[Lldb-commits] [lldb] r347305 - [CMake] Streamline code signing for debugserver and pass entitlements to extended llvm_codesign

Stefan Granitz via lldb-commits lldb-commits at lists.llvm.org
Tue Nov 20 06:10:33 PST 2018


Author: stefan.graenitz
Date: Tue Nov 20 06:10:33 2018
New Revision: 347305

URL: http://llvm.org/viewvc/llvm-project?rev=347305&view=rev
Log:
[CMake] Streamline code signing for debugserver and pass entitlements to extended llvm_codesign

Summary:
Use llvm_codesign to sign debugserver with entitlements.
Set global LLVM_CODESIGNING_IDENTITY from LLDB_CODESIGN_IDENTITY (if given).
Pass through ENTITLEMENTS from add_lldb_executable to add_llvm_executable.
Handle reconfigurations correctly.

We have a lot of cases, make them explicit:

(1) build and sign debugserver, if all conditions apply:
* LLDB_NO_DEBUGSERVER=OFF (default)
* On Darwin: LLDB_USE_SYSTEM_DEBUGSERVER=OFF (default)
* On Darwin: LLVM_CODESIGNING_IDENTITY == lldb_codesign

(2) use system debugserver, if on Darwin and any of:
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and found on system (explicit case)
* LLVM_CODESIGNING_IDENTITY != lldb_codesign and found on system (fallback case)

(3) debugserver will not be available, in case of:
* LLDB_NO_DEBUGSERVER=ON
* On Darwin: LLVM_CODESIGNING_IDENTITY != lldb_codesign and not found on system

(4) error state, in case of:
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and not found on system
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and LLDB_NO_DEBUGSERVER=ON

Reviewers: xiaobai, beanz, vsk, JDevlieghere

Subscribers: mgorny, lldb-commits, llvm-commits

Differential Revision: https://reviews.llvm.org/D54476

Modified:
    lldb/trunk/CMakeLists.txt
    lldb/trunk/cmake/modules/AddLLDB.cmake
    lldb/trunk/test/CMakeLists.txt
    lldb/trunk/tools/debugserver/CMakeLists.txt
    lldb/trunk/tools/debugserver/source/CMakeLists.txt
    lldb/trunk/unittests/tools/CMakeLists.txt

Modified: lldb/trunk/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/CMakeLists.txt (original)
+++ lldb/trunk/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -11,6 +11,12 @@ include(LLDBStandalone)
 include(LLDBConfig)
 include(AddLLDB)
 
+option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON)
+if(LLDB_CODESIGN_IDENTITY)
+  # In the future we may use LLVM_CODESIGNING_IDENTITY directly.
+  set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY})
+endif()
+
 # Define the LLDB_CONFIGURATION_xxx matching the build type
 if( uppercase_CMAKE_BUILD_TYPE STREQUAL "DEBUG" )
   add_definitions( -DLLDB_CONFIGURATION_DEBUG )

Modified: lldb/trunk/cmake/modules/AddLLDB.cmake
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/cmake/modules/AddLLDB.cmake?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/cmake/modules/AddLLDB.cmake (original)
+++ lldb/trunk/cmake/modules/AddLLDB.cmake Tue Nov 20 06:10:33 2018
@@ -100,13 +100,13 @@ endfunction(add_lldb_library)
 function(add_lldb_executable name)
   cmake_parse_arguments(ARG
     "INCLUDE_IN_SUITE;GENERATE_INSTALL"
-    ""
+    "ENTITLEMENTS"
     "LINK_LIBS;LINK_COMPONENTS"
     ${ARGN}
     )
 
   list(APPEND LLVM_LINK_COMPONENTS ${ARG_LINK_COMPONENTS})
-  add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS})
+  add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS} ENTITLEMENTS ${ARG_ENTITLEMENTS})
 
   target_link_libraries(${name} PRIVATE ${ARG_LINK_LIBS})
   set_target_properties(${name} PROPERTIES

