From 7e1c95a565576107ad4165cb134caa65ad312b23 Mon Sep 17 00:00:00 2001 From: Greg Clayton Date: Fri, 29 Mar 2013 17:53:55 +0000 Subject: [PATCH] Updated the code signing docs. llvm-svn: 178352 --- lldb/docs/code-signing.txt | 48 +++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/lldb/docs/code-signing.txt b/lldb/docs/code-signing.txt index 1c8220a50a26..32de788a9758 100644 --- a/lldb/docs/code-signing.txt +++ b/lldb/docs/code-signing.txt @@ -1,6 +1,6 @@ On MacOSX lldb needs to be code signed. The Debug, DebugClang and Release builds are set to code sign using a code signing certificate named -lldb_codesign. +"lldb_codesign". If you have re-installed a new OS, please delete all old lldb_codesign items from your keychain. There will be 3: a code signing certification and a public @@ -30,38 +30,32 @@ If you don't have one yet you will need to: - Click Done - Click on the "My Certificates" - Double click on your new lldb_codesign certificate -- Turn down the "Trust" disclosure triangle - - Change: - When using this certificate: Always Trust - -- Enter your login password to confirm and make it trusted - -The next steps are necessary on SnowLeopard, but are probably because of a bug -how Keychain Access makes certificates. -[Note: These also apply for Lion and Mountain Lion.] - -- Drag the new lldb_codesign certificate from the login keychain to - the System keychain in the Keychains pane of the main Keychain Access window - to make a copy of this certificate in the System keychain. You'll have to - authorize a few more times, set it to be "Always trusted" when asked. -- Make sure there is no "~/Desktop/lldb_codesign.cer" file on your desktop, - if there is one, delete it first, otherwise when you drag a copy of the - lldb_codesign certificate to your desktop it will get renamed as - "lldb_codesign_1.cer" and the security command you run below will trust the - old incorrect certificate. -- Switch to the System keychain, and drag the copy of lldb_codesign you just - made there onto the desktop. +- Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust + pulldown menu and select "Always Trust" and authenticate as needed using your + username and password. +- Drag the new "lldb_codesign" code signing certificate (not the public or private + keys of the same name) from the "login" keychain to the "System" keychain in the + Keychains pane on the left hand side of the main Keychain Access window. This will + move this certificate to the "System" keychain. You'll have to authorize a few + more times, set it to be "Always trusted" when asked. +- Remove "~/Desktop/lldb_codesign.cer" file on your desktop if there is one. +- In the Keychain Access GUI, click and drag "lldb_codesign" in the "System" keychain + onto the desktop. The drag will create a "~/Desktop/lldb_codesign.cer" file used in + the next step. - Switch to Terminal, and run the following: sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer rm -f ~/Desktop/lldb_codesign.cer -- Right click on the "lldb_codesign" certificate in the "System" keychain (NOT - "login", but the one in "System"), and select "Delete" to delete it from - the "System" keychain. +- Drag the "lldb_codesign" certificate from the "System" keychain back into the + "login" keychain +- Quit Keychain Access - Reboot - Clean by removing all previously creating code signed binaries and rebuild lldb and you should be able to debug. -That should do it. +When you build your LLDB for the first time, the Xcode GUI will prompt you for permission +to use the "lldb_codesign" keychain. Be sure to click "Always Allow" on your first +build. From here on out, the "lldb_codesign" will be trusted and you can build from the +command line without having to authorize. Also the first time you debug using a LLDB that +was built with this code signing certificate, you will need to authenticate once.