
    4. Click "Open Directory Utility"
    5. Go up to Edit > Enable Root User
  11. Run codesign -fs gdbc /usr/local/bin/gdb in terminal: this asks for the root password
  12. Disable root account (see #10)

Done!

@praneethkumarpidugu

This comment has been minimized.

Copy link

commented Feb 5, 2017

Thanks very helpful resource.

@Arxcis

This comment has been minimized.

Copy link

commented May 29, 2017

Thank you!

@byronformwalt

This comment has been minimized.

Copy link

commented Jun 28, 2017

Has anyone got this working on macOS 10.12.5?

@fabulousduck

This comment has been minimized.

Copy link

commented Aug 23, 2017

The trust tab seems to have been removed in OSX 10.12 (sierra).

@gravitylow

This comment has been minimized.

Copy link

commented Sep 5, 2017

@fabulousduck Trust is still there. Make sure you're clicking on the certificate and not on the public or private key.

@gravitylow

This comment has been minimized.

Copy link

commented Sep 5, 2017

I updated this with the extra step to modify System Integrity Protection which is required to make this work on Sierra's additional security: https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d

@cwilldev46

This comment has been minimized.

Copy link

commented Sep 27, 2017

You are my hero. Seriously, I have spent the last two hours trying to figure out what was wrong and this post was the answer.

@vgvassilev

This comment has been minimized.

Copy link

commented Oct 4, 2017

Thanks! That helps!

@AlexVejo92

This comment has been minimized.

Copy link

commented Oct 9, 2017

unknown error = -2.147.414.007 when I create cert
someone knows why Im getting this error here?

@sidoh

This comment has been minimized.

Copy link

commented Oct 16, 2017

Thank you for this!

@dtamayo

This comment has been minimized.

Copy link

commented Oct 19, 2017

@AlexVejo92, I got the same error. Couldn't fix it, but was able to create it in the login keychain. Then in Keychain, click on it, file->export to some location, then under the System Keychain, file->import it

@hmalphettes

This comment has been minimized.

Copy link

commented Oct 31, 2017

@dtamayo: many thanks for the workaround.

@pbazard

This comment has been minimized.

Copy link

commented Oct 31, 2017

Thanks a lot, very helpful

@tjmehta

This comment has been minimized.

Copy link

commented Dec 14, 2017

Awesome thanks!

@femilofin

This comment has been minimized.

Copy link

commented Dec 15, 2017

@dtamayo thanks for the workaround.

@absnaik810

This comment has been minimized.

Copy link

commented Jan 13, 2018

Very helpful. Would you please explain why we need steps 9-12?

@ghost

This comment has been minimized.

Copy link

commented Feb 8, 2018

getting During startup program terminated with signal SIGTRAP, Trace/breakpoint trap.
plus, csrutil enable --without debug does not work in high sierra 11.13.4 Beta (17E150f)
every single time, apple makes sure that we cannot do out work... home they go to zero billions market capitalization soon, would not be the first time, for the very same (unfortunate) reason

@lokoum

This comment has been minimized.

@tcelik

This comment has been minimized.

Copy link

commented Apr 23, 2018

Jobe is done! Amazing help! Thanks a lot!

@kaituo2

This comment has been minimized.

Copy link

commented Jul 8, 2018

This may not be related. You can use lldb on macos instead of gdb. You don't need this hassel to install gdb.

@raxod502

This comment has been minimized.

Copy link

commented Nov 25, 2018

I needed to run sudo killall taskgated rather than just killall taskgated, which reported No matching processes belonging to you were found.

@jerrychan807

This comment has been minimized.

Copy link

commented Dec 24, 2018

Thanks! That helps!

@lonelykid

This comment has been minimized.

Copy link

commented Jan 9, 2019

FYI, refer to https://sourceware.org/gdb/wiki/PermissionsDarwin if the instruction doesn't work for you on Mojave

@jake-bickle

This comment has been minimized.

Copy link

commented Jan 31, 2019

I'm following these instructions step by step. After step 6, the certification fails stating "the specified item could not be found in the keychain". I'm using High Sierra 10.13.3. Can anyone help me?

@tangles2

This comment has been minimized.

Copy link

commented Mar 11, 2019

I followed all these steps but when I make the certificate it gives me a message saying "An error occurred" "error code: -2,147,414,007"

@AcnodeLabs

This comment has been minimized.

Copy link

commented Mar 20, 2019

same here = I followed all these steps but when I make the certificate it gives me a message saying "An error occurred" "error code: -2,147,414,007"

@dcflin

This comment has been minimized.

Copy link

commented Mar 27, 2019

I see -2,147,414,007 error too. This is most likely due to that you have cert created already in either login or system. Remove them all (gdb cert you created earlier), and recreate a new one. You should be good then.

@merlinyx

This comment has been minimized.

Copy link

commented Apr 11, 2019

It could also be that there's some other item with the same name gdbc (in my case it is public-private key). You can use a different name (I had the same error and used gdbcert instead and was able to create the certificate).

@humanitiesclinic

This comment has been minimized.

Copy link

commented May 9, 2019

Hi, I was trying to install gdb on the Mac, and found your post. I followed your instructions, but now have an additional problem. Do you know why:
gdb can start, but it's showing:

start
Temporary breakpoint 1 at 0x100000f04
Starting program: /Users/user/Documents/codecompre_tooltest/a.out 
[New Thread 0x1703 of process 1645]
[New Thread 0x1903 of process 1645]
[New Thread 0x1a03 of process 1645]

[3]+  Stopped                 gdb a.out
@TonyCrawford

This comment has been minimized.

Copy link

commented Jun 12, 2019

Three cheers for hlissner!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.