diff mbox

Request Wiki access to document new "entitlement" code-signing step on Mojave

Message ID 87r2dlprhm.fsf@tromey.com
State New, archived
Headers

Commit Message

Tom Tromey Jan. 9, 2019, 7:20 p.m. UTC 
  >>>>> "Dominique" == Dominique Quatravaux <dominique@quatravaux.org> writes:

Dominique>  [...] the --entitlements flag to codesign 

Tom>  Is this something that will work on earlier versions?

Dominique> That is a great question! I am unfortunately not in a
Dominique> position to answer it, since I am not in command of a fleet
Dominique> of idle Macs to juggle older versions of OS X for tests.

Dominique> If you (or anyone on the list) can report success with the
Dominique> --entitlement flag on any version of OS X prior to Mojave,
Dominique> I'll update the wiki and (as day job permits) consider a
Dominique> patch to configure --enable-codesign .

Can you try this patch?

I tried it on High Sierra and it worked fine there.

Also I think the wiki has an extra trailing "</pre>" in the xml file.

thanks,
Tom

commit 54e3bf53ab7400942d872b156dad650dfa55c6e6
Author: Tom Tromey <tom@tromey.com>
Date:   Wed Jan 9 12:16:17 2019 -0700

    Use --entitlements when code-signing gdb
    
    Dominique Quatravaux pointed out that macOS Mojave requires the
    --entitlements option to codesign.  This patch automates this process.
    I tested it on High Sierra (I don't have Mojave), where it also works
    fine.
diff mbox

Patch

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index c89c86be4e7..17a8947a706 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,9 @@ 
+2019-01-09  Tom Tromey  <tom@tromey.com>
+
+	* Makefile.in (gdb$(EXEEXT)): Use --entitlements when
+	code-signing.
+	* gdb-entitlement.xml: New file.
+
 2019-01-09  Andrew Burgess  <andrew.burgess@embecosm.com>
 
 	* cli/cli-cmds.c (list_command): Pass a source_lines_range to
diff --git a/gdb/Makefile.in b/gdb/Makefile.in
index 215ef7933cb..a4a82b4e3ef 100644
--- a/gdb/Makefile.in
+++ b/gdb/Makefile.in
@@ -1891,7 +1891,8 @@  gdb$(EXEEXT): gdb.o $(LIBGDB_OBS) $(CDEPS) $(TDEPLIBS)
 		-o gdb$(EXEEXT) gdb.o $(LIBGDB_OBS) \
 		$(TDEPLIBS) $(TUI_LIBRARY) $(CLIBS) $(LOADLIBES)
 ifneq ($(CODESIGN_CERT),)
-	$(ECHO_SIGN) $(CODESIGN) -s $(CODESIGN_CERT) gdb$(EXEEXT)
+	$(ECHO_SIGN) $(CODESIGN) --entitlements $(srcdir)/gdb-entitlement.xml \
+		-s $(CODESIGN_CERT) gdb$(EXEEXT)
 endif
 
 # Convenience rule to handle recursion.
diff --git a/gdb/gdb-entitlement.xml b/gdb/gdb-entitlement.xml
new file mode 100644
index 00000000000..3d60e8bd0b9
--- /dev/null
+++ b/gdb/gdb-entitlement.xml
@@ -0,0 +1,8 @@ 
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>com.apple.security.cs.debugger</key>
+    <true/>
+</dict>
+</plist>