From 6e6b4ac18e7c580d6c439c768aa1954cd05a5342 Mon Sep 17 00:00:00 2001 From: Stefan Granitz Date: Tue, 20 Nov 2018 14:10:33 +0000 Subject: [PATCH] [CMake] Streamline code signing for debugserver and pass entitlements to extended llvm_codesign Summary: Use llvm_codesign to sign debugserver with entitlements. Set global LLVM_CODESIGNING_IDENTITY from LLDB_CODESIGN_IDENTITY (if given). Pass through ENTITLEMENTS from add_lldb_executable to add_llvm_executable. Handle reconfigurations correctly. We have a lot of cases, make them explicit: (1) build and sign debugserver, if all conditions apply: * LLDB_NO_DEBUGSERVER=OFF (default) * On Darwin: LLDB_USE_SYSTEM_DEBUGSERVER=OFF (default) * On Darwin: LLVM_CODESIGNING_IDENTITY == lldb_codesign (2) use system debugserver, if on Darwin and any of: * LLDB_USE_SYSTEM_DEBUGSERVER=ON and found on system (explicit case) * LLVM_CODESIGNING_IDENTITY != lldb_codesign and found on system (fallback case) (3) debugserver will not be available, in case of: * LLDB_NO_DEBUGSERVER=ON * On Darwin: LLVM_CODESIGNING_IDENTITY != lldb_codesign and not found on system (4) error state, in case of: * LLDB_USE_SYSTEM_DEBUGSERVER=ON and not found on system * LLDB_USE_SYSTEM_DEBUGSERVER=ON and LLDB_NO_DEBUGSERVER=ON Reviewers: xiaobai, beanz, vsk, JDevlieghere Subscribers: mgorny, lldb-commits, llvm-commits Differential Revision: https://reviews.llvm.org/D54476 llvm-svn: 347305 --- lldb/CMakeLists.txt | 6 + lldb/cmake/modules/AddLLDB.cmake | 4 +- lldb/test/CMakeLists.txt | 4 +- lldb/tools/debugserver/CMakeLists.txt | 8 +- lldb/tools/debugserver/source/CMakeLists.txt | 172 ++++++++++++++++----------- lldb/unittests/tools/CMakeLists.txt | 2 +- 6 files changed, 122 insertions(+), 74 deletions(-) diff --git a/lldb/CMakeLists.txt b/lldb/CMakeLists.txt index 1e08adc..17aa4a1 100644 --- a/lldb/CMakeLists.txt +++ b/lldb/CMakeLists.txt @@ -11,6 +11,12 @@ include(LLDBStandalone) include(LLDBConfig) include(AddLLDB) +option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON) +if(LLDB_CODESIGN_IDENTITY) + # In the future we may use LLVM_CODESIGNING_IDENTITY directly. + set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY}) +endif() + # Define the LLDB_CONFIGURATION_xxx matching the build type if( uppercase_CMAKE_BUILD_TYPE STREQUAL "DEBUG" ) add_definitions( -DLLDB_CONFIGURATION_DEBUG ) diff --git a/lldb/cmake/modules/AddLLDB.cmake b/lldb/cmake/modules/AddLLDB.cmake index 0e26db5..89f5956 100644 --- a/lldb/cmake/modules/AddLLDB.cmake +++ b/lldb/cmake/modules/AddLLDB.cmake @@ -100,13 +100,13 @@ endfunction(add_lldb_library) function(add_lldb_executable name) cmake_parse_arguments(ARG "INCLUDE_IN_SUITE;GENERATE_INSTALL" - "" + "ENTITLEMENTS" "LINK_LIBS;LINK_COMPONENTS" ${ARGN} ) list(APPEND LLVM_LINK_COMPONENTS ${ARG_LINK_COMPONENTS}) - add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS}) + add_llvm_executable(${name} ${ARG_UNPARSED_ARGUMENTS} ENTITLEMENTS ${ARG_ENTITLEMENTS}) target_link_libraries(${name} PRIVATE ${ARG_LINK_LIBS}) set_target_properties(${name} PROPERTIES diff --git a/lldb/test/CMakeLists.txt b/lldb/test/CMakeLists.txt index bf7b21e..555b5cf 100644 --- a/lldb/test/CMakeLists.txt +++ b/lldb/test/CMakeLists.txt @@ -93,11 +93,11 @@ if (NOT "${LLDB_LIT_TOOLS_DIR}" STREQUAL "") endif() endif() -if(CMAKE_HOST_APPLE) +if(CMAKE_HOST_APPLE