[lldb-dev] LLDB code signing

Jim Ingham jingham at apple.com
Mon Jul 9 13:19:36 PDT 2012 

On Mac OS X any program that wants to get the task port of another program (which you need to do to inspect the other program) must be code signed by a trusted authority.  It also needs to be marked as using task_for_pid in its Info.plist (debugserver already does this so you don't need to worry about that part.)  So you need to either get a code signing identity from some pre-trusted source (Verisign et al) or else each target system must be induced to express (code siging) certificate trust in the signing root.

Jim

On Jul 9, 2012, at 11:46 AM, Filipe Cabecinhas <filcab at gmail.com> wrote:

> The way I've been doing that is to ship an LLDB.framework and setting the environment variable LLDB_DEBUGSERVER_PATH to point to Xcode's debugserver.
> 
> I use hard-coded paths and am migrating to xcode-select -print-path. It's not the best solution, but it should work most of the time. The user can also provide a debugserver path, and I check several paths before giving up.
> There CAN be some breakage when the versions don't match, but the debugserver isn't updated that often (but, as of today, the debugserver that ships with the current version of Xcode can't re-run a program).
> 
> I don't know if it's even possible to sign a debugserver binary and make it work on other macs without installing and trusting the certificate.
> 
> Good luck. And wait for someone at Apple to reply, to have a more definitive answer w.r.t. Mac OS X.
> 
> Regards,
> 
>  Filipe
> 
> P.S: You can also ship several LLDB.frameworks matching several Xcode versions and select one of those in runtime (and then point to a debugserver with a matching version).
> 
> 
> On Monday, July 9, 2012 at 7:18 PM, Andrey Zaytsev wrote:
> 
>> Hi!
>> We are thinking of bundling custom LLDB build with our product. What should we do with code signing? I just moved built lldb from one of my macs to another and it reports error: "initial process state wasn't stopped: exited".
>> 
>> 
>> _______________________________________________
>> lldb-dev mailing list
>> lldb-dev at cs.uiuc.edu (mailto:lldb-dev at cs.uiuc.edu)
>> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev
> 
> 
> 
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev

More information about the lldb-dev mailing list