Installing GDB on MacOS Sierra

Unfortunately, MacOS Sierra [tested on 10.12.2] kind of breaks GDB as it’s not codesigned. Even more unfortunate, is the fact that as a programmer I really want to use GDB for debugging my C code, while remaining in my Mac environment.

After researching the issue for a while, I managed to successfully run GDB, and would like to share my findings in order for you to save some time.

When installing gdb via brew, it gives you a hint. Follow that hint! It turns out that the MacOS System Integrity Protection (SIP) and GDB struggle to make friends.

brew install gdb
.....
On 10.12 (Sierra) or later with SIP, you need to run this:
echo "set startup-with-shell off" >> ~/.gdbinit

Though, we have to manually codesign GDB. Apple made instructions for this available here. Please note that these instructions are for lldb, but the same process works perfectly fine for GDB.

On MacOSX lldb needs to be code signed. The Debug and Release builds
are set to code sign using a code signing certificate named
lldb_codesign.

If you don't have one yet you will need to:
- Launch /Applications/Utilities/Keychain Access.app

- In Keychain Access select the "login" keychain in the "Keychains"
list in the upper left hand corner of the window.

- Select the following menu item:

Keychain Access->Certificate Assistant->Create a Certificate...

- Set the following settings

Name = lldb_codesign
Identity Type = Self Signed Root
Certificate Type = Code Signing

- Click Continue
- Click Continue
- Click Done
- Click on the "My Certificates"
- Double click on your new lldb_codesign certificate
- Turn down the "Trust" disclosure triangle

Change:
When using this certificate: Always Trust

- Enter your login password to confirm and make it trusted

The next steps are necessary on SnowLeopard, but are probably because of a bug
how Keychain Access makes certificates.

- Option-drag the new lldb_codesign certificate from the login keychain to
the System keychain in the Keychains pane of the main Keychain Access window
to make a copy of this certificate in the System keychain. You'll have to
authorize a few more times, set it to be "Always trusted" when asked.
- Switch to the System keychain, and drag the copy of lldb_codesign you just
made there onto the desktop.
- Switch to Terminal, and run the following:

sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/lldb_codesign.cer

- Right click on the "lldb_codesign" certificate in the "System" keychain (NOT
"login", but the one in "System"), and select "Delete" to delete it from
the "System" keychain.
- Reboot
- Clean and rebuild lldb and you should be able to debug.

That should do it. Enjoy debugging!

Leave a Reply

Your email address will not be published. Required fields are marked *