From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-36477-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 24371 invoked by alias); 17 Dec 2009 17:13:37 -0000
Received: (qmail 24363 invoked by uid 22791); 17 Dec 2009 17:13:36 -0000
X-SWARE-Spam-Status: No, hits=-2.4 required=5.0 	tests=AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from bromo.med.uc.edu (HELO bromo.med.uc.edu) (129.137.3.146)     by sourceware.org (qpsmtpd/0.43rc1) with SMTP; Thu, 17 Dec 2009 17:13:33 +0000
Received: from bromo.med.uc.edu (localhost.localdomain [127.0.0.1]) 	by bromo.med.uc.edu (Postfix) with ESMTP id 46ED3400008 	for <gdb@sourceware.org>; Thu, 17 Dec 2009 12:13:31 -0500 (EST)
Received: (from howarth@localhost) 	by bromo.med.uc.edu (8.14.3/8.14.3/Submit) id nBHHDVrV002707 	for gdb@sourceware.org; Thu, 17 Dec 2009 12:13:31 -0500
Date: Thu, 17 Dec 2009 17:13:00 -0000
From: Jack Howarth <howarth@bromo.med.uc.edu>
To: gdb@sourceware.org
Subject: gdb code signing on darwin?
Message-ID: <20091217171331.GA2469@bromo.med.uc.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-IsSubscribed: yes
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2009-12/txt/msg00100.txt.bz2

  Has anyone made progress on solving the issue of the code signing requirement
for FSF gdb on darwin 10.5.8 and Snow Leopard? In particular, looking at...

http://developer.apple.com/mac/library/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW2

I am wondering if it is possible to generate a self signed certificate from command
line tools which will solve the problem on a per-machine basis. I ask because in
fink, we could run a post install script that would sign the FSF gdb to run properly
on the specific machine that the software was installed on. However it is unclear to
me if one needs additional entitlements beyond those provided by self signed keys
for gdb to have access to the kernel ports. Thanks in advance for any updates on
this issue as I am considering adding a gdb-7.x package to fink but the current
requirement that gdb be run as root is problematic.
           Jack