[llvm] [bazel] Codesign debugserver on macOS (PR #91789)
Keith Smiley via llvm-commits
llvm-commits at lists.llvm.org
Fri May 10 11:27:56 PDT 2024
https://github.com/keith updated https://github.com/llvm/llvm-project/pull/91789
>From d298ea0222423269d4fa987bf6440d29f5dcb712 Mon Sep 17 00:00:00 2001
From: Keith Smiley <keithbsmiley at gmail.com>
Date: Fri, 10 May 2024 11:22:43 -0700
Subject: [PATCH 1/3] [bazel] Codesign debugserver on macOS
This tool doesn't work unless it's signed with the entitlements used
here. We should probably consider using the
macos_command_line_application rule from rules_apple which manages this
more flexibly for us, but for now this works. This uses apple_genrule as
opposed to genrule since the former encodes the Xcode environment info
into the action so it is correctly invalidated if that changes.
---
utils/bazel/WORKSPACE | 13 +++++++
.../llvm-project-overlay/lldb/BUILD.bazel | 38 +++++++++++++------
2 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/utils/bazel/WORKSPACE b/utils/bazel/WORKSPACE
index f4ae2c7ce4562..298b64fd56291 100644
--- a/utils/bazel/WORKSPACE
+++ b/utils/bazel/WORKSPACE
@@ -56,6 +56,19 @@ maybe(
name = "vulkan_sdk",
)
+http_archive(
+ name = "build_bazel_apple_support",
+ sha256 = "c4bb2b7367c484382300aee75be598b92f847896fb31bbd22f3a2346adf66a80",
+ url = "https://github.com/bazelbuild/apple_support/releases/download/1.15.1/apple_support.1.15.1.tar.gz",
+)
+
+load(
+ "@build_bazel_apple_support//lib:repositories.bzl",
+ "apple_support_dependencies",
+)
+
+apple_support_dependencies()
+
# llvm libc math tests reply on `mpfr`.
# The availability of `mpfr` is controlled by a flag and can be either `disable`, `system` or `external`.
# Continuous integration uses `system` to speed up the build process (see .bazelrc).
diff --git a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
index b3a413c401cdd..e70abce25a542 100644
--- a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
+++ b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
@@ -5,6 +5,7 @@
load("@bazel_skylib//lib:selects.bzl", "selects")
load("@bazel_skylib//rules:common_settings.bzl", "bool_flag")
load("@bazel_skylib//rules:expand_template.bzl", "expand_template")
+load("@build_bazel_apple_support//rules:apple_genrule.bzl", "apple_genrule")
load("//:vars.bzl", "LLVM_VERSION_MAJOR", "LLVM_VERSION_MINOR", "LLVM_VERSION_PATCH", "LLVM_VERSION_SUFFIX", "PACKAGE_VERSION")
load("//lldb/source/Plugins:plugin_config.bzl", "DEFAULT_PLUGINS", "DEFAULT_SCRIPT_PLUGINS", "OBJCPP_COPTS")
load("//mlir:tblgen.bzl", "gentbl_cc_library", "td_library")
@@ -800,6 +801,14 @@ gentbl_cc_library(
deps = ["//llvm:OptParserTdFiles"],
)
+alias(
+ name = "gdb-server",
+ actual = select({
+ "@platforms//os:macos": ":debugserver",
+ "@platforms//os:linux": ":lldb-server",
+ }),
+)
+
cc_binary(
name = "lldb",
srcs = glob([
@@ -807,17 +816,9 @@ cc_binary(
"tools/driver/*.h",
]),
data = [
+ ":gdb-server",
":lldb-argdumper",
- ] + select({
- "@platforms//os:macos": [
- ":debugserver",
- ":lldb-server",
- ],
- "@platforms//os:linux": [
- ":lldb-server",
- ],
- "//conditions:default": [],
- }),
+ ],
deps = [
":APIHeaders",
":Host",
@@ -896,7 +897,7 @@ expand_template(
)
cc_binary(
- name = "debugserver",
+ name = "debugserver_unsigned",
srcs = [
"tools/debugserver/source/debugserver.cpp",
":debugserver_version_gen",
@@ -914,6 +915,21 @@ cc_binary(
],
)
+apple_genrule(
+ name = "signed_debugserver",
+ srcs = [":debugserver_unsigned"],
+ outs = ["debugserver"],
+ cmd = "cp $(SRCS) $(OUTS) && xcrun codesign -f -s - --entitlements $(location tools/debugserver/resources/debugserver-macosx-entitlements.plist) $(OUTS)",
+ tags = ["nobuildkite"],
+ target_compatible_with = select({
+ "@platforms//os:macos": [],
+ "//conditions:default": ["@platforms//:incompatible"],
+ }),
+ tools = [
+ "tools/debugserver/resources/debugserver-macosx-entitlements.plist",
+ ],
+)
+
cc_binary(
name = "lldb-argdumper",
srcs = glob(["tools/argdumper/*.cpp"]),
>From fb2cbb74b5ec52c2d43abd56c2ab17027457e5ee Mon Sep 17 00:00:00 2001
From: Keith Smiley <keithbsmiley at gmail.com>
Date: Fri, 10 May 2024 11:26:46 -0700
Subject: [PATCH 2/3] Remove data in case users want to provide their own
---
utils/bazel/llvm-project-overlay/lldb/BUILD.bazel | 4 ----
1 file changed, 4 deletions(-)
diff --git a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
index e70abce25a542..2d86ea00f842c 100644
--- a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
+++ b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
@@ -815,10 +815,6 @@ cc_binary(
"tools/driver/*.cpp",
"tools/driver/*.h",
]),
- data = [
- ":gdb-server",
- ":lldb-argdumper",
- ],
deps = [
":APIHeaders",
":Host",
>From e1944d588fcb10665e5d07b06c53742d6a8d7051 Mon Sep 17 00:00:00 2001
From: Keith Smiley <keithbsmiley at gmail.com>
Date: Fri, 10 May 2024 11:27:36 -0700
Subject: [PATCH 3/3] Use lldb-server on all other platforms
---
utils/bazel/llvm-project-overlay/lldb/BUILD.bazel | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
index 2d86ea00f842c..26401f3d244fc 100644
--- a/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
+++ b/utils/bazel/llvm-project-overlay/lldb/BUILD.bazel
@@ -805,7 +805,7 @@ alias(
name = "gdb-server",
actual = select({
"@platforms//os:macos": ":debugserver",
- "@platforms//os:linux": ":lldb-server",
+ "//conditions:default": ":lldb-server",
}),
)
More information about the llvm-commits
mailing list