Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add get-task-allow entitlement to allow debuggers to attach to codesigned Julia #37069

Merged
merged 1 commit into from
Aug 18, 2020
Merged

Add get-task-allow entitlement to allow debuggers to attach to codesigned Julia #37069

merged 1 commit into from
Aug 18, 2020

Conversation

staticfloat
Copy link
Member

Without this entitlement, users that wish to attach a debugger to the
codesign Julia executable they receive from julialang.org must strip
the codesigning signature from the Julia executable (e.g. via codesign --remove-signature Julia-1.5.app/Contents/Resources/bin/julia). This
has its disadvantages, of course, so much better to simply declare to
the OS that it's alright for other processes to attach to this process.

@staticfloat
Add get-task-allow entitlement to allow debuggers to attach to code…
a8f64e7 
…signed Julia

Without this entitlement, users that wish to attach a debugger to the
codesign Julia executable they receive from `julialang.org` must strip
the codesigning signature from the Julia executable (e.g. via `codesign
--remove-signature Julia-1.5.app/Contents/Resources/bin/julia`).  This
has its disadvantages, of course, so much better to simply declare to
the OS that it's alright for other processes to attach to this process.
@vtjnash vtjnash merged commit bf8a8e8 into master Aug 18, 2020
@vtjnash vtjnash deleted the sf/debugger branch August 18, 2020 16:25
KristofferC pushed a commit that referenced this pull request Aug 18, 2020
@staticfloat @KristofferC
Add get-task-allow entitlement to allow debuggers to attach to code…
dea950e 
…signed Julia (#37069)

Without this entitlement, users that wish to attach a debugger to the
codesign Julia executable they receive from `julialang.org` must strip
the codesigning signature from the Julia executable (e.g. via `codesign
--remove-signature Julia-1.5.app/Contents/Resources/bin/julia`).  This
has its disadvantages, of course, so much better to simply declare to
the OS that it's alright for other processes to attach to this process.

(cherry picked from commit bf8a8e8)
@KristofferC KristofferC mentioned this pull request Aug 18, 2020
Merged
25 tasks
KristofferC pushed a commit that referenced this pull request Aug 19, 2020
@staticfloat @KristofferC
Add get-task-allow entitlement to allow debuggers to attach to code…
fbab498 
…signed Julia (#37069)

Without this entitlement, users that wish to attach a debugger to the
codesign Julia executable they receive from `julialang.org` must strip
the codesigning signature from the Julia executable (e.g. via `codesign
--remove-signature Julia-1.5.app/Contents/Resources/bin/julia`).  This
has its disadvantages, of course, so much better to simply declare to
the OS that it's alright for other processes to attach to this process.

(cherry picked from commit bf8a8e8)
simeonschaub pushed a commit to simeonschaub/julia that referenced this pull request Aug 29, 2020
@staticfloat @simeonschaub
Add get-task-allow entitlement to allow debuggers to attach to code…
8d98eb8 
…signed Julia (JuliaLang#37069)

Without this entitlement, users that wish to attach a debugger to the
codesign Julia executable they receive from `julialang.org` must strip
the codesigning signature from the Julia executable (e.g. via `codesign
--remove-signature Julia-1.5.app/Contents/Resources/bin/julia`).  This
has its disadvantages, of course, so much better to simply declare to
the OS that it's alright for other processes to attach to this process.
@vtjnash vtjnash mentioned this pull request Sep 16, 2020
Closed
notinaboat
notinaboat reviewed Jul 11, 2021
View reviewed changes
contrib/mac/app/Entitlements.plist
@@ -4,6 +4,8 @@
<dict>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>com.apple.security.cs.get-task-allow</key>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be com.apple.security.get-task-allow (delete the .cs).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps you can open a PR with the fix?

@notinaboat
Copy link
Contributor

I'm not sure I know how to test the fix. I really know nothing about code signing other than googling the error message led me to here and I noticed the miss-spelling.
I've done --remove-signature to work around the problem on my mac for now.

@staticfloat
Copy link
Member Author

Thanks for the heads up notinaboat! This will be fixed with #41559, so you can see the change is quite simple. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@notinaboat notinaboat notinaboat left review comments

@KristofferC KristofferC KristofferC left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@staticfloat @notinaboat @KristofferC @vtjnash