"please check gdb is codesigned - see taskgated(8)" - How to get gdb installed with homebrew code signed?

c++ eclipse macos gdb homebrew
67,343

Solution 1

This error occurs because OSX implements a pid access policy which requires a digital signature for binaries to access other processes pids. To enable gdb access to other processes, we must first code sign the binary. This signature depends on a particular certificate, which the user must create and register with the system.

To create a code signing certificate, open the Keychain Access application. Choose menu Keychain Access -> Certificate Assistant -> Create a Certificate…

Choose a name for the certificate (e.g., gdb-cert), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.

Double click on the certificate, open Trust section, and set Code Signing to Always Trust. Exit Keychain Access application.

Restart the taskgated service, and sign the binary.

$ sudo killall taskgated
$ codesign -fs gdb-cert "$(which gdb)"

source http://andresabino.com/2015/04/14/codesign-gdb-on-mac-os-x-yosemite-10-10-2/

On macOS 10.12 (Sierra) and later, you must also

Use gdb 7.12.1 or later Additionally prevent gdb from using a shell to start the program to be debugged. You can use the following command for this inside gdb:

set startup-with-shell off

You can also put this last command in a file called .gdbinit in your home directory, in which case it will be applied automatically every time you start gdb

echo "set startup-with-shell off" >> ~/.gdbinit

SOURCE: https://sourceware.org/gdb/wiki/BuildingOnDarwin

Solution 2

I upgraded to gdb 8.3 and was not able to make things working. This helped me:

codesign --entitlements gdb.xml -fs gdb-cert /usr/local/bin/gdb

Where content of gdb.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.allow-jit</key>
    <true/>
    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
    <true/>
    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
    <true/>
    <key>com.apple.security.cs.disable-library-validation</key>
    <true/>
    <key>com.apple.security.cs.disable-executable-page-protection</key>
    <true/>
    <key>com.apple.security.cs.debugger</key>
    <true/>
    <key>com.apple.security.get-task-allow</key>
    <true/>
</dict>
</plist>

I found this solution here: https://timnash.co.uk/getting-gdb-to-semi-reliably-work-on-mojave-macos/

Note: Without the entitlement I was able to run gdb only with sudo.

Solution 3

I made gdb work on OSX 10.9 without codesigning this way (described here):

  1. Install gdb with macports. (may be you can skip it)

  2. sudo nano /System/Library/LaunchDaemons/com.apple.taskgated.plist

    change option string from -s to -sp at line 22, col 27.

  3. Reboot the computer.

  4. Use gdb. If you installed it with mac ports then you must use ggdb command. Or made an alias in your config file:

alias gdb='ggdb'

and use 'gdb' command then.

Solution 4

I experienced the same issue with GDB. I am running under Mac OS X 10.8.5 aka Mountain Lion. I am using GDB version 7.7.1.

I compiled my test program with following command:

g++ -o gdb-sample.out -g gdb-sample.cpp

If I entered the command gdb sample.out, I get the same cryptic error message:

"Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5). (please check gdb is codesigned - see taskgated(8))"

This error message however is a red herring.

The solution I found that worked for me was to simply invoke GDB using the superuser acct:

sudo gdb sample.out.

That works fine for me.

And that from that point I could run GDB example.out without using sudo.

Hope this helps and works for others. RSVP if it doesn't.

Solution 5

None of this worked for me and I had to go with a long run. Here is a full list of steps I've done to get it working.

  1. Create a certificate to sign the gdb.

Unfortunately, system certificate gave me Unknown Error = -2,147,414,007 which is very helpful, so I had to go with a workaround. Keychain Access -> Create certificate ->

Pick login, gdb-cert, Code Signing

Copy/move certificate to the System keychain (enter password)

  1. Select certificate (gdb-cert) click Get info -> Trust Always
  2. Disable startup-with-shell

Enter in console: set startup-with-shell off

Remember configuration: echo "set startup-with-shell off" >>~/.gdbinit

  1. Enable Root User

Go to System Preferences -> Users & Groups -> Unlock it -> Login Options -> Network Account Server -> Join -> Unlock it -> Edit (menu) -> Enable Root User

  1. sudo killall taskgated
  2. Finally sign gdb

codesign -fs gdb-cert "$(which gdb)"

  1. Disable Root User (Step 4)
  2. Reboot if still does not work. (if nothing else works, most likely it works already)

PS. I ended up using lldb because it just works (tutorial)

Share:
67,343
pellekrogholt
Author by

pellekrogholt

Updated on July 08, 2022

Comments

  • pellekrogholt
    pellekrogholt almost 2 years

    I'm under osx 10.8.4 and have installed gdb 7.5.1 with homebrew (motivation get a new gdb with new features such as --with-python etc... )

    Long story short when I run debug within a c++ Eclipse project I get :

    Error in final launch sequence
Failed to execute MI command:
-exec-run
Error message from debugger back end:
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
Unable to find Mach task port for process-id 46234: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))

    I have followed various suggestions for code signing

    So I did:

    1. Set up the certificate
    2. Sign the gdb -> codesign -s gdb-cert /usr/local/bin/gdb

    When I re-run debugging in Eclipse I get same error as above "(please check gdb is codesigned - see taskgated(8))".

    If I set back the gdb to the older gdb (in the gdb preferences of Eclipse) /usr/libexec/gdb/gdb-i386-apple-darwin the debugging runs as expected.

    Any solutions / hints out there ?

