Re: codesigning gdb on darwin?

[Jack Howarth <howarth@bromo.med.uc.edu>]

On Sat, Apr 03, 2010 at 07:48:36PM -0400, Jack Howarth wrote:
>    Has anyone managed to codesign a local build of
> FSF gdb 7.1 on darwin9/10 using a local self-signed
> certificate? In my attempt, I first created and trusted
> a self-signed certificate in the KeyChain Access
> application, created a Info.plist for the fsf-gdb
> (built with a fsf- prefix) using the common name
> from that self-signed certificate, built fsf-gdb
> using -sectcreate __TEXT __info_plist ./gdb/Info.plist
> added on LDFLAGS and then codesigned the installed
> binary using the common name of the self signed
> certificate. This doesn't provided access to the
> required Mach port and 'codesign -d -r - /sw/bin/fsf-gdb'
> shows...
> 
> Executable=/sw/bin/fsf-gdb
> library => identifier "libz.1.2.3.dylib" and anchor apple or identifier "libSystem.B.dylib" and anchor apple
> # designated => identifier "org.gnu.gdb" and certificate root = H"eee294eed062a327b66695ce2e283f03c31107da"
> 
> Has anyone tried this? Before I sign the fsf-gdb binary
> 'codesign -d -r' reports it as unsigned, but signing it
> seems to silently default to org.gnu.gdb.
>          Jack

   To answer my own question, it appears that you have to use the
-i option in codesign...

codesign -f -s 'Jack Howarth' -i 'Jack Howarth' -vvvv /sw/bin/fsf-gdb

...produces...

/sw/bin/fsf-gdb: replacing existing signature
/sw/bin/fsf-gdb: signed Mach-O thin (i386) [Jack Howarth]

So now it is a matter of puzzling out how to give fsf-gdb enough
entitlements to access the required Mach port.
        Jack