How to install gdb (debugger) in Mac OSX El Capitan?
Install Homebrew first :
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Then run this : brew install gdb
Here's a blog post explains it very well:
http://panks.me/posts/2013/11/install-gdb-on-os-x-mavericks-from-source/
And the way I get it working:
Create a coding signing certificate via KeyChain Access:
1.1 From the Menu, select KeyChain Access > Certificate Assistant > Create a Certificate...
1.2 Follow the wizard to create a certificate and let's name it
gdb-cert
, the Identity Type is Self Signed Root, and the Certificate Type is Code Signing and select the Let me override defaults.1.3 Click several times on Continue until you get to the Specify a Location For The Certificate screen, then set Keychain to System.
Install gdb via Homebrew:
brew install gdb
Restart
taskgated
:sudo killall taskgated && exit
Reopen a Terminal window and type
sudo codesign -vfs gdb-cert /usr/local/bin/gdb
This doesn't necessarily address the question but if you are using Mac OS X then you can probably use lldb
LLDB Homepage . It's very similar to gdb
and even provides a guide to using commands that you would use on gdb
.
Please note that this answer was written for Mac OS El Capitan. For newer versions, beware that it may no longer apply. In particular, the legacy option is quite possibly deprecated.
There are two solutions to the problem, and they are both mentioned in other answers to this question and to How to get gdb to work using macports under OSX 10.11 El Capitan?, but to clear up some confusion here is my summary (as an answer since it got a bit long for a comment):
Which alternative is more secure I guess boils down to the choice between 1) trusting self-signed certificates and 2) giving users more privileges.
Alternative 1: signing the binary
If the signature alternative is used, disabling SIP to add the -p option to taskgated
is not required.
However, note that with this alternative, debugging is only allowed for users in the _developer
group.
Using codesign to sign using a cert named gdb-cert
:
codesign -s gdb-cert /opt/local/bin/ggdb
(using the MacPorts standard path, adopt as necessary)
For detailed code-signing recipes (incl cert creation), see : https://gcc.gnu.org/onlinedocs/gcc-4.8.1/gnat_ugn_unw/Codesigning-the-Debugger.html or https://sourceware.org/gdb/wiki/BuildingOnDarwin
Note that you need to restart the keychain application and the taskgated service during and after the process (the easiest way is to reboot).
Alternative 2: use the legacy option for taskgated
As per the answer by @user14241, disabling SIP and adding the -p option to taskgated
is an option. Note that if using this option, signing the binary is not needed, and it also bypasses the dialog for authenticating as a member of the Developer Tools group (_developer
).
After adding the -p option (allow groups procmod and procview) to taskgated you also need to add the users that should be allowed to use gdb to the procmod group.
The recipe is:
restart in recovery mode, open a terminal and run
csrutil disable
restart machine and edit
/System/Library/LaunchDaemons/com.apple.taskgated.plist
, adding the-p
opion:<array> <string>/usr/libexec/taskgated</string> <string>-sp</string> </array>
restart in recovery mode to reenable SIP (
csrutil enable
)restart machine and add user
USERNAME
to the groupprocmod
:sudo dseditgroup -o edit -a USERNAME -t user procmod
An alternative that does not involve adding users to groups is to make the executable setgid procmod, as that also makes
procmod
the effective group id of any user executing the setgid binary (suggested in https://apple.stackexchange.com/a/112132)sudo chgrp procmod /path/to/gdb sudo chmod g+s /path/to/gdb