AND DEBUGSERVER_PATH) list(APPEND LLDB_TEST_COMMON_ARGS --server ${DEBUGSERVER_PATH}) endif() -if(SKIP_DEBUGSERVER) +if(SKIP_TEST_DEBUGSERVER) list(APPEND LLDB_TEST_COMMON_ARGS --out-of-tree-debugserver) endif() diff --git a/lldb/tools/debugserver/CMakeLists.txt b/lldb/tools/debugserver/CMakeLists.txt index ae436b8..9901165 100644 --- a/lldb/tools/debugserver/CMakeLists.txt +++ b/lldb/tools/debugserver/CMakeLists.txt @@ -8,12 +8,18 @@ if (CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) "${CMAKE_SOURCE_DIR}/../../cmake" "${CMAKE_SOURCE_DIR}/../../cmake/modules" ) - + include(LLDBStandalone) include(AddLLDB) set(LLDB_SOURCE_DIR "${CMAKE_SOURCE_DIR}/../../") include_directories(${LLDB_SOURCE_DIR}/include) + + option(LLDB_USE_ENTITLEMENTS "When codesigning, use entitlements if available" ON) + if(LLDB_CODESIGN_IDENTITY) + # In the future we may use LLVM_CODESIGNING_IDENTITY directly. + set(LLVM_CODESIGNING_IDENTITY ${LLDB_CODESIGN_IDENTITY}) + endif() endif() add_subdirectory(source) diff --git a/lldb/tools/debugserver/source/CMakeLists.txt b/lldb/tools/debugserver/source/CMakeLists.txt index 16369e4..2b16f1c 100644 --- a/lldb/tools/debugserver/source/CMakeLists.txt +++ b/lldb/tools/debugserver/source/CMakeLists.txt @@ -94,32 +94,102 @@ set(lldbDebugserverCommonSources add_library(lldbDebugserverCommon ${lldbDebugserverCommonSources}) +option(LLDB_NO_DEBUGSERVER "Disable the debugserver target" OFF) +option(LLDB_USE_SYSTEM_DEBUGSERVER "Use the system's debugserver instead of building it from source (Darwin only)." OFF) -set(LLDB_CODESIGN_IDENTITY "lldb_codesign" - CACHE STRING "Identity used for code signing. Set to empty string to skip the signing step.") +# Incompatible options +if(LLDB_NO_DEBUGSERVER AND LLDB_USE_SYSTEM_DEBUGSERVER) + message(FATAL_ERROR "Inconsistent options: LLDB_NO_DEBUGSERVER and LLDB_USE_SYSTEM_DEBUGSERVER") +endif() -if(NOT LLDB_CODESIGN_IDENTITY STREQUAL "") - set(DEBUGSERVER_PATH ${LLVM_RUNTIME_OUTPUT_INTDIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX} CACHE PATH "Path to debugserver.") - set(SKIP_DEBUGSERVER OFF CACHE BOOL "Skip building the in-tree debug server") -else() +# Try to locate the system debugserver. +# Subsequent feasibility checks depend on it. +if(APPLE AND CMAKE_HOST_APPLE) execute_process( COMMAND xcode-select -p - OUTPUT_VARIABLE XCODE_DEV_DIR) - string(STRIP ${XCODE_DEV_DIR} XCODE_DEV_DIR) - if(EXISTS "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/") - set(DEBUGSERVER_PATH - "${XCODE_DEV_DIR}/../SharedFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.") - elseif(EXISTS "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/") - set(DEBUGSERVER_PATH - "${XCODE_DEV_DIR}/Library/PrivateFrameworks/LLDB.framework/Resources/debugserver" CACHE PATH "Path to debugserver.") + OUTPUT_VARIABLE xcode_dev_dir) + string(STRIP ${xcode_dev_dir} xcode_dev_dir) + + set(debugserver_rel_path "LLDB.framework/Resources/debugserver") + set(debugserver_shared "${xcode_dev_dir}/../SharedFrameworks/${debugserver_rel_path}") + set(debugserver_private "${xcode_dev_dir}/Library/PrivateFrameworks/${debugserver_rel_path}") + + if(EXISTS ${debugserver_shared}) + set(system_debugserver ${debugserver_shared}) + elseif(EXISTS ${debugserver_private}) + set(system_debugserver ${debugserver_private}) + endif() +endif() + +# Handle unavailability +if(LLDB_USE_SYSTEM_DEBUGSERVER) + if(system_debugserver) + set(use_system_debugserver ON) + elseif(APPLE AND CMAKE_HOST_APPLE) + # Binary not found on system. Keep cached variable, to try again on reconfigure. + message(SEND_ERROR + "LLDB_USE_SYSTEM_DEBUGSERVER option set, but no debugserver found in:\ + ${debugserver_shared}\ + ${debugserver_private}") else() - message(SEND_ERROR "Cannot find debugserver on system.") + # Non-Apple target platform or non-Darwin host. Reset invalid cached variable. + message(WARNING "Reverting invalid option LLDB_USE_SYSTEM_DEBUGSERVER (Darwin only)") + set(LLDB_USE_SYSTEM_DEBUGSERVER OFF CACHE BOOL "" FORCE) endif() - set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server") +elseif(NOT LLDB_NO_DEBUGSERVER) + # Default case: on Darwin we need the right code signing ID. + # See lldb/docs/code-signing.txt for details. + if(CMAKE_HOST_APPLE AND NOT LLVM_CODESIGNING_IDENTITY STREQUAL "lldb_codesign") + set(msg "Cannot code sign debugserver with identity '${LLVM_CODESIGNING_IDENTITY}'.") + if(system_debugserver) + message(WARNING "${msg} Will fall back to system's debugserver.") + set(use_system_debugserver ON) + else() + message(WARNING "${msg} debugserver will not be available.") + endif() + else() + set(build_and_sign_debugserver ON) + endif() +endif() + +# TODO: We don't use the $ generator expression here, +# because the value of DEBUGSERVER_PATH is used to build LLDB_DOTEST_ARGS, +# which is used for configuring lldb-dotest.in, which does not have a generator +# step at the moment. +set(default_debugserver_path "${LLVM_TOOLS_BINARY_DIR}/debugserver${CMAKE_EXECUTABLE_SUFFIX}") + +# Remember where debugserver binary goes and whether or not we have to test it. +set(DEBUGSERVER_PATH "" CACHE FILEPATH "Path to debugserver") +set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "Building the in-tree debugserver was skipped") + +# Reset values in all cases in order to correctly support reconfigurations. +if(use_system_debugserver) + add_custom_target(debugserver + COMMAND ${CMAKE_COMMAND} -E copy_if_different + ${system_debugserver} ${LLVM_TOOLS_BINARY_DIR} + COMMENT "Copying the system debugserver to LLDB's binaries directory.") + + # Don't test debugserver itself. + # Tests that require debugserver will use the copy. + set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE) + set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE) + + message(STATUS "Copy system debugserver from: ${system_debugserver}") +elseif(build_and_sign_debugserver) + # Build, sign and test debugserver (below) + set(DEBUGSERVER_PATH ${default_debugserver_path} CACHE FILEPATH "" FORCE) + set(SKIP_TEST_DEBUGSERVER OFF CACHE BOOL "" FORCE) + + message(STATUS "lldb debugserver: ${DEBUGSERVER_PATH}") +else() + # No tests for debugserver, no tests that require it. + set(DEBUGSERVER_PATH "" CACHE FILEPATH "" FORCE) + set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE) + + message(STATUS "lldb debugserver will not be available.") endif() -message(STATUS "Path to the lldb debugserver: ${DEBUGSERVER_PATH}") -if (APPLE) +if(APPLE) if(IOS) find_library(BACKBOARD_LIBRARY BackBoardServices PATHS ${CMAKE_OSX_SYSROOT}/System/Library/PrivateFrameworks) @@ -132,7 +202,7 @@ if (APPLE) find_library(LOCKDOWN_LIBRARY lockdown) if(NOT BACKBOARD_LIBRARY) - set(SKIP_DEBUGSERVER ON CACHE BOOL "Skip building the in-tree debug server" FORCE) + set(SKIP_TEST_DEBUGSERVER ON CACHE BOOL "" FORCE) endif() else() find_library(COCOA_LIBRARY Cocoa) @@ -143,7 +213,16 @@ if(HAVE_LIBCOMPRESSION) set(LIBCOMPRESSION compression) endif() -if(NOT SKIP_DEBUGSERVER) +if(LLDB_USE_ENTITLEMENTS) + if(IOS) + set(entitlements ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist) + else() + # Same entitlements file as used for lldb-server + set(entitlements ${LLDB_SOURCE_DIR}/resources/debugserver-macosx-entitlements.plist) + endif() +endif() + +if(build_and_sign_debugserver) target_link_libraries(lldbDebugserverCommon INTERFACE ${COCOA_LIBRARY} ${CORE_FOUNDATION_LIBRARY} @@ -166,6 +245,9 @@ if(NOT SKIP_DEBUGSERVER) LINK_LIBS lldbDebugserverCommon + + ENTITLEMENTS + ${entitlements} ) if(IOS) set_property(TARGET lldbDebugserverCommon APPEND PROPERTY COMPILE_DEFINITIONS @@ -203,54 +285,8 @@ if(IOS) LINK_LIBS lldbDebugserverCommon_NonUI - ) -endif() -set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-macosx-entitlements.plist) -if(IOS) - set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/debugserver-entitlements.plist) -else() - set(entitlements_xml ${CMAKE_CURRENT_SOURCE_DIR}/../../../resources/debugserver-macosx-entitlements.plist) -endif() - -set(LLDB_USE_ENTITLEMENTS_Default On) -option(LLDB_USE_ENTITLEMENTS "Use entitlements when codesigning (Defaults Off when using lldb_codesign identity, otherwise On)" ${LLDB_USE_ENTITLEMENTS_Default}) - -if (SKIP_DEBUGSERVER) - if (CMAKE_HOST_APPLE) - # If we haven't built a signed debugserver, copy the one from the system. - add_custom_target(debugserver - COMMAND ${CMAKE_COMMAND} -E copy_if_different ${DEBUGSERVER_PATH} ${CMAKE_BINARY_DIR}/bin - VERBATIM - COMMENT "Copying the system debugserver to LLDB's binaries directory.") - endif() -else() - if(LLDB_USE_ENTITLEMENTS) - set(entitlements_flags --entitlements ${entitlements_xml}) - endif() - execute_process( - COMMAND xcrun -f codesign_allocate - OUTPUT_STRIP_TRAILING_WHITESPACE - OUTPUT_VARIABLE CODESIGN_ALLOCATE - ) - add_custom_command(TARGET debugserver - POST_BUILD - COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE} - codesign --force --sign ${LLDB_CODESIGN_IDENTITY} - ${entitlements_flags} - $ - ) - if(IOS) - add_custom_command(TARGET debugserver-nonui - POST_BUILD - COMMAND ${CMAKE_COMMAND} -E env CODESIGN_ALLOCATE=${CODESIGN_ALLOCATE} - codesign --force --sign ${LLDB_CODESIGN_IDENTITY} - ${entitlements_flags} - $ + ENTITLEMENTS + ${entitlements} ) - endif() endif() - - - - diff --git a/lldb/unittests/tools/CMakeLists.txt b/lldb/unittests/tools/CMakeLists.txt index bce076e..d180ebe 100644 --- a/lldb/unittests/tools/CMakeLists.txt +++ b/lldb/unittests/tools/CMakeLists.txt @@ -1,5 +1,5 @@ if(CMAKE_SYSTEM_NAME MATCHES "Android|Darwin|Linux|NetBSD") - if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD)) + if ((CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_TEST_DEBUGSERVER) OR (NOT CMAKE_SYSTEM_NAME MATCHES "Darwin" AND SKIP_LLDB_SERVER_BUILD)) # These tests are meant to test lldb-server/debugserver in isolation, and # don't provide any value if run against a server copied from somewhere. else() -- 2.7.4