[Lldb-commits] [lldb] r347305 - [CMake] Streamline code signing for debugserver and pass entitlements to extended llvm_codesign
Stefan Granitz via lldb-commits
lldb-commits at lists.llvm.org
Tue Nov 20 06:10:33 PST 2018
Author: stefan.graenitz
Date: Tue Nov 20 06:10:33 2018
New Revision: 347305
URL: http://llvm.org/viewvc/llvm-project?rev=347305&view=rev
Log:
[CMake] Streamline code signing for debugserver and pass entitlements to extended llvm_codesign
Summary:
Use llvm_codesign to sign debugserver with entitlements.
Set global LLVM_CODESIGNING_IDENTITY from LLDB_CODESIGN_IDENTITY (if given).
Pass through ENTITLEMENTS from add_lldb_executable to add_llvm_executable.
Handle reconfigurations correctly.
We have a lot of cases, make them explicit:
(1) build and sign debugserver, if all conditions apply:
* LLDB_NO_DEBUGSERVER=OFF (default)
* On Darwin: LLDB_USE_SYSTEM_DEBUGSERVER=OFF (default)
* On Darwin: LLVM_CODESIGNING_IDENTITY == lldb_codesign
(2) use system debugserver, if on Darwin and any of:
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and found on system (explicit case)
* LLVM_CODESIGNING_IDENTITY != lldb_codesign and found on system (fallback case)
(3) debugserver will not be available, in case of:
* LLDB_NO_DEBUGSERVER=ON
* On Darwin: LLVM_CODESIGNING_IDENTITY != lldb_codesign and not found on system
(4) error state, in case of:
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and not found on system
* LLDB_USE_SYSTEM_DEBUGSERVER=ON and LLDB_NO_DEBUGSERVER=ON
Reviewers: xiaobai, beanz, vsk, JDevlieghere
Subscribers: mgorny, lldb-commits, llvm-commits
Differential Revision: https://reviews.llvm.org/D54476
Modified:
lldb/trunk/CMakeLists.txt
lldb/trunk/cmake/modules/AddLLDB.cmake
lldb/trunk/test/CMakeLists.txt
lldb/trunk/tools/debugserver/CMakeLists.txt
lldb/trunk/tools/debugserver/source/CMakeLists.txt
lldb/trunk/unittests/tools/CMakeLists.txt
Modified: lldb/trunk/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/CMakeLists.txt (original)
+++ lldb/trunk/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -11,6 +11,12 @@ include(LLDBStandalone)
include(LLDBConfig)
include(AddLLDB)
+option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON)
+if(LLDB_CODESIGN_IDENTITY)
+ # In the future we may use LLVM_CODESIGNING_IDENTITY directly.
+ set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY})
+endif()
+
# Define the LLDB_CONFIGURATION_xxx matching the build type
if( uppercase_CMAKE_BUILD_TYPE STREQUAL "DEBUG" )
add_definitions( -DLLDB_CONFIGURATION_DEBUG )
Modified: lldb/trunk/cmake/modules/AddLLDB.cmake
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/cmake/modules/AddLLDB.cmake?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/cmake/modules/AddLLDB.cmake (original)
+++ lldb/trunk/cmake/modules/AddLLDB.cmake Tue Nov 20 06:10:33 2018
@@ -100,13 +100,13 @@ endfunction(add_lldb_library)
function(add_lldb_executable name)
cmake_parse_arguments(ARG
"INCLUDE_IN_SUITE;GENERATE_INSTALL"
- ""
+ "ENTITLEMENTS"
"LINK_LIBS;LINK_COMPONENTS"
${ARGN}
)
list(APPEND LLVM_LINK_COMPONENTS ${ARG_LINK_COMPONENTS})
- add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS})
+ add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS} ENTITLEMENTS ${ARG_ENTITLEMENTS})
