Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Codesign gdb on OSX


Note: these instructions are for pre-Sierra MacOS. Sierra (10.12) and newer users see https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d by @gravitylow



If you are getting this in gdb on OSX while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In the menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
    • Identity type: Self Signed Root
    • Certificate type: Code Signing
    • Check: let me override defaults
  4. Continue until it prompts you for: "specify a location for..."
  5. Set Keychain location to System
  6. Create a certificate and close assistant.
  7. Find the certificate in System keychains, right click it > get info (or just double click it)
  8. Expand Trust, set Code signing to always trust
  9. Restart taskgated in terminal: killall taskgated
  10. Enable root account:
    1. Open System Preferences
    2. Go to User & Groups > Unlock
    3. Login Options > "Join" (next to Network Account Server)
    4. Click "Open Directory Utility"
    5. Go up to Edit > Enable Root User
  11. Run codesign -fs gdbc /usr/local/bin/gdb in terminal: this asks for the root password
  12. Disable root account (see #10)

Done!

@absnaik810
Copy link

absnaik810 commented Jan 13, 2018

Very helpful. Would you please explain why we need steps 9-12?

Copy link

ghost commented Feb 8, 2018

getting During startup program terminated with signal SIGTRAP, Trace/breakpoint trap.
plus, csrutil enable --without debug does not work in high sierra 11.13.4 Beta (17E150f)
every single time, apple makes sure that we cannot do out work... home they go to zero billions market capitalization soon, would not be the first time, for the very same (unfortunate) reason

@lokoum
Copy link

lokoum commented Feb 14, 2018

@tcelik
Copy link

tcelik commented Apr 23, 2018

Jobe is done! Amazing help! Thanks a lot!

@kaituo2
Copy link

kaituo2 commented Jul 8, 2018

This may not be related. You can use lldb on macos instead of gdb. You don't need this hassel to install gdb.

@raxod502
Copy link

raxod502 commented Nov 25, 2018

I needed to run sudo killall taskgated rather than just killall taskgated, which reported No matching processes belonging to you were found.

@jerrychan807
Copy link

jerrychan807 commented Dec 24, 2018

Thanks! That helps!

@duhd1993
Copy link

duhd1993 commented Jan 9, 2019

FYI, refer to https://sourceware.org/gdb/wiki/PermissionsDarwin if the instruction doesn't work for you on Mojave

@jake-bickle
Copy link

jake-bickle commented Jan 31, 2019

I'm following these instructions step by step. After step 6, the certification fails stating "the specified item could not be found in the keychain". I'm using High Sierra 10.13.3. Can anyone help me?

@tangles2
Copy link

tangles2 commented Mar 11, 2019

I followed all these steps but when I make the certificate it gives me a message saying "An error occurred" "error code: -2,147,414,007"

@AcnodeLabs
Copy link

AcnodeLabs commented Mar 20, 2019

same here = I followed all these steps but when I make the certificate it gives me a message saying "An error occurred" "error code: -2,147,414,007"

@dcflin
Copy link

dcflin commented Mar 27, 2019

I see -2,147,414,007 error too. This is most likely due to that you have cert created already in either login or system. Remove them all (gdb cert you created earlier), and recreate a new one. You should be good then.

@merlinyx
Copy link

merlinyx commented Apr 11, 2019

It could also be that there's some other item with the same name gdbc (in my case it is public-private key). You can use a different name (I had the same error and used gdbcert instead and was able to create the certificate).

@humanitiesclinic
Copy link

humanitiesclinic commented May 9, 2019

Hi, I was trying to install gdb on the Mac, and found your post. I followed your instructions, but now have an additional problem. Do you know why:
gdb can start, but it's showing:

start
Temporary breakpoint 1 at 0x100000f04
Starting program: /Users/user/Documents/codecompre_tooltest/a.out 
[New Thread 0x1703 of process 1645]
[New Thread 0x1903 of process 1645]
[New Thread 0x1a03 of process 1645]

[3]+  Stopped                 gdb a.out

@TonyCrawford
Copy link

TonyCrawford commented Jun 12, 2019

Three cheers for hlissner!

@danijeldomazetprivate
Copy link

danijeldomazetprivate commented Sep 10, 2019

I see -2,147,414,007 error too and I don't have a cert already installed... what to do?

@hlissner
Copy link
Author

hlissner commented Sep 10, 2019

@DanijelDomazet Perhaps this could help:

For those getting unknown error = -2,147,414,007 when creating the cert. The System folder needs to be unlocked before starting the certificate creation process.

From https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#gistcomment-2402870

@idevz
Copy link

idevz commented Nov 14, 2019

this is didn't work for macosx 10.15.1, does any one have met this?

@skhalymon
Copy link

skhalymon commented Dec 15, 2019

@idevz have you managed how to run it on macosx 10.15? For me run with sudo made work.

@drriguz
Copy link

drriguz commented Dec 18, 2019

this is didn't work for macosx 10.15.1, does any one have met this?

same problem, my eclipse-cdt hangs at 96% when debugging using gdb, even if I signed following this post

@tsangint
Copy link

tsangint commented Dec 31, 2019

@idevz @Infernion same with me, I must run with sudo on macosx 10.15.1

@tsangint
Copy link

tsangint commented Dec 31, 2019

@idevz @Infernion same with me, I must run with sudo on macosx 10.15.1

And it is much slower than lldb, It spent too much time during Reading symbols from xxx...

@mahduum
Copy link

mahduum commented Dec 31, 2019

What an annoyance! Well, it works from the administrator's account, but it does absolutely nothing elsewhere, I did everything from every level and it still won't go... Why Apply has to be so difficult!!!

@johnothwolo
Copy link

johnothwolo commented Jan 7, 2020

I won't be surprised if Apple completely disables the root account next.

@HappyTigger
Copy link

HappyTigger commented Jul 26, 2020

No error occurs during the signing. But it does not work. Gdb still requires to be code signed when debugging.

@HCastanha
Copy link

HCastanha commented Oct 24, 2020

Executed thoroughly in 10.15.5. Didn't work properly, unfortunately. Error message persists.

@hlissner
Copy link
Author

hlissner commented Oct 25, 2020

In case anyone misses the giant text at the top of the gist:

Note: these instructions are for pre-Sierra MacOS. Sierra (10.12) and newer users see https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d by @gravitylow

Though, admittedly, I don't even know if the linked guide works. I haven't been on macOS in nearly 8 years. Good luck!

@guipborges
Copy link

guipborges commented Apr 23, 2021

@hao-lh
Copy link

hao-lh commented Sep 8, 2022

I needed to run sudo killall taskgated rather than just killall taskgated, which reported No matching processes belonging to you were found.

Thanks for clarification. Using sudo helped for my machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment