如何在MacOS上为所有可执行的CMake目标签署以启用核心转储?

huangapple go评论51阅读模式
英文:

How can I sign all executable cmake targets to enable core dumps on MacOS?

问题

根据这个链接,MacOS可执行文件必须签名才能生成核心转储文件。

建议的步骤是:

要使可执行文件生成核心转储文件,必须进行签名。为此,请创建一个.entitlements文件,其中包含com.apple.security.get-task-allow权限设置:

/usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" segv.entitlements

使用这个.entitlements文件对可执行文件进行签名:

codesign -s - -f --entitlements segv.entitlements segv

我们有一个CMakeLists.txt文件的分层结构,其中包含子目录中的库和可执行目标。

是否有办法在运行在MacOS上时,让CMake自动签名所有包含的子目标,而不需要或只需要最小的更改子目标?

生成的segv.entitlements文件如下:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>com.apple.security.get-task-allow</key>
	<true/>
</dict>
</plist>

因此,我可以将其添加到存储库中,这只留下了codesign步骤。

注意:我们不是从XCode构建,而是使用不同的IDE(CLion、VSCode等)与CMake一起使用。生产可执行文件将在Linux上运行,MacOS仅用于开发。

英文:

According to this, MacOS executables have to be signed in order to produces core dumps.

The suggested procedure is:

> For an executable to dump a core-file it must be signed. To do this, create an .entitlements file with the com.apple.security.get-task-allow entitlement set:
>
> /usr/libexec/PlistBuddy -c &quot;Add :com.apple.security.get-task-allow bool true&quot; segv.entitlements
>
> Using this .entitlements file, sign the executable:
>
> codesign -s - -f --entitlements segv.entitlements segv

We have a hierarchical structure of CMakeLists.txt files, with libraries and executables targets in subdirectories.

Is there a way to have CMake automatically sign all the included sub-targets (when run on MacOS) without, or with only minimal, changes to the sub-targets?

The generated segv.entitlements file looks like this:

&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot; &quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
&lt;plist version=&quot;1.0&quot;&gt;
&lt;dict&gt;
	&lt;key&gt;com.apple.security.get-task-allow&lt;/key&gt;
	&lt;true/&gt;
&lt;/dict&gt;
&lt;/plist&gt;

So I could add it to the repository, which only leaves the codesign step.

Note: We are not building from XCode, but rather using different IDEs (CLion, VSCode, etc) with CMake. The production executables will be running on Linux, MacOS is just for development.

答案1

得分: 1

以下是翻译好的部分:

  • You can run the PlistBuddy command during CMake's configure phase with its execute_process command.

然后使用 the build-events signature of add_custom_command 来定义一个 POST_BUILD 自定义命令,用于在每个目标上运行签名命令。

我不太确定,但我认为它应该类似于这样:

set(entitlements_file "${CMAKE_BUILD_DIR}/foo.entitlements")

execute_process(COMMAND /usr/libexec/PlistBuddy -c "Add :com.apple.security.get-task-allow bool true" "${entitlements_file}")

set(targets_to_sign target_a target_b target_c)
foreach(target "${targets_to_sign}")
    add_custom_command(TARGET "${target}" POST_BUILD
    COMMAND codesign -s - -f --entitlements "${entitlements_file}" "$<TARGET_FILE:${target}>"
    COMMENT "sign target \"${target}\" to enable core dump on MacOS"
    VERBATIM
)
endforeach()
英文:

You can run the PlistBuddy command during CMake's configure phase with its execute_process command.

Then use the build-events signature of add_custom_command to define a POST_BUILD custom command on each target that runs the signing command.

I'm not 100% sure, but I believe it would look something like this:

set(entitlements_file &quot;${CMAKE_BUILD_DIR}/foo.entitlements&quot;)

execute_process(COMMAND /usr/libexec/PlistBuddy -c &quot;Add :com.apple.security.get-task-allow bool true&quot; &quot;${entitlements_file}&quot;)

set(targets_to_sign target_a target_b target_c)
foreach(target &quot;${targets_to_sign}&quot;)
    add_custom_command(TARGET &quot;${target}&quot; POST_BUILD
    COMMAND codesign -s - -f --entitlements &quot;${entitlements_file}&quot; &quot;$&lt;TARGET_FILE:${target}&gt;&quot;
    COMMENT &quot;sign target \&quot;${target}\&quot; to enable core dump on MacOS&quot;
    VERBATIM
)
endforeach()

huangapple
  • 本文由 发表于 2023年2月14日 04:36:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/75440924.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定