target_link_libraries(${name} PRIVATE ${ARG_LINK_LIBS})
set_target_properties(${name} PROPERTIES
Modified: lldb/trunk/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/test/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/test/CMakeLists.txt (original)
+++ lldb/trunk/test/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -93,11 +93,11 @@ if (NOT "${LLDB_LIT_TOOLS_DIR}" STREQUAL
endif()
endif()
-if(CMAKE_HOST_APPLE)
+if(CMAKE_HOST_APPLE AND DEBUGSERVER_PATH)
list(APPEND LLDB_TEST_COMMON_ARGS --server ${DEBUGSERVER_PATH})
endif()
-if(SKIP_DEBUGSERVER)
+if(SKIP_TEST_DEBUGSERVER)
list(APPEND LLDB_TEST_COMMON_ARGS --out-of-tree-debugserver)
endif()
Modified: lldb/trunk/tools/debugserver/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/tools/debugserver/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/tools/debugserver/CMakeLists.txt (original)
+++ lldb/trunk/tools/debugserver/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -8,12 +8,18 @@ if (CMAKE_SOURCE_DIR STREQUAL CMAKE_CURR
"${CMAKE_SOURCE_DIR}/../../cmake"
"${CMAKE_SOURCE_DIR}/../../cmake/modules"
)
-
+
include(LLDBStandalone)
include(AddLLDB)
set(LLDB_SOURCE_DIR "${CMAKE_SOURCE_DIR}/../../")
include_directories(${LLDB_SOURCE_DIR}/include)
+
+ option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON)
+ if(LLDB_CODESIGN_IDENTITY)
+ # In the future we may use LLVM_CODESIGNING_IDENTITY directly.
+ set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY})
+ endif()
endif()
add_subdirectory(source)
Modified: lldb/trunk/tools/debugserver/source/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/tools/debugserver/source/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/tools/debugserver/source/CMakeLists.txt (original)
+++ lldb/trunk/tools/debugserver/source/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -94,32 +94,102 @@ set(lldbDebugserverCommonSources
add_library(lldbDebugserverCommon ${lldbDebugserverCommonSources})
+option(LLDB_NO_DEBUGSERVER "Disable the debugserver target" OFF)
+option(LLDB_USE_SYSTEM_DEBUGSERVER "Use the system's debugserver instead of building it from source (Darwin only)." OFF)
-set(LLDB_CODESIGN_IDENTITY "lldb_codesign"
- CACHE STRING "Identity used for code signing. Set to empty string to skip the signing step.")
+# Incompatible options
+if(LLDB_NO_DEBUGSERVER AND LLDB_USE_SYSTEM_DEBUGSERVER)
+ message(FATAL_ERROR "Inconsistent options: LLDB_NO_DEBUGSERVER and LLDB_USE_SYSTEM_DEBUGSERVER")
+endif()
-if(NOT LLDB_CODESIGN_IDENTITY STREQUAL "")
- set(DEBUGSERVER_PATH ${LLVM_RUNTIME_OUTPUT_INTDIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX} CACHE PATH "Path to debugserver.")
- set(SKIP_DEBUGSERVER OFF CACHE BOOL "Skip building the in-tree debug server")
-else()
+# Try to locate the system debugserver.
+# Subsequent feasibility checks depend on it.
+if(APPLE AND CMAKE_HOST_APPLE)
execute_process(
COMMAND xcode-select -p
- OUTPUT_VARIABLE XCODE_DEV_DIR)
- string(STRIP ${XCODE_DEV_DIR} XCODE_DEV_DIR)
- if(EXISTS "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/")
- set(DEBUGSERVER_PATH
- "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.")
- elseif(EXISTS "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/")
- set(DEBUGSERVER_PATH
- "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.")
