Installing GDB on MacOS Sierra
23 Feb 2017 | 3 minute read
GDB doesn't work out-of-the-box on MacOS Sierra (tested on 10.12.2) as it’s not code-signed. This is unfortunate, as
GDB is the de facto standard for debugging C code.
After researching the issue for a while, I managed to find a solution and successfully run
GDB. Hence, I'm sharing my findings with you if you happen to run into the same issue.
First of all, let's install
$ brew install gdb
When doing so, I received the following message.
..... On 10.12 (Sierra) or later with SIP, you need to run this: echo "set startup-with-shell off" >> ~/.gdbinit
It turns out that the MacOS System Integrity Protection (
SIP) is protecting against
GDB. I managed to find a set of instruction from Apple, that solved the issue for me. The instructions are for
lldb, but the same process works fine for
GDB as well. Please follow the steps below 👇.
On MacOSX lldb needs to be code signed. The Debug and Release builds are set to code sign using a code signing certificate named lldb_codesign. If you don't have one yet you will need to: - Launch /Applications/Utilities/Keychain Access.app - In Keychain Access select the "login" keychain in the "Keychains" list in the upper left hand corner of the window. - Select the following menu item: Keychain Access->Certificate Assistant->Create a Certificate... - Set the following settings Name = lldb_codesign Identity Type = Self Signed Root Certificate Type = Code Signing - Click Continue - Click Continue - Click Done - Click on the "My Certificates" - Double click on your new lldb_codesign certificate - Turn down the "Trust" disclosure triangle Change: When using this certificate: Always Trust - Enter your login password to confirm and make it trusted The next steps are necessary on SnowLeopard, but are probably because of a bug how Keychain Access makes certificates. - Option-drag the new lldb_codesign certificate from the login keychain to the System keychain in the Keychains pane of the main Keychain Access window to make a copy of this certificate in the System keychain. You'll have to authorize a few more times, set it to be "Always trusted" when asked. - Switch to the System keychain, and drag the copy of lldb_codesign you just made there onto the desktop. - Switch to Terminal, and run the following: sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer - Right click on the "lldb_codesign" certificate in the "System" keychain (NOT "login", but the one in "System"), and select "Delete" to delete it from the "System" keychain. - Reboot - Clean and rebuild lldb and you should be able to debug.
Hopefully, these steps work for you as well and you're ready to dive into debugging!