mac安装gdb调试(转载)

时间:2021-03-01 18:21:27

转载自:http://blog.plotcup.com/a/129

最近一直用go写一个项目,本想在mac上用gdb调试一下,但xcode4.6带的gdb版 本还是太低了,不支持go,只好自己安装一个。本以为直接brew install gdb就 完事了,后来发现不是那么回事,还要给gdb制作证书签名。下面是操作步骤:

安装gdb

brew install gdb

程序编译完成后在/usr/local/bin/下面建立一个gdb的软链,并且将/usr/bin/ 下面的gdb改名。

制作证书

  1. 打开钥匙串访问
  2. 创建证书

mac安装gdb调试(转载)

  1. 输入名称,并选择类型

mac安装gdb调试(转载)

  1. 输入有效期,一般默认365就好,也就是一年

mac安装gdb调试(转载)

  1. 然后一直直接继续,直到创建画面,选择系统,并创建

mac安装gdb调试(转载)

  1. 选择刚刚生成的gdb-cert证书,并双击

mac安装gdb调试(转载)

  1. 在证书简介中打开信任,并将使用此证书时选择为总是信任

mac安装gdb调试(转载)

对gdb签名

有了刚刚制作的证书后,打开shell,然后执行如下代码:

codesign -s gdb-cert /usr/local/bin/gdb

Tip

执行这个之前可能要重启计算机

完成以上工作后gdb就可以调试go了,但是每次使用的时候都会提示输入管理员 密码。

使普通用户也可使用gdb

由于之前制作的证书是在系统下面的,所以每次执行gdb都会提示管理员密码,解 决方法也很简单,打开钥匙串访问将系统下面的gdb-cert复制一份放到登录下面 就行。

参考资料

Building GDB for Darwin

Creating the binary for Darwin isn't very difficult. Download a release snapshot or get the current source via git/CVS/FTP, then configure and make as usual.

Building the 7.0 release unfortunately results in many "warning: format not a string literal and no format arguments" warnings. This problem has been fixed in CVS. To avoid such warnings building 7.0, configure with --disable-intl.

Giving gdb permission to control other processes

If you try to use your freshly built gdb, you will get an error message such as:

Starting program: /x/y/foo
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))

This is because the Darwin kernel will refuse to allow gdb to debug another process if you don't have special rights, since debugging a process means having full control over that process, and that isn't allowed by default since it would be exploitable by malware. (The kernel won't refuse if you are root, but of course you don't want to be root to debug.)

The most up to date method to allow gdb to control another process is to sign it with any system-trusted code signing authority. This is an easy process once you have a certificate (see the section below). If the certificate is known as gdb-cert, just use:

$ codesign -s gdb-cert gdb

Old notes: In Tiger, the kernel would accept processes whose primary effective group is procmod or procview. That means that making gdb setgid procmod should work. Later versions of Darwin should accept this convention provided that taskgated (the daemon that control the access) is invoked with option '-p'. This daemon is configured by/System/Library/LaunchDaemons/com.apple.taskgated.plist. I was able to use this rule provided that I am also a member of the procmod group.

Creating a certificate

Start Keychain Access application (/Applications/Utilities/Keychain Access.app)

Open menu /Keychain Access/Certificate Assistant/Create a Certificate...

Choose a name (gdb-cert in the example), set Identity Type to Self Signed Root, set Certificate Type to Code Signing and select the Let me override defaults. Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.

If you can't store the certificate in the System keychain, create it in the login keychain, then exported it. You can then imported it into the System keychain.

Finally, using the contextual menu for the certificate, select Get Info, open the Trust item, and set Code Signing to Always Trust.

You must quit Keychain Access application in order to use the certificate and restart taskgated service by killing the current running taskgated process (so before using gdb).

本文出自:http://blog.plotcup.com, 原文地址:http://blog.plotcup.com/a/129, 感谢原作者分享。