+ OUTPUT_VARIABLE xcode_dev_dir)
+ string(STRIP ${xcode_dev_dir} xcode_dev_dir)
+
+ set(debugserver_rel_path "LLDB.framework/Resources/debugserver")
+ set(debugserver_shared "${xcode_dev_dir}/../SharedFrameworks/${debugserver_rel_path}")
+ set(debugserver_private "${xcode_dev_dir}/Library/PrivateFrameworks/${debugserver_rel_path}")
+
+ if(EXISTS ${debugserver_shared})
+ set(system_debugserver ${debugserver_shared})
+ elseif(EXISTS ${debugserver_private})
+ set(system_debugserver ${debugserver_private})
+ endif()
+endif()
+
+# Handle unavailability
+if(LLDB_USE_SYSTEM_DEBUGSERVER)
+ if(system_debugserver)
+ set(use_system_debugserver ON)
+ elseif(APPLE AND CMAKE_HOST_APPLE)
+ # Binary not found on system. Keep cached variable, to try again on reconfigure.
+ message(SEND_ERROR
+ "LLDB_USE_SYSTEM_DEBUGSERVER option set, but no debugserver found in:\
+ ${debugserver_shared}\
+ ${debugserver_private}")
+ else()
+ # Non-Apple target platform or non-Darwin host. Reset invalid cached variable.
+ message(WARNING "Reverting invalid option LLDB_USE_SYSTEM_DEBUGSERVER (Darwin only)")
+ set(LLDB_USE_SYSTEM_DEBUGSERVER OFF CACHE BOOL "" FORCE)
+ endif()
+elseif(NOT LLDB_NO_DEBUGSERVER)
+ # Default case: on Darwin we need the right code signing ID.
+ # See lldb/docs/code-signing.txt for details.
+ if(CMAKE_HOST_APPLE AND NOT LLVM_CODESIGNING_IDENTITY STREQUAL "lldb_codesign")
+ set(msg "Cannot code sign debugserver with identity '${LLVM_CODESIGNING_IDENTITY}'.")
+ if(system_debugserver)
+ message(WARNING "${msg} Will fall back to system's debugserver.")
+ set(use_system_debugserver ON)
+ else()
+ message(WARNING "${msg} debugserver will not be available.")
+ endif()
else()
- message(SEND_ERROR "Cannot find debugserver on system.")
+ set(build_and_sign_debugserver ON)
endif()
- set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server")
endif()
-message(STATUS "Path to the lldb debugserver: ${DEBUGSERVER_PATH}")
-if (APPLE)
+# TODO: We don't use the $<TARGET_FILE:debugserver> generator expression here,
+# because the value of DEBUGSERVER_PATH is used to build LLDB_DOTEST_ARGS,
+# which is used for configuring lldb-dotest.in, which does not have a generator
+# step at the moment.
+set(default_debugserver_path "${LLVM_TOOLS_BINARY_DIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX}")
+
+# Remember where debugserver binary goes and whether or not we have to test it.
+set(DEBUGSERVER_PATH "" CACHE FILEPATH "Path to debugserver")
+set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "Building the in-tree debugserver was skipped")
+
+# Reset values in all cases in order to correctly support reconfigurations.
+if(use_system_debugserver)
+ add_custom_target(debugserver
+ COMMAND ${CMAKE_COMMAND} -E copy_if_different
+ ${system_debugserver} ${LLVM_TOOLS_BINARY_DIR}
+ COMMENT "Copying the system debugserver to LLDB's binaries directory.")
+
+ # Don't test debugserver itself.
+ # Tests that require debugserver will use the copy.
+ set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE)
+ set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
+
+ message(STATUS "Copy system debugserver from: ${system_debugserver}")
+elseif(build_and_sign_debugserver)
+ # Build, sign and test debugserver (below)
+ set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE)
+ set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "" FORCE)
+
+ message(STATUS "lldb debugserver: ${DEBUGSERVER_PATH}")
+else()
+ # No tests for debugserver, no tests that require it.
+ set(DEBUGSERVER_PATH "" CACHE FILEPATH "" FORCE)
+ set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
+
+ message(STATUS "lldb debugserver will not be available.")
