[Lldb-commits] [lldb] r167389 - /lldb/trunk/docs/code-signing.txt

Greg Clayton gclayton at apple.com
Mon Nov 5 10:23:25 PST 2012 

Author: gclayton
Date: Mon Nov  5 12:23:25 2012
New Revision: 167389

URL: http://llvm.org/viewvc/llvm-project?rev=167389&view=rev
Log:
Cleaned up the code signing instructions:
- make sure to delet the .cer file on the desktop
- added section that describes what to do when you re-install a new OS where 
  you still have an old code signing certificate around.


Modified:
    lldb/trunk/docs/code-signing.txt

Modified: lldb/trunk/docs/code-signing.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/docs/code-signing.txt?rev=167389&r1=167388&r2=167389&view=diff
==============================================================================
--- lldb/trunk/docs/code-signing.txt (original)
+++ lldb/trunk/docs/code-signing.txt Mon Nov  5 12:23:25 2012
@@ -1,7 +1,14 @@
-On MacOSX lldb needs to be code signed. The Debug and Release builds 
-are set to code sign using a code signing certificate named 
+On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release 
+builds  are set to code sign using a code signing certificate named 
 lldb_codesign. 
 
+If you have re-installed a new OS, please delete all old lldb_codesign items
+from your keychain. There will be 3: a code signing certification and a public
+and private key. Reboot after deleting them. You will also need to delete and
+build folders that contained old signed items. The darwin kernel will cache 
+code sigining using the executable's file system node, so you will need to 
+delete the file so the kernel clears its cache.
+
 If you don't have one yet you will need to:
 - Launch /Applications/Utilities/Keychain Access.app
 
@@ -34,20 +41,27 @@
 how Keychain Access makes certificates.
 [Note: These also apply for Lion and Mountain Lion.]
 
-- Option-drag the new lldb_codesign certificate from the login keychain to
+- Drag the new lldb_codesign certificate from the login keychain to
   the System keychain in the Keychains pane of the main Keychain Access window
   to make a copy of this certificate in the System keychain.  You'll have to
   authorize a few more times, set it to be "Always trusted" when asked.
+- Make sure there is no "~/Desktop/lldb_codesign.cer" file on your desktop,
+  if there is one, delete it first, otherwise when you drag a copy of the
+  lldb_codesign certificate to your desktop it will get renamed as
+  "lldb_codesign_1.cer" and the security command you run below will trust the
+  old incorrect certificate.
 - Switch to the System keychain, and drag the copy of lldb_codesign you just
   made there onto the desktop.
 - Switch to Terminal, and run the following:
 
 sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer
+rm -rf ~/Desktop/lldb_codesign.cer
 
 - Right click on the "lldb_codesign" certificate in the "System" keychain (NOT
   "login", but the one in "System"), and select "Delete" to delete it from
   the "System" keychain.
 - Reboot
-- Clean and rebuild lldb and you should be able to debug.
+- Clean by removing all previously creating code signed binarires and rebuild
+  lldb and you should be able to debug.
 
 That should do it.

More information about the lldb-commits mailing list