Modified: lldb/trunk/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/test/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/test/CMakeLists.txt (original)
+++ lldb/trunk/test/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -93,11 +93,11 @@ if (NOT "${LLDB_LIT_TOOLS_DIR}" STREQUAL
   endif()
 endif()
 
-if(CMAKE_HOST_APPLE)
+if(CMAKE_HOST_APPLE AND DEBUGSERVER_PATH)
   list(APPEND LLDB_TEST_COMMON_ARGS --server ${DEBUGSERVER_PATH})
 endif()
 
-if(SKIP_DEBUGSERVER)
+if(SKIP_TEST_DEBUGSERVER)
   list(APPEND LLDB_TEST_COMMON_ARGS --out-of-tree-debugserver)
 endif()
 

Modified: lldb/trunk/tools/debugserver/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/tools/debugserver/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/tools/debugserver/CMakeLists.txt (original)
+++ lldb/trunk/tools/debugserver/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -8,12 +8,18 @@ if (CMAKE_SOURCE_DIR STREQUAL CMAKE_CURR
     "${CMAKE_SOURCE_DIR}/../../cmake"
     "${CMAKE_SOURCE_DIR}/../../cmake/modules"
     )
-  
+
   include(LLDBStandalone)
   include(AddLLDB)
 
   set(LLDB_SOURCE_DIR "${CMAKE_SOURCE_DIR}/../../")
   include_directories(${LLDB_SOURCE_DIR}/include)
+
+  option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON)
+  if(LLDB_CODESIGN_IDENTITY)
+    # In the future we may use LLVM_CODESIGNING_IDENTITY directly.
+    set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY})
+  endif()
 endif()
 
 add_subdirectory(source)

Modified: lldb/trunk/tools/debugserver/source/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/tools/debugserver/source/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/tools/debugserver/source/CMakeLists.txt (original)
+++ lldb/trunk/tools/debugserver/source/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -94,32 +94,102 @@ set(lldbDebugserverCommonSources
 
 add_library(lldbDebugserverCommon ${lldbDebugserverCommonSources})
 
+option(LLDB_NO_DEBUGSERVER "Disable the debugserver target" OFF)
+option(LLDB_USE_SYSTEM_DEBUGSERVER "Use the system's debugserver instead of building it from source (Darwin only)." OFF)
 
-set(LLDB_CODESIGN_IDENTITY "lldb_codesign"
-  CACHE STRING "Identity used for code signing. Set to empty string to skip the signing step.")
+# Incompatible options
+if(LLDB_NO_DEBUGSERVER AND LLDB_USE_SYSTEM_DEBUGSERVER)
+  message(FATAL_ERROR "Inconsistent options: LLDB_NO_DEBUGSERVER and LLDB_USE_SYSTEM_DEBUGSERVER")
+endif()
 