+endif()
+
+if(APPLE)
if(IOS)
find_library(BACKBOARD_LIBRARY BackBoardServices
PATHS ${CMAKE_OSX_SYSROOT}/System/Library/PrivateFrameworks)
@@ -132,7 +202,7 @@ if (APPLE)
find_library(LOCKDOWN_LIBRARY lockdown)
if(NOT BACKBOARD_LIBRARY)
- set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server" FORCE)
+ set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE)
endif()
else()
find_library(COCOA_LIBRARY Cocoa)
@@ -143,7 +213,16 @@ if(HAVE_LIBCOMPRESSION)
set(LIBCOMPRESSION compression)
endif()
-if(NOT SKIP_DEBUGSERVER)
+if(LLDB_USE_ENTITLEMENTS)
+ if(IOS)
+ set(entitlements ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
+ else()
+ # Same entitlements file as used for lldb-server
+ set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist)
+ endif()
+endif()
+
+if(build_and_sign_debugserver)
target_link_libraries(lldbDebugserverCommon
INTERFACE ${COCOA_LIBRARY}
${CORE_FOUNDATION_LIBRARY}
@@ -166,6 +245,9 @@ if(NOT SKIP_DEBUGSERVER)
LINK_LIBS
lldbDebugserverCommon
+
+ ENTITLEMENTS
+ ${entitlements}
)
if(IOS)
set_property(TARGET lldbDebugserverCommon APPEND PROPERTY COMPILE_DEFINITIONS
@@ -203,54 +285,8 @@ if(IOS)
LINK_LIBS
lldbDebugserverCommon_NonUI
- )
-endif()
-set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-macosx-entitlements.plist)
-if(IOS)
- set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist)
-else()
- set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/../../../resources/debugserver-macosx-entitlements.plist)
-endif()
-
-set(LLDB_USE_ENTITLEMENTS_Default On)
-option(LLDB_USE_ENTITLEMENTS "Use entitlements when codesigning (Defaults Off when using lldb_codesign identity, otherwise On)" ${LLDB_USE_ENTITLEMENTS_Default})
-
-if (SKIP_DEBUGSERVER)
- if (CMAKE_HOST_APPLE)
- # If we haven't built a signed debugserver, copy the one from the system.
- add_custom_target(debugserver
- COMMAND ${CMAKE_COMMAND} -E copy_if_different ${DEBUGSERVER_PATH} ${CMAKE_BINARY_DIR}/bin
- VERBATIM
- COMMENT "Copying the system debugserver to LLDB's binaries directory.")
- endif()
-else()
- if(LLDB_USE_ENTITLEMENTS)
- set(entitlements_flags --entitlements ${entitlements_xml})
- endif()
- execute_process(
- COMMAND xcrun -f codesign_allocate
- OUTPUT_STRIP_TRAILING_WHITESPACE
- OUTPUT_VARIABLE CODESIGN_ALLOCATE
+ ENTITLEMENTS
+ ${entitlements}
)
- add_custom_command(TARGET debugserver
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
- codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
- ${entitlements_flags}
- $<TARGET_FILE:debugserver>
- )
- if(IOS)
- add_custom_command(TARGET debugserver-nonui
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE}
- codesign --force --sign ${LLDB_CODESIGN_IDENTITY}
- ${entitlements_flags}
- $<TARGET_FILE:debugserver>
- )
- endif()
endif()
-
-
-
-
Modified: lldb/trunk/unittests/tools/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/unittests/tools/CMakeLists.txt?rev=347305&r1=347304&r2=347305&view=diff
==============================================================================
--- lldb/trunk/unittests/tools/CMakeLists.txt (original)
+++ lldb/trunk/unittests/tools/CMakeLists.txt Tue Nov 20 06:10:33 2018
@@ -1,5 +1,5 @@
if(CMAKE_SYSTEM_NAME MATCHES "Android|Darwin|Linux|NetBSD")
- if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD))
+ if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_TEST_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD))
# These tests are meant to test lldb-server/debugserver in isolation, and
# don't provide any value if run against a server copied from somewhere.
else()
More information about the lldb-commits
mailing list