diff options
Diffstat (limited to 'docs/code-signing.txt')
-rw-r--r-- | docs/code-signing.txt | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/code-signing.txt b/docs/code-signing.txt new file mode 100644 index 000000000000..5407fd4bb42e --- /dev/null +++ b/docs/code-signing.txt @@ -0,0 +1,61 @@ +On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release +builds are set to code sign using a code signing certificate named +"lldb_codesign". + +If you have re-installed a new OS, please delete all old lldb_codesign items +from your keychain. There will be a code signing certification and a public +and private key. Reboot after deleting them. You will also need to delete and +build folders that contained old signed items. The darwin kernel will cache +code signing using the executable's file system node, so you will need to +delete the file so the kernel clears its cache. + +If you don't have one yet you will need to: +- Launch /Applications/Utilities/Keychain Access.app + +- In Keychain Access select the "login" keychain in the "Keychains" + list in the upper left hand corner of the window. + +- Select the following menu item: + + Keychain Access->Certificate Assistant->Create a Certificate... + +- Set the following settings + + Name = lldb_codesign + Identity Type = Self Signed Root + Certificate Type = Code Signing + +- Click Create +- Click Continue +- Click Done +- Click on the "My Certificates" +- Double click on your new lldb_codesign certificate +- Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust + pulldown menu and select "Always Trust" and authenticate as needed using your + username and password. +- Drag the new "lldb_codesign" code signing certificate (not the public or private + keys of the same name) from the "login" keychain to the "System" keychain in the + Keychains pane on the left hand side of the main Keychain Access window. This will + move this certificate to the "System" keychain. You'll have to authorize a few + more times, set it to be "Always trusted" when asked. +- Remove "~/Desktop/lldb_codesign.cer" file on your desktop if there is one. +- In the Keychain Access GUI, click and drag "lldb_codesign" in the "System" keychain + onto the desktop. The drag will create a "~/Desktop/lldb_codesign.cer" file used in + the next step. +- Switch to Terminal, and run the following: + +sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer +rm -f ~/Desktop/lldb_codesign.cer + +- Drag the "lldb_codesign" certificate from the "System" keychain back into the + "login" keychain +- Quit Keychain Access +- Reboot +- Clean by removing all previously creating code signed binaries and rebuild + lldb and you should be able to debug. + +When you build your LLDB for the first time, the Xcode GUI will prompt you for permission +to use the "lldb_codesign" keychain. Be sure to click "Always Allow" on your first +build. From here on out, the "lldb_codesign" will be trusted and you can build from the +command line without having to authorize. Also the first time you debug using a LLDB that +was built with this code signing certificate, you will need to authenticate once. |