-if(NOT LLDB_CODESIGN_IDENTITY STREQUAL "")
-  set(DEBUGSERVER_PATH ${LLVM_RUNTIME_OUTPUT_INTDIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX} CACHE PATH "Path to debugserver.")
-  set(SKIP_DEBUGSERVER OFF CACHE BOOL "Skip building the in-tree debug server")
-else()
+# Try to locate the system debugserver.
+# Subsequent feasibility checks depend on it.
+if(APPLE AND CMAKE_HOST_APPLE)
   execute_process(
     COMMAND xcode-select -p
-    OUTPUT_VARIABLE XCODE_DEV_DIR)
-  string(STRIP ${XCODE_DEV_DIR} XCODE_DEV_DIR)
-  if(EXISTS "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/")
-    set(DEBUGSERVER_PATH
-      "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.")
-  elseif(EXISTS "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/")
-    set(DEBUGSERVER_PATH
-      "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.")
+    OUTPUT_VARIABLE xcode_dev_dir)
+  string(STRIP ${xcode_dev_dir} xcode_dev_dir)
+
+  set(debugserver_rel_path "LLDB.framework/Resources/debugserver")
+  set(debugserver_shared "${xcode_dev_dir}/../SharedFrameworks/${debugserver_rel_path}")
+  set(debugserver_private "${xcode_dev_dir}/Library/PrivateFrameworks/${debugserver_rel_path}")
+
+  if(EXISTS ${debugserver_shared})
+    set(system_debugserver ${debugserver_shared})
+  elseif(EXISTS ${debugserver_private})
+    set(system_debugserver ${debugserver_private})
+  endif()
+endif()
+
+# Handle unavailability
+if(LLDB_USE_SYSTEM_DEBUGSERVER)
+  if(system_debugserver)
+    set(use_system_debugserver ON)
+  elseif(APPLE AND CMAKE_HOST_APPLE)
+    # Binary not found on system. Keep cached variable, to try again on reconfigure.
+    message(SEND_ERROR
+      "LLDB_USE_SYSTEM_DEBUGSERVER option set, but no debugserver found in:\
+        ${debugserver_shared}\
+        ${debugserver_private}")
+  else()
+    # Non-Apple target platform or non-Darwin host. Reset invalid cached variable.
+    message(WARNING "Reverting invalid option LLDB_USE_SYSTEM_DEBUGSERVER (Darwin only)")
+    set(LLDB_USE_SYSTEM_DEBUGSERVER OFF CACHE BOOL "" FORCE)
+  endif()
+elseif(NOT LLDB_NO_DEBUGSERVER)
+  # Default case: on Darwin we need the right code signing ID.
+  # See lldb/docs/code-signing.txt for details.
+  if(CMAKE_HOST_APPLE AND NOT LLVM_CODESIGNING_IDENTITY STREQUAL "lldb_codesign")
+    set(msg "Cannot code sign debugserver with identity '${LLVM_CODESIGNING_IDENTITY}'.")
+    if(system_debugserver)
+      message(WARNING "${msg} Will fall back to system's debugserver.")
+      set(use_system_debugserver ON)
+    else()
+      message(WARNING "${msg} debugserver will not be available.")
+    endif()
   else()
-    message(SEND_ERROR "Cannot find debugserver on system.")
+    set(build_and_sign_debugserver ON)
   endif()
-  set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server")
 endif()
-message(STATUS "Path to the lldb debugserver: ${DEBUGSERVER_PATH}")
 
-if (APPLE)
+# TODO: We don't use the $<TARGET_FILE:debugserver> generator expression here,
+# because the value of DEBUGSERVER_PATH is used to build LLDB_DOTEST_ARGS,
+# which is used for configuring lldb-dotest.in, which does not have a generator
+# step at the moment.
+set(default_debugserver_path "${LLVM_TOOLS_BINARY_DIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX}")
+
+# Remember where debugserver binary goes and whether or not we have to test it.
+set(DEBUGSERVER_PATH "" CACHE FILEPATH "Path to debugserver")
+set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "Building the in-tree debugserver was skipped")
+
+# Reset values in all cases in order to correctly support reconfigurations.
+if(use_system_debugserver)
+  add_custom_target(debugserver
+    COMMAND ${CMAKE_COMMAND} -E copy_if_different
+            ${system_debugserver} ${LLVM_TOOLS_BINARY_DIR}
+    COMMENT "Copying the system debugserver to LLDB's binaries directory.")
+
+  # Don't test debugserver itself.
+  # Tests that require debugserver will use the copy.
+  set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE)
+  set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
+
+  message(STATUS "Copy system debugserver from: ${system_debugserver}")
+elseif(build_and_sign_debugserver)
+  # Build, sign and test debugserver (below)
+  set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE)
+  set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "" FORCE)
+
+  message(STATUS "lldb debugserver: ${DEBUGSERVER_PATH}")
+else()
+  # No tests for debugserver, no tests that require it.
+  set(DEBUGSERVER_PATH "" CACHE FILEPATH "" FORCE)
+  set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
+
+  message(STATUS "lldb debugserver will not be available.")
+endif()
+
+if(APPLE)
   if(IOS)
     find_library(BACKBOARD_LIBRARY BackBoardServices
       PATHS ${CMAKE_OSX_SYSROOT}/System/Library/PrivateFrameworks)
@@ -132,7 +202,7 @@ if (APPLE)
     find_library(LOCKDOWN_LIBRARY lockdown)
 
     if(NOT BACKBOARD_LIBRARY)
-      set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server" FORCE)
+      set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
     endif()
   else()
     find_library(COCOA_LIBRARY Cocoa)
@@ -143,7 +213,16 @@ if(HAVE_LIBCOMPRESSION)
   set(LIBCOMPRESSION compression)
 endif()
 
