Geek Answers Handbook

Subject: cannot encode system certificate for gdb in keychain access on Mac OS X High Sierra

I am trying to use gdb on Mac OSX High Sierra. I installed version 8.01 using brew (the latest version 8.1 actually has a separate unrelated error ) and I am having problems with the code step. I follow the instructions on the page suggested by brew .

In Keychain Access, I create a certificate using the "codeign" option and overriding the default values, and scroll through until it asks for the location of the certificate for which I select "keychain: system". However, right after that I get a cryptic message:

An Error Occurred Unknown Error = -2,147,414,007

This post also happened in a previous thread , but the only answer was poor quality, didn't work, and the question didn't seem to get much activity / attention. I also tried going into recovery mode and doing csrutil disable , but I still get the error -2,147,414,007 . We return to the "Access to the keychain" window in the "System" section, I get the public and private RSA keys of the newly created certificate, but the certificate itself is missing.

If I repeat all this, but create in the "Login" section instead of "System", and this time the certificate will be created. Then I export to the .cer file on my desktop, and then import it back into Keychains, but under the "System" category. Then i restart the computer and then

 codesign -s gdb-cert /usr/local/Cellar/gdb/8.0.1/bin/gdb

but I get error: The specified item could not be found in the keychain. .

I can, of course, just make sudo gdb or lldb without problems, but I would like to use gdb with emacs , so they are not parameters (of course, technically I can just make sudo emacs and it will work, but for obvious reasons, I prefer not to use sudo ). How can I encode gdb so that I can use it without receiving a mach port complaint?

edit: another thread appears elsewhere has many people with the same problem. There does not appear to be a final correction; I tried some of the suggestions and keep getting

 Unable to find Mach task port for process-id 575: (os/kern) failure (0x5). (please check gdb is codesigned - see taskgated(8))
0
homebrew keychain gdb macos-high-sierra macos
source share
1 answer

I finally got him to work. I am using the latest version of High Sierra as of the date of publication. Firstly, I installed an older version of gdb, 8.0.1 instead of the last 8.1, which seems to have been corrupted :

brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/9ec9fb27a33698fc7636afce5c1c16787e9ce3f3/Formula/gdb.rb

then brew pin gdb .

For the next steps, I found this thread and this other thread is useful. Also this page .

Make a certificate in Login instead of System to avoid the error -2,147,414,007 . Then click on the lock to unlock the system category, and drag the certificate and keys into the system. If something goes wrong, you can try File-> Import and File-> Export instead. The goal is to get the following:

Keychain Access

eg. the certificate and keys are all under the System chain, not login . (It may not even be necessary to drag and drop keys into the system, but I did it just to be safe).

Then, a very important step: right-click the certificate, go to "Information", "Trust" and select "Always Trust" for each category. If you do not, the code will not be effective and will still receive the mach port error message in gdb, even if you are encoding the code.

(One of the answers in the two threads mentioned above says to temporarily enable the root account in Directory utilities, but I'm not sure if this is really necessary). Then restart your computer or run sudo killall taskgated . Then codesign -fs gdb-cert $(which gdb) .

Then I no longer received a machine port error message in gdb. The first time I ran, I received a popup asking for a password . To disable it for future runs, I made sudo /usr/sbin/DevToolsSecurity --enable according to this thread.

Also note that 8.0.1 has a minor problem: you will get warnings about the unhandled dlyd version . This is explained in this thread . Note that some messages in this thread say that breakpoints do not work, but I have not seen this.

0
source share

More articles:


All Articles