From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1890 invoked by alias); 4 Apr 2010 01:46:34 -0000 Received: (qmail 1864 invoked by uid 22791); 4 Apr 2010 01:46:32 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from bromo.med.uc.edu (HELO bromo.med.uc.edu) (129.137.3.146) by sourceware.org (qpsmtpd/0.43rc1) with SMTP; Sun, 04 Apr 2010 01:46:28 +0000 Received: from bromo.med.uc.edu (localhost.localdomain [127.0.0.1]) by bromo.med.uc.edu (Postfix) with ESMTP id 62BA5B0048 for ; Sat, 3 Apr 2010 21:46:26 -0400 (EDT) Received: (from howarth@localhost) by bromo.med.uc.edu (8.14.3/8.14.3/Submit) id o341kQem020744 for gdb@sourceware.org; Sat, 3 Apr 2010 21:46:26 -0400 Date: Sun, 04 Apr 2010 01:46:00 -0000 From: Jack Howarth To: gdb@sourceware.org Subject: Re: codesigning gdb on darwin? Message-ID: <20100404014626.GA20731@bromo.med.uc.edu> References: <20100403234836.GA20199@bromo.med.uc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100403234836.GA20199@bromo.med.uc.edu> User-Agent: Mutt/1.5.18 (2008-05-17) X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2010-04/txt/msg00006.txt.bz2 On Sat, Apr 03, 2010 at 07:48:36PM -0400, Jack Howarth wrote: > Has anyone managed to codesign a local build of > FSF gdb 7.1 on darwin9/10 using a local self-signed > certificate? In my attempt, I first created and trusted > a self-signed certificate in the KeyChain Access > application, created a Info.plist for the fsf-gdb > (built with a fsf- prefix) using the common name > from that self-signed certificate, built fsf-gdb > using -sectcreate __TEXT __info_plist ./gdb/Info.plist > added on LDFLAGS and then codesigned the installed > binary using the common name of the self signed > certificate. This doesn't provided access to the > required Mach port and 'codesign -d -r - /sw/bin/fsf-gdb' > shows... > > Executable=/sw/bin/fsf-gdb > library => identifier "libz.1.2.3.dylib" and anchor apple or identifier "libSystem.B.dylib" and anchor apple > # designated => identifier "org.gnu.gdb" and certificate root = H"eee294eed062a327b66695ce2e283f03c31107da" > > Has anyone tried this? Before I sign the fsf-gdb binary > 'codesign -d -r' reports it as unsigned, but signing it > seems to silently default to org.gnu.gdb. > Jack To answer my own question, it appears that you have to use the -i option in codesign... codesign -f -s 'Jack Howarth' -i 'Jack Howarth' -vvvv /sw/bin/fsf-gdb ...produces... /sw/bin/fsf-gdb: replacing existing signature /sw/bin/fsf-gdb: signed Mach-O thin (i386) [Jack Howarth] So now it is a matter of puzzling out how to give fsf-gdb enough entitlements to access the required Mach port. Jack