How to install and codesign GDB on OS X El Capitan

Disclaimer: this was tested under OS X 10.11.3 and 10.11.4 but it probably works for 10.9 (Mavericks) and above. I found several solutions on the internet and I’m simply cherry-picking what worked for me.

Xcode no longer installs gdb so you need to install it yourself. Keep in mind lldb should be on your system so you may not need gdb after all. If you do however, you can install it using homebrew:

brew install gdb

If you try to debug a program right away, you’ll get the following error (with a different process-id of course):

Unable to find Mach task port for process-id 11567: (os/kern) failure (0x5). (please check gdb is codesigned — see taskgated(8))

Turns out you have to perform a codesigning charade to make it work (Yey!). Launch Keychain Access and select Create a Certificate from the menu:

You can pick any name you want (I’m using gdb-cert) but make sure you select the right certificate type and you click the override checkbox:

When you’re done click Continue, if a warning comes up click Continue until you get to the following screen. Change the number of days to 3650 (any big number up to 7300 will do):

Then click Continue several times until you get to this screen, then specify System as the keychain location:

Finally click Create and Done (it will ask for your admin password).

Back in the Keychain Access application select System on the top-left list and select Get Info from the context menu for your newly created certificate:

Expand the Trust section, select Always Trust and close the window. It’s going to ask for your admin password one more time:

You will notice the certificate gets a small plus sign and it says it’s been marked as trusted for all users in the description:

Close Keychain Access and restart your computer. If you don’t want to restart, you can do the following instead:

sudo killall taskgated

After the restart (or the killall) we’re finally ready to codesign gdb. Obviously, if you picked a different name for your certificate use it instead of gdb-cert:

codesign -s gdb-cert /usr/local/bin/gdb

And we’re done! The first time you use gdb it will ask you for your password but it won’t do it again for the rest of your session.