[Lldb-commits] [lldb] r167389 - /lldb/trunk/docs/code-signing.txt
Greg Clayton
gclayton at apple.com
Mon Nov 5 10:23:25 PST 2012
Author: gclayton
Date: Mon Nov 5 12:23:25 2012
New Revision: 167389
URL: http://llvm.org/viewvc/llvm-project?rev=167389&view=rev
Log:
Cleaned up the code signing instructions:
- make sure to delet the .cer file on the desktop
- added section that describes what to do when you re-install a new OS where
you still have an old code signing certificate around.
Modified:
lldb/trunk/docs/code-signing.txt
Modified: lldb/trunk/docs/code-signing.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/docs/code-signing.txt?rev=167389&r1=167388&r2=167389&view=diff
==============================================================================
--- lldb/trunk/docs/code-signing.txt (original)
+++ lldb/trunk/docs/code-signing.txt Mon Nov 5 12:23:25 2012
@@ -1,7 +1,14 @@
-On MacOSX lldb needs to be code signed. The Debug and Release builds
-are set to code sign using a code signing certificate named
+On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release
+builds are set to code sign using a code signing certificate named
lldb_codesign.
+If you have re-installed a new OS, please delete all old lldb_codesign items
+from your keychain. There will be 3: a code signing certification and a public
+and private key. Reboot after deleting them. You will also need to delete and
+build folders that contained old signed items. The darwin kernel will cache
+code sigining using the executable's file system node, so you will need to
+delete the file so the kernel clears its cache.
+
If you don't have one yet you will need to:
- Launch /Applications/Utilities/Keychain Access.app
@@ -34,20 +41,27 @@
how Keychain Access makes certificates.
[Note: These also apply for Lion and Mountain Lion.]
-- Option-drag the new lldb_codesign certificate from the login keychain to
+- Drag the new lldb_codesign certificate from the login keychain to
the System keychain in the Keychains pane of the main Keychain Access window
to make a copy of this certificate in the System keychain. You'll have to
authorize a few more times, set it to be "Always trusted" when asked.
+- Make sure there is no "~/Desktop/lldb_codesign.cer" file on your desktop,
+ if there is one, delete it first, otherwise when you drag a copy of the
+ lldb_codesign certificate to your desktop it will get renamed as
+ "lldb_codesign_1.cer" and the security command you run below will trust the
+ old incorrect certificate.
- Switch to the System keychain, and drag the copy of lldb_codesign you just
made there onto the desktop.
- Switch to Terminal, and run the following:
sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer
+rm -rf ~/Desktop/lldb_codesign.cer
- Right click on the "lldb_codesign" certificate in the "System" keychain (NOT
"login", but the one in "System"), and select "Delete" to delete it from
the "System" keychain.
- Reboot
-- Clean and rebuild lldb and you should be able to debug.
+- Clean by removing all previously creating code signed binarires and rebuild
+ lldb and you should be able to debug.
That should do it.
More information about the lldb-commits
mailing list