aboutsummaryrefslogtreecommitdiff
path: root/docs/code-signing.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/code-signing.txt')
-rw-r--r--docs/code-signing.txt61
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/code-signing.txt b/docs/code-signing.txt
new file mode 100644
index 000000000000..5407fd4bb42e
--- /dev/null
+++ b/docs/code-signing.txt
@@ -0,0 +1,61 @@
+On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release
+builds are set to code sign using a code signing certificate named
+"lldb_codesign".
+
+If you have re-installed a new OS, please delete all old lldb_codesign items
+from your keychain. There will be a code signing certification and a public
+and private key. Reboot after deleting them. You will also need to delete and
+build folders that contained old signed items. The darwin kernel will cache
+code signing using the executable's file system node, so you will need to
+delete the file so the kernel clears its cache.
+
+If you don't have one yet you will need to:
+- Launch /Applications/Utilities/Keychain Access.app
+
+- In Keychain Access select the "login" keychain in the "Keychains"
+ list in the upper left hand corner of the window.
+
+- Select the following menu item:
+
+ Keychain Access->Certificate Assistant->Create a Certificate...
+
+- Set the following settings
+
+ Name = lldb_codesign
+ Identity Type = Self Signed Root
+ Certificate Type = Code Signing
+
+- Click Create
+- Click Continue
+- Click Done
+- Click on the "My Certificates"
+- Double click on your new lldb_codesign certificate
+- Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust
+ pulldown menu and select "Always Trust" and authenticate as needed using your
+ username and password.
+- Drag the new "lldb_codesign" code signing certificate (not the public or private
+ keys of the same name) from the "login" keychain to the "System" keychain in the
+ Keychains pane on the left hand side of the main Keychain Access window. This will
+ move this certificate to the "System" keychain. You'll have to authorize a few
+ more times, set it to be "Always trusted" when asked.
+- Remove "~/Desktop/lldb_codesign.cer" file on your desktop if there is one.
+- In the Keychain Access GUI, click and drag "lldb_codesign" in the "System" keychain
+ onto the desktop. The drag will create a "~/Desktop/lldb_codesign.cer" file used in
+ the next step.
+- Switch to Terminal, and run the following:
+
+sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer
+rm -f ~/Desktop/lldb_codesign.cer
+
+- Drag the "lldb_codesign" certificate from the "System" keychain back into the
+ "login" keychain
+- Quit Keychain Access
+- Reboot
+- Clean by removing all previously creating code signed binaries and rebuild
+ lldb and you should be able to debug.
+
+When you build your LLDB for the first time, the Xcode GUI will prompt you for permission
+to use the "lldb_codesign" keychain. Be sure to click "Always Allow" on your first
+build. From here on out, the "lldb_codesign" will be trusted and you can build from the
+command line without having to authorize. Also the first time you debug using a LLDB that
+was built with this code signing certificate, you will need to authenticate once.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 10:38:39 +0000