[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
https://github.com/mysterymath closed https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
https://github.com/JDevlieghere approved this pull request. https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
mysterymath wrote: > The nodes on GreenDragon run under a UI session so that might explain why we > don't see that issue there. Is there any harm with using > `packages/Python/lldbsuite/test/make/entitlements.plist` for macOS too? Does > `com.apple.private.security.no-sandbox` cause issues? At least on my macOS Sonoma workstation, I get a `Killed: 9` when I try to run a binary built with by the LLDB test suite with entitlement `com.apple.private.security.no-sandbox`. https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
JDevlieghere wrote: The nodes on GreenDragon run under a UI session so that might explain why we don't see that issue there. Is there any harm with using `packages/Python/lldbsuite/test/make/entitlements.plist` for macOS too? Does `com.apple.private.security.no-sandbox` cause issues? https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
https://github.com/mysterymath edited https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
https://github.com/mysterymath edited https://github.com/llvm/llvm-project/pull/71112 ___ lldb-commits mailing list lldb-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
llvmbot wrote:
@llvm/pr-subscribers-lldb
Author: Daniel Thornburgh (mysterymath)
Changes
Running the LLDB test suite in a GUI-less CI macOS environment requires that
the debugged tasks be signed with the get-task-allow entitlement.
NOTE: I'm not entirely sure why the upstream macOS builders don't run into
this; it could be something that occurs on newer macOS, or it could be that
they have some global setting that prevents the debugger attachment check from
firing.
---
Full diff: https://github.com/llvm/llvm-project/pull/71112.diff
2 Files Affected:
- (modified) lldb/packages/Python/lldbsuite/test/builders/darwin.py (+8-7)
- (added) lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
(+8)
``diff
diff --git a/lldb/packages/Python/lldbsuite/test/builders/darwin.py
b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
index 40dd13bcfdea1d6..a023bda3ad80103 100644
--- a/lldb/packages/Python/lldbsuite/test/builders/darwin.py
+++ b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
@@ -88,17 +88,18 @@ def getExtraMakeArgs(self):
args["FRAMEWORK_INCLUDES"] = "-F{}".format(private_frameworks)
operating_system, env = get_os_and_env()
-if operating_system and operating_system != "macosx":
-builder_dir = os.path.dirname(os.path.abspath(__file__))
-test_dir = os.path.dirname(builder_dir)
+
+builder_dir = os.path.dirname(os.path.abspath(__file__))
+test_dir = os.path.dirname(builder_dir)
+if not operating_system:
+entitlements_file = "entitlements-macos.plist"
+else:
if env == "simulator":
entitlements_file = "entitlements-simulator.plist"
else:
entitlements_file = "entitlements.plist"
-entitlements = os.path.join(test_dir, "make", entitlements_file)
-args["CODESIGN"] = "codesign --entitlements
{}".format(entitlements)
-else:
-args["CODESIGN"] = "codesign"
+entitlements = os.path.join(test_dir, "make", entitlements_file)
+args["CODESIGN"] = "codesign --entitlements {}".format(entitlements)
# Return extra args as a formatted string.
return ["{}={}".format(key, value) for key, value in args.items()]
diff --git a/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
new file mode 100644
index 000..9acd12816c91373
--- /dev/null
+++ b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
@@ -0,0 +1,8 @@
+
+http://www.apple.com/DTDs/PropertyList-1.0.dtd;>
+
+
+com.apple.security.get-task-allow
+
+
+
``
https://github.com/llvm/llvm-project/pull/71112
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
[Lldb-commits] [lldb] [lldb] Use get-task-allow entitlement on macOS too (PR #71112)
https://github.com/mysterymath created
https://github.com/llvm/llvm-project/pull/71112
Running the LLDB test suite in a GUI-less CI macOS environment requires that
the debugged tasks be signed with the get-task-allow entitlement.
NOTE: I'm not entirely sure why the upstream macOS builders don't run into
this; it could be something that occurs on newer macOS, or it could be that
they have some global setting that prevents the debugger attachment check from
firing.
>From c309ac45505ad147ffc167099ec2f4fa4fe9b2d0 Mon Sep 17 00:00:00 2001
From: Daniel Thornburgh
Date: Wed, 25 Oct 2023 16:08:07 -0700
Subject: [PATCH] [lldb] Use get-task-allow entitlement on macOS too
Running the LLDB test suite in a GUI-less CI macOS environment requires that
the debugged tasks be signed with the get-task-allow entitlement.
---
.../Python/lldbsuite/test/builders/darwin.py | 15 ---
.../lldbsuite/test/make/entitlements-macos.plist | 8
2 files changed, 16 insertions(+), 7 deletions(-)
create mode 100644
lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
diff --git a/lldb/packages/Python/lldbsuite/test/builders/darwin.py
b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
index 40dd13bcfdea1d6..a023bda3ad80103 100644
--- a/lldb/packages/Python/lldbsuite/test/builders/darwin.py
+++ b/lldb/packages/Python/lldbsuite/test/builders/darwin.py
@@ -88,17 +88,18 @@ def getExtraMakeArgs(self):
args["FRAMEWORK_INCLUDES"] = "-F{}".format(private_frameworks)
operating_system, env = get_os_and_env()
-if operating_system and operating_system != "macosx":
-builder_dir = os.path.dirname(os.path.abspath(__file__))
-test_dir = os.path.dirname(builder_dir)
+
+builder_dir = os.path.dirname(os.path.abspath(__file__))
+test_dir = os.path.dirname(builder_dir)
+if not operating_system:
+entitlements_file = "entitlements-macos.plist"
+else:
if env == "simulator":
entitlements_file = "entitlements-simulator.plist"
else:
entitlements_file = "entitlements.plist"
-entitlements = os.path.join(test_dir, "make", entitlements_file)
-args["CODESIGN"] = "codesign --entitlements
{}".format(entitlements)
-else:
-args["CODESIGN"] = "codesign"
+entitlements = os.path.join(test_dir, "make", entitlements_file)
+args["CODESIGN"] = "codesign --entitlements {}".format(entitlements)
# Return extra args as a formatted string.
return ["{}={}".format(key, value) for key, value in args.items()]
diff --git a/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
new file mode 100644
index 000..9acd12816c91373
--- /dev/null
+++ b/lldb/packages/Python/lldbsuite/test/make/entitlements-macos.plist
@@ -0,0 +1,8 @@
+
+http://www.apple.com/DTDs/PropertyList-1.0.dtd;>
+
+
+com.apple.security.get-task-allow
+
+
+
___
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