    Thx

    Pelle

  • Bill DeRose
    Bill DeRose over 10 years
    I'd been running into this issue for a while and had found other how-tos unhelpful. This worked like a charm.
  • klm123
    klm123 over 10 years
    @BillDeRose, the same for me.
  • klm123
    klm123 over 10 years
    @nimrodm, you mean "sudo gdb"? it should be "ggdb" with macports
  • nimrodm
    nimrodm over 10 years
    @klm123, I have installed using Homebrew (brew install raw.github.com/Homebrew/homebrew-dupes/master/gdb.rb). And yes, I meant "sudo gdb", of course.
  • Arthur Neves
    Arthur Neves over 10 years
    Any why to not run this as sudo ?
  • Translunar
    Translunar about 10 years
    Ugh. I don't want to have to run gdb as sudo. That seems like an unneeded security risk.
  • Michael
    Michael over 9 years
    Not going to restart the computer. There must be a command to restart something!
  • user124384
    user124384 almost 9 years
    Sorry for the noob question, but how does one do anything in #4? How does one "use gdb" or the ggdb command? Is this a command-line thing? What if you're using an IDE?
  • klm123
    klm123 almost 9 years
  • user124384
    user124384 almost 9 years
    So does anyone know if this is possible with an IDE, like NetBeans?
  • iProgram
    iProgram over 8 years
    Not sure why this was down voted. I runed the command as root (with sudo) and it worked.
  • pceccon
    pceccon over 8 years
    Works like a charm. Thank you.
  • PVitt
    PVitt over 8 years
    As the OP pointed out, this didn't do the trick for him (and for me neither).
  • Andrew Mackenzie
    Andrew Mackenzie over 7 years
    If the restart is just to restart taskgated then you can do so by just killing it line in the answer above
  • loretoparisi
    loretoparisi almost 7 years
    It seems it does not work on macOS Sierra with self signed certificates.
  • Karthikeyan
    Karthikeyan almost 7 years
    sudo killall taskgated is the key to solve my problem
  • jdg
    jdg over 6 years
    I followed the steps precisely, and this worked beautifully for me on macOS Sierra.
  • RandomEli
    RandomEli over 6 years
  • RandomEli
    RandomEli over 6 years
    @vaughan Check out these: gist.github.com/hlissner/898b7dfc0a3b63824a70e15cd0180154 and these: gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d for setting users and groups
  • Dejan Jovanović
    Dejan Jovanović about 6 years
    Instead of set startup-with-shell off you can also install the brew version of bash (brew install bash) and set the shell to the new bash. This can be done system wide, but simple export SHELL=$(which bash) suffices before calling gdb. Then gdb will safely debug through brew bash, which can be useful for passing complex arguments to the program being debugged. Turning the shell off, for example, breaks the Eclipse integration with gdb. I also had to downgrade gdb to 8.0.1 since 8.1 seems to be broken.
  • rustyMagnet
    rustyMagnet over 5 years
    did you try this on High Sierra? It did not work for me on O/S: 10.13.6
  • Sridhar Sarnobat
    Sridhar Sarnobat over 4 years
    What do you do if you get error: The specified item could not be found in the keychain.
  • honey_badger
    honey_badger about 4 years
    Performing all the steps in section 1 of sourceware.org/gdb/wiki/PermissionsDarwin resolved the issue for me on macOS Catalina (Version 10.15.4).
  • Panayotis
    Panayotis about 4 years
    @SridharSarnobat Use the pipeline first of this answer stackoverflow.com/a/32727069/339146
  • weaming
    weaming almost 4 years
    Failed after trying @maximser 's answer. Then this works for me. macOS 10.15.4, gdb 9.2 installed via brew.
  • Akansha
    Akansha almost 4 years
    @SridharSarnobat: You have to create the certificate first stackoverflow.com/questions/35020236/…
  • Kerrick Staley
    Kerrick Staley almost 4 years
    This answer is now out-of-date for newer versions of macOS; you have to also create gdb-entitlement.xml and run codesign with --entitlements gdb-entitlement.xml. Could you please update this answer with the message "Additional steps are required on macOS 10.14 and later, see sourceware.org/gdb/wiki/PermissionsDarwin" or copy the additional information about gdb-entitlement.xml from that page into this answer?
  • user5735224
    user5735224 over 3 years
    Looks like we need to repeat this command after every new build
  • James Robert Albert
    James Robert Albert over 3 years
    Using this answer in conjunction with Johnny's got it going again
  • irritable_phd_syndrome
    irritable_phd_syndrome about 3 years
    +1, this works on 10.15.7. I think you should reference the the link that is provided when you install it via homebrew, sourceware.org/gdb/wiki/PermissionsDarwin. Also maybe at the top mention that this works with 10.15.X and that this is really an addendum to @maximser's answer?
  • borgomeister
    borgomeister about 3 years
    If you are using bigSur, do sourceware.org/gdb/wiki/PermissionsDarwin as @KerrickStaley says
  • kdy
    kdy almost 3 years
    I missed the hidden comments and wasted lots of time. @KerrickStaley 's comment should get more upvotes.
  • anishtain4
    anishtain4 almost 2 years
    On Monterey this throws an error codesign: option requires an argument -- s

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"No source available for main()" error when debugging simple C++ in Eclipse with gdb
Mac C++/eclipse cannot debug: Error while launching command: gdb --version
Could not determine GDB version after sending: arm-none-eabi-gdb --version, response:
Adding Boost Library to a C++ project in OS X Eclipse
Run a script in eclipse before build
Eclipse/MinGW/CDT/GDB and problems with debugging
Eclipse failed to execute MI command -target-select remote
OpenCV Undefined symbols for architecture x86_64: error
Viewing a dynamically-allocated array with the Xcode debugger?
How to enable gdb pretty printing for C++ STL objects in Eclipse CDT?