[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)

Daniel Thornburgh via lldb-commits lldb-commits at lists.llvm.org
Thu Nov 2 14:11:05 PDT 2023


https://github.com/mysterymath created https://github.com/llvm/llvm-project/pull/71112

Running the LLDB test suite in a GUI-less CI macOS environment requires that the debugged tasks be signed with the get-task-allow entitlement.

NOTE: I'm not entirely sure why the upstream macOS builders don't run into this; it could be something that occurs on newer macOS, or it could be that they have some global setting that prevents the debugger attachment check from firing.

>From c309ac45505ad147ffc167099ec2f4fa4fe9b2d0 Mon Sep 17 00:00:00 2001
From: Daniel Thornburgh <dthorn at google.com>
Date: Wed, 25 Oct 2023 16:08:07 -0700
Subject: [PATCH] [lldb] Use get-task-allow entitlement on macOS too

Running the LLDB test suite in a GUI-less CI macOS environment requires that
the debugged tasks be signed with the get-task-allow entitlement.
---
 .../Python/lldbsuite/test/builders/darwin.py      | 15 ++++++++-------
 .../lldbsuite/test/make/entitlements-macos.plist  |  8 ++++++++
 2 files changed, 16 insertions(+), 7 deletions(-)
 create mode 100644 lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist

diff --git a/lldb/packages/Python/lldbsuite/test/builders/darwin.py b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
index 40dd13bcfdea1d6..a023bda3ad80103 100644
--- a/lldb/packages/Python/lldbsuite/test/builders/darwin.py
+++ b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
@@ -88,17 +88,18 @@ def getExtraMakeArgs(self):
                 args["FRAMEWORK_INCLUDES"] = "-F{}".format(private_frameworks)
 
         operating_system, env = get_os_and_env()
-        if operating_system and operating_system != "macosx":
-            builder_dir = os.path.dirname(os.path.abspath(__file__))
-            test_dir = os.path.dirname(builder_dir)
+
+        builder_dir = os.path.dirname(os.path.abspath(__file__))
+        test_dir = os.path.dirname(builder_dir)
+        if not operating_system:
+            entitlements_file = "entitlements-macos.plist"
+        else:
             if env == "simulator":
                 entitlements_file = "entitlements-simulator.plist"
             else:
                 entitlements_file = "entitlements.plist"
-            entitlements = os.path.join(test_dir, "make", entitlements_file)
-            args["CODESIGN"] = "codesign --entitlements {}".format(entitlements)
-        else:
-            args["CODESIGN"] = "codesign"
+        entitlements = os.path.join(test_dir, "make", entitlements_file)
+        args["CODESIGN"] = "codesign --entitlements {}".format(entitlements)
 
         # Return extra args as a formatted string.
         return ["{}={}".format(key, value) for key, value in args.items()]
diff --git a/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
new file mode 100644
index 000000000000000..9acd12816c91373
--- /dev/null
+++ b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.get-task-allow</key>
+    <true/>
+</dict>
+</plist>



More information about the lldb-commits mailing list