<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">egbomrt@msmarple
~/llvm2/build/release_assert $ ./bin/lldb /bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
<b>error: process exited with status -1 (Error 1)</b></blockquote>
I don't think this is related to debugserver codesigning. If you
really need to debug system binaries, you may need to disable SIP.<br>
<br>
<div class="moz-cite-prefix">On 22/07/2019 16:14, Gábor Márton
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAH6rKyCU9P_eOmh3vzhPfU1F76s8di2Qs+8gZct+A2=TkonnMA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">I am still struggling with this issue. Now I
decided to work with the codesigned version of the debugserver,
becasue I had an error when I tried to use the system
debugserver.
<div>So I've run <span
style="font-family:Consolas,Menlo,"Deja Vu Sans
Mono","Bitstream Vera Sans
Mono",monospace;font-size:13.2px;background-color:rgb(236,240,243)">scripts/macos-setup-codesign.sh</span><br>
<div>After a reboot and fresh build (I have removed the
CMakeCache.txt and the whole build dir) I have the
debugserver signed:</div>
<div>```</div>
<div>$ codesign -dvvvv
~/llvm2/build/release_assert/bin/debugserver<br>
Executable=/Users/egbomrt/llvm2/build/release_assert/bin/debugserver<br>
Identifier=com.apple.debugserver<br>
Format=Mach-O thin (x86_64)<br>
CodeDirectory v=20100 size=38534 flags=0x0(none)
hashes=1197+5 location=embedded<br>
VersionPlatform=1<br>
VersionMin=658944<br>
VersionSDK=658944<br>
Hash type=sha256 size=32<br>
CandidateCDHash
sha256=7b475cfa7127c84281ceb206093d13dd464dad74<br>
Hash choices=sha256<br>
Page size=4096<br>
CDHash=7b475cfa7127c84281ceb206093d13dd464dad74<br>
Signature size=1611<br>
Authority=lldb_codesign<br>
Signed Time=2019. Jul 22. 15:26:29<br>
Info.plist entries=6<br>
TeamIdentifier=not set<br>
Sealed Resources=none<br>
Internal requirements count=1 size=100<br>
$<br>
</div>
<div>```</div>
</div>
<div><br>
</div>
<div>So far so good.</div>
<div>But then when I try to use lldb I have permission problems:</div>
<div>```</div>
<div>egbomrt@msmarple ~/llvm2/build/release_assert $ ./bin/lldb
/bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
<b>error: process exited with status -1 (Error 1)</b><br>
(lldb) ^D<br>
egbomrt@msmarple ~/llvm2/build/release_assert $<br>
</div>
<div>```<br>
</div>
<div><br>
</div>
<div>However, as root I can use lldb:</div>
<div>```</div>
<div>egbomrt@msmarple ~/llvm2/build/release_assert $ sudo
./bin/lldb /bin/ls<br>
(lldb) target create "/bin/ls"<br>
Current executable set to '/bin/ls' (x86_64).<br>
(lldb) r<br>
Process 28052 launched: '/bin/ls' (x86_64)<br>
.ninja_deps compile_commands.json<br>
.ninja_log docs<br>
CMakeCache.txt examples<br>
CMakeDoxyfile.in include<br>
...<br>
Process 28052 exited with status = 0 (0x00000000)<br>
(lldb) ^D<br>
egbomrt@msmarple ~/llvm2/build/release_assert $<br>
</div>
<div>```</div>
<div><br>
</div>
<div>Is it possible to codesign in a way that a regular user can
run the built debugserver? Or what else could be the reason
behind this permission problem?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Gabor</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19, 2019 at 11:47
PM Stefan Gränitz <<a
href="mailto:stefan.graenitz@gmail.com"
moz-do-not-send="true">stefan.graenitz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Gábor, I am sorry this caused an issue for you. Good
that apparently it's resolved now.<br>
<br>
Did you reconfigure an existing build-tree? Your
observations would make sense in this context, because the
change affects CMake cached variables. This is
unfortunate, but can not always be avoided. If this
happens again (or to anyone else), a clean build seems to
be a good first step.<br>
<br>
Best,<br>
Stefan<br>
<br>
On 19/07/2019 19:36, Gábor Márton wrote:<br>
</p>
<blockquote type="cite">
<div dir="ltr">Actually, it is embarrassing (perhaps for
macOS and not for me) that after a reboot the problem is
gone.
