[lldb-dev] Code signing issue

[Greg Clayton]

Jean-Daniel is correct on this.

The code signing gives you the ability to get task_for_pid, which means give us control of this process. By default the system doesn't like to give out these abilities without some security.

If you run LLDB as root, you won't need to do codesigning, but we don't recommend this.

If you make a code signing certificate on your build servers that is trusted you can manually re-codesign your debugserver binary

codesign --keychain ~/Library/Keychains/login.keychain --force --sign lldb_codesign ./LLDB.framework/Versions/A/Resources/debugserver

Substitute the correct path for debugserver (debugserver is what actually runs your binary and needs task_for_pid).

Will this work for you?

Greg



On Jul 26, 2011, at 10:21 AM, Jean-Daniel Dupas wrote:

> 
> Le 26 juil. 2011 à 15:05, Andrey Zaytsev a écrit :
> 
>> Hello everyone. 
>> I'm building lldb on personal mac. Code signing is done as described in docs/code-signing.txt
>> When I'm deploying it on our distributed build-system lldb doesn't work and gives the following message: "failed to get the task for process 92135"
>> What is my options? Can I just turn code-signing off to make it work on any machine?
>> Thanks.
>> 
> 
> lldb has to be signed to be able to use task_for_pid() (see 'man taskgated' for details).
> And yours signing certificate has to be installed (and trusted) on all deployments machines.
> Apple's version is signed using a trusted certificate (just like gdb and many other dev tools), that's why it works out of the box on all machines.
> 
> Signing with a commercial certificate distributed by a trusted CA should works but I never try, so I can t'ell.
> 
> -- Jean-Daniel
> 
> 
> 
> 
> _______________________________________________
> lldb-dev mailing list
> lldb-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/lldb-dev