13

I am following the instructions to codesign gdb on my MBP however when I get to the end of the System certificate creation process, keychain says "Unknown Error = -2,147,414,007" and the certificate has not been created.

It creates a certificate fine for login location, but system fails.

What is the problem and how can I fix this?

FlamingSquirrel
  • 153
  • 1
  • 5

2 Answers2

7

I got the same error, so I went through the process but created the certificate in the login keychain. Once this is done you can drag the certificate into the System keychain through the UI.

You will need to unlock your System keychain first if it is showing as a locked padlock: just right-click and select 'Unlock keychain "System"'.

You have to enter your password several times but eventually it works, and the corresponding codesign command works:

codesign -fs your-cert-name $(which gdb)
Daniel Terhorst-North
  • 186
  • 2
  • 3
    I've tried this, and I'm still getting the same thing unfortunately. `Unable to find Mach task port for process-id 39655: (os/kern) failure (0x5). (please check gdb is codesigned - see taskgated(8))` – FlamingSquirrel Oct 30 '17 at 23:14
  • Did you unlock your System keychain first? I noticed my local one had the unlocked padlock symbol but the System one was locked. I unlocked it before trying to drag-and-drop the certificate. Also, check there aren’t more than one gdb binary, because you may be signing the wrong one: `locate gdb` – Daniel Terhorst-North Nov 01 '17 at 08:52
  • Yeay! A different error this time `During startup program terminated with signal ?, Unknown signal.` When did gdb break on macOS? – FlamingSquirrel Nov 01 '17 at 12:51
  • Ok so it looks like you’re all set with code signing. No idea about the gdb error :) – Daniel Terhorst-North Nov 02 '17 at 13:22
  • I'll mark as the accepted answer, this is probably an issue with gdb on my machine. I think for now I'll just debug on my linux VM! Thanks. – FlamingSquirrel Nov 02 '17 at 13:33
  • @FlamingSquirrel the `terminated with signal` is a separate unrelated error that I get with brew gdb 8.1 but not 8.01 on high sierra. 8.1 is *certainly* broken on high sierra, while I have gotten 8.01 to work. However, from the nov 17 post date I'm not sure which version you were using. – xdavidliu Mar 12 '18 at 23:44
  • @FlamingSquirrel see https://stackoverflow.com/questions/49001329/gdb-doesnt-work-on-macos-high-sierra-10-13-3 – xdavidliu Mar 13 '18 at 00:40
  • There is a complete guide that seems to work here https://forward-in-code.blogspot.com/2018/11/mojave-vs-gdb.html – zakkak Mar 13 '19 at 10:02
0

Some of the tutorials I've been walking through outlining this process (& for me, uploading to TestFlight ex: Ray Wenderlich) specify to leave the CA email blank. The hint text states it's required, but I was ignoring this as the tutorials stated. By just adding the email address of the certificate authority (my admin account registered to itunes connect), I was able to download the certificate.

Rachael
  • 101
  • 1