<div>Perhaps after "sudo /usr/sbin/DevToolsSecurity
--enable" a reboot is required, but could not find
anything official about that.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19, 2019
at 7:20 PM Gábor Márton <<a
href="mailto:martongabesz@gmail.com" target="_blank"
moz-do-not-send="true">martongabesz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This might not be related to the
debugserver, I just realized that I get
<div>"error: <span
class="gmail-m_8428160405396733394gmail-m_-2133299894781877036gmail-il">process</span> <span
class="gmail-m_8428160405396733394gmail-m_-2133299894781877036gmail-il">exited</span> with
status -1 (Error 1)"<br>
</div>
<div>even with the simplest main.c.</div>
<div>This may be some kind of security issue on mac
OS...</div>
<div>Though I've checked and I have SIP disabled and
I have executed "sudo /usr/sbin/DevToolsSecurity
--enable".</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Jul 19,
2019 at 4:46 PM Gábor Márton <<a
href="mailto:martongabesz@gmail.com"
target="_blank" moz-do-not-send="true">martongabesz@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi Stefan,
<div><br>
</div>
<div>Since the commit</div>
<div>"[CMake] Always build debugserver on Darwin
and allow tests to use the system's one"</div>
<div>I cannot use the system debugserver for
testing.</div>
<div>I receive the following error message from
lldb when I execute "ninja check-lldb":<br>
</div>
<div>```</div>
<div>runCmd: run<br>
runCmd failed!<br>
error: process exited with status -1 (Error 1)<br>
</div>
<div>```</div>
<div><br>
</div>
<div>
<div>I do set
up "-DLLDB_USE_SYSTEM_DEBUGSERVER=ON" with
cmake so I see</div>
</div>
<div>```</div>
<div>-- LLDB tests use out-of-tree debugserver:
/Library/Developer/CommandLineTools/Library/PrivateFrameworks/LLDB.framework/Resources/debugserver<br>
</div>
<div>```</div>
<div><br>
</div>
<div>Also, I have inspected the following test
output</div>
<div>```</div>
<div>Command invoked: /usr/bin/python
/Users/egbomrt/llvm2/git/llvm/tools/lldb/test/dotest.py
-q --arch=x86_64 -s
/Users/egbomrt/llvm2/build/release_assert/lldb-test-traces
--build-dir
/Users/egbomrt/llvm2/build/release_assert/lldb-test-build.noindex
-S nm -u CXXFLAGS -u CFLAGS --executable
/Users/egbomrt/llvm2/build/release_assert/./bin/lldb
--dsymutil
/Users/egbomrt/llvm2/build/release_assert/./bin/dsymutil
--filecheck
/Users/egbomrt/llvm2/build/release_assert/./bin/FileCheck
-C
/Users/egbomrt/llvm2/build/release_assert/bin/clang
--codesign-identity -
--out-of-tree-debugserver --arch x86_64 -t
--env TERM=vt100 -p TestCModules.py
--results-port 49931 -S nm --inferior -p
TestCModules.py
/Users/egbomrt/llvm2/git/llvm/tools/lldb/packages/Python/lldbsuite/test/lang/c/modules
--event-add-entries worker_index=0:int<br>
1 out of 736 test suites processed -
TestCModules.py<br>
</div>
<div>```</div>
<div>so it seems like the argument for
--out-of-tree-debugserver is missing...</div>
<div><br>
</div>
Could you please advise?
<div><br>
</div>
<div>Thank you,</div>
<div>Gabor</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<pre class="gmail-m_8428160405396733394moz-signature" cols="72">--
<a class="gmail-m_8428160405396733394moz-txt-link-freetext" href="https://flowcrypt.com/pub/stefan.graenitz@gmail.com" target="_blank" moz-do-not-send="true">https://flowcrypt.com/pub/stefan.graenitz@gmail.com</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
<a class="moz-txt-link-freetext" href="https://flowcrypt.com/pub/stefan.graenitz@gmail.com">https://flowcrypt.com/pub/stefan.graenitz@gmail.com</a></pre>
</body>
</html>