-if(NOT SKIP_DEBUGSERVER)
+if(LLDB_USE_ENTITLEMENTS)
+  if(IOS)
+    set(entitlements ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
+  else()
+    # Same entitlements file as used for lldb-server
+    set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist)
+  endif()
+endif()
+
+if(build_and_sign_debugserver)
   target_link_libraries(lldbDebugserverCommon
                         INTERFACE ${COCOA_LIBRARY}
                         ${CORE_FOUNDATION_LIBRARY}
@@ -166,6 +245,9 @@ if(NOT SKIP_DEBUGSERVER)
 
     LINK_LIBS
       lldbDebugserverCommon
+
+    ENTITLEMENTS
+      ${entitlements}
     )
   if(IOS)
     set_property(TARGET lldbDebugserverCommon APPEND PROPERTY COMPILE_DEFINITIONS
@@ -203,54 +285,8 @@ if(IOS)
 
     LINK_LIBS
       lldbDebugserverCommon_NonUI
-    )
-endif()
 
-set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-macosx-entitlements.plist)
-if(IOS)
-  set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
-else()
-  set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/../../../resources/debugserver-macosx-entitlements.plist)
-endif()
-
-set(LLDB_USE_ENTITLEMENTS_Default On)
-option(LLDB_USE_ENTITLEMENTS "Use entitlements when codesigning (Defaults Off when using lldb_codesign identity, otherwise On)" ${LLDB_USE_ENTITLEMENTS_Default})
-
-if (SKIP_DEBUGSERVER)
-  if (CMAKE_HOST_APPLE)
-    # If we haven't built a signed debugserver, copy the one from the system.
-    add_custom_target(debugserver
-      COMMAND ${CMAKE_COMMAND} -E copy_if_different ${DEBUGSERVER_PATH} ${CMAKE_BINARY_DIR}/bin
-      VERBATIM
-      COMMENT "Copying the system debugserver to LLDB's binaries directory.")
-  endif()
-else()
-  if(LLDB_USE_ENTITLEMENTS)
-    set(entitlements_flags --entitlements ${entitlements_xml})
-  endif()
-  execute_process(
-    COMMAND xcrun -f codesign_allocate
-    OUTPUT_STRIP_TRAILING_WHITESPACE
-    OUTPUT_VARIABLE CODESIGN_ALLOCATE
+    ENTITLEMENTS
+      ${entitlements}
     )
-  add_custom_command(TARGET debugserver
-    POST_BUILD
-    COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
-            codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
-            ${entitlements_flags}
-            $<TARGET_FILE:debugserver>
-  )
-  if(IOS)
-    add_custom_command(TARGET debugserver-nonui
-      POST_BUILD
-      COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
-              codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
-              ${entitlements_flags}
-              $<TARGET_FILE:debugserver>
-    )
-  endif()
 endif()
-
-
-
-

Modified: lldb/trunk/unittests/tools/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/unittests/tools/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/unittests/tools/CMakeLists.txt (original)
+++ lldb/trunk/unittests/tools/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -1,5 +1,5 @@
 if(CMAKE_SYSTEM_NAME MATCHES "Android|Darwin|Linux|NetBSD")
-  if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD))
+  if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_TEST_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD))
     # These tests are meant to test lldb-server/debugserver in isolation, and
     # don't provide any value if run against a server copied from somewhere.
   else()




More information about the lldb-commits mailing list