Update documentation for macOS/arm64e ##doc

This commit is contained in:
pancake 2024-02-19 21:55:29 +01:00 committed by GitHub
parent 231973e682
commit 96e6d1c80e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,70 +1,88 @@
macOS
===
# macOS
macOS Users need to follow some extra steps to get the radare2 program signed and ready to debug other applications without running it as root. Same happens for iOS users, read `doc/ios` for more information.
Installation
------------
## Installation
To compile for macOS automatically, do it this way:
$ sys/install.sh
```sh
$ sys/install.sh
```
By default it is installed in /usr/local, you can specify a different prefix like this:
## Common Issues
$ sys/install.sh /custom/prefix
### Arm64e debug targets
To install bindings you will need to install r2, valac, valabind and swig. The whole process can be automated by using scripts under sys/
When running radare2 on arm64e processors, it is necessary to build radare2 for this specific architecture, because it is required to work with the pointer authentication stuff. To do this you'll need to:
$ r2pm -s python
* Disable SIP (Enter recovery mode and run `csrutil disable`)
* Set some specific CFLAGS to build r2
* Set a custom boot argument for the kernel
Common Issues
-------------
Use this script snippet as inspiration to achieve it:
```sh
sudo nvram boot-args=-arm64e_preview_abi
sudo reboot
```
```sh
export CFLAGS="-arch arm64e"
sys/install.sh
```
### Codesigning Requirement For Debugging
If you want to use the debugger via ssh or the sdk was not properly setup you must run:
$ sudo DevToolsSecurity -enable
```sh
$ sudo DevToolsSecurity -enable
```
You cannot debug binaries located outside your home, if you want to do that you should disable SIP:
* Reboot your mac while pressing CMD+R to enter recovery mode
* Open the terminal in the Utilities menu and type:
$ csrutil disable
```sh
$ csrutil disable
```
Code Signing
------------
## Code Signing
After Mac OS X 10.6, binaries that need permissions to debug require to be signed and include a .plist describing them. The aforementioned `install.sh` script will install a new code signing certificate into the system keychain and sign r2 with it. Alternatively, you can manually create a code signing certificate by following the following steps:
(Based on https://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt)
1. Launch /Applications/Utilities/Keychain Access.app
1. In Keychain Access select the "login" keychain in the "Keychains" list in the upper left hand corner of the window.
1. Select the following menu item:
1. Keychain Access->Certificate Assistant->Create a Certificate...
1. Set the following settings
1. Name = org.radare.radare2
1. Identity Type = Self Signed Root
1. Certificate Type = Code Signing
1. Click Create
1. Click Continue
1. Click Done
1. Click on the "My Certificates"
1. Double click on your new org.radare.radare2 certificate
1. Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust pulldown menu and select "Always Trust" and authenticate as needed using your username and password.
1. Drag the new "org.radare.radare2" code signing certificate (not the public or private keys of the same name) from the "login" keychain to the "System" keychain in the Keychains pane on the left hand side of the main Keychain Access window. This will move this certificate to the "System" keychain. You'll have to authorize a few more times, set it to be "Always trusted" when asked.
1. In the Keychain Access GUI, click and drag "org.radare.radare2" in the "System" keychain onto the desktop. The drag will create a "~/Desktop/org.radare.radare2.cer" file used in the next step.
1. Switch to Terminal, and run the following:
1. $ sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/org.radare.radare2.cer
1. $ rm -f ~/Desktop/org.radare.radare2.cer
1. Quit Keychain Access
1. Reboot
1. Run sys/install.sh (or follow the next steps if you want to install and sign radare2 manually)
* Launch /Applications/Utilities/Keychain Access.app
* In Keychain Access select the "login" keychain in the "Keychains" list in the upper left hand corner of the window.
* Select the following menu item:
* Keychain Access->Certificate Assistant->Create a Certificate...
* Set the following settings
* Name = org.radare.radare2
* Identity Type = Self Signed Root
* Certificate Type = Code Signing
* Click Create
* Click Continue
* Click Done
* Click on the "My Certificates"
* Double click on your new org.radare.radare2 certificate
* Turn down the "Trust" disclosure triangle, scroll to the "Code Signing" trust pulldown menu and select "Always Trust" and authenticate as needed using your username and password.
* Drag the new "org.radare.radare2" code signing certificate (not the public or private keys of the same name) from the "login" keychain to the "System" keychain in the Keychains pane on the left hand side of the main Keychain Access window. This will move this certificate to the "System" keychain. You'll have to authorize a few more times, set it to be "Always trusted" when asked.
* In the Keychain Access GUI, click and drag "org.radare.radare2" in the "System" keychain onto the desktop. The drag will create a "~/Desktop/org.radare.radare2.cer" file used in the next step.
* Switch to Terminal, and run the following:
* $ sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/org.radare.radare2.cer
* $ rm -f ~/Desktop/org.radare.radare2.cer
* Quit Keychain Access
* Reboot
* Run sys/install.sh (or follow the next steps if you want to install and sign radare2 manually)
As said before, the signing process can also be done manually following the next process. First, you will need to sign the radare2 binary:
$ make -C binr/radare2 macossign
```sh
$ make -C binr/radare2 macossign
```
But this is not enough. As long as r2 code is split into several libraries, you should sign every single dependency (libr*).
@ -89,15 +107,13 @@ After doing it you should be able to debug on macOS without root permissions!
Note: if you already have a valid certificate for code signing, you can specify its name by setting the env var CERTID.
Packaging
---------
## Packaging
To create a macOS .pkg just run the following command:
$ sys/osx-pkg.sh
Uninstall
---------
## Uninstall
To uninstall the .pkg downloaded from the r2 website or the one you have generated with `sys/osx-pkg.sh`, run the following as root: