7 Replies
      Latest reply on Dec 1, 2019 7:45 AM by eskimo
      joostn Level 1 Level 1 (0 points)



        I'm unable to debug my mac application under XCode when Hardened Runtime is enabled. I'm getting 'Message from debugger: Error 1'.


        lldb -p <pid>  gives the same error:

        error: attach failed: Error 1


        Disabling hardened runtime solves the problem, but I'm wondering if there's a way to debug with the hardened runtime enabled, and why I'm getting such a cryptic error message.


        Using XCode 10.2.1 on macOS 10.14.5.

        • Re: Debugging fails with "Error 1" if hardened runtime is enabled
          philknock Level 1 Level 1 (0 points)

          I encountered this error too running XCode 10.2.1 on macOS 10.14.5.


          In my case, this didn't have to do with Hardened Runtime, but rather my "Debug Process As" setting.


          I had to edit my scheme settings, and instead of debugging the process as me, I had to debug process as root. Not sure why this works, but hope it's helpful.


          • Re: Debugging fails with "Error 1" if hardened runtime is enabled
            eskimo Apple Staff Apple Staff (12,425 points)

            This problem is most likely related to entitlements.  In general, the hardened runtime prevents the debugger from attaching to your process.  When you do a Product > Run, Xcode adds an entitlement to your app (com.apple.security.get-task-allow) that allows the debugger to attach.  In other situations — for example, when you do a Product > Archive — that’s not the case.

            IMPORTANT This entitlement isn’t added to your .entitlements file, but directly to the app.  Use this command to see it:

            $ codesign -d --entitlements :- /path/to/your.app

            It sounds like Xcode isn’t adding this entitlement for you.  One possibility is that you’ve disabled the Code Signing Inject Base Entitlements (CODE_SIGN_INJECT_BASE_ENTITLEMENTS) build setting.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: Debugging fails with "Error 1" if hardened runtime is enabled
                ccorbell Level 1 Level 1 (0 points)

                I saw this problem too, with a simple command-line C++ tool. My project(s) have "Automatically manage signing" checked, and I verified CODE_SIGN_INJECT_BASE_ENTITLEMENTS was Yes for Debug and Release. I'm on Xcode 10.3, Mac OS 10.14.6.


                Debugging the tool worked fine on the machine where I created the project (same Xcode/OSX versions), but checking the project out of git on a different machine, this problem occurred - I hit run but it never hits the entry point of main and the same error is reported (but oddly it hides the console & you have to open it to see it). Like the poster above, running as root works around the issue, but for many reasons I do not want to do that.


                Messing with my signing certificate ended up fixing the problem. In Keychain access I noticed my Mac OS Developer certificate was in System Roots but not in login. I dragged it into login. Then in the Xcode project Info settings (showing signing setup), there was an error message saying I needed to remove the current signing certificate in order to pick up the correct one. I clicked okay and the warning went away. Now, for some reason, there are two different copies of my Mac Developer signing certificate in keychain - same ID#, one dated a month ago, another dated today.


                The good news is, it seems to be fixed, though there seems to be something a little off with the "Automatically manage signing" setting and keychain's management of certificates - either that or I did something wrong while setting it up (with a different project).

                • Re: Debugging fails with "Error 1" if hardened runtime is enabled
                  joostn Level 1 Level 1 (0 points)

                  It's still not working for me. I guessed it had something to do with my manual signing settings. But now I've switch to automatic signing and it still doesn't work.


                  My settings:


                  CODE_SIGN_STYLE = Automatic

                  From the build log:


                  CodeSign /Users/joostn/Library/Developer/Xcode/DerivedData/MyProduct-fvgvvkwupoapzkazuzzceweakusy/Build/Products/Release/MyProduct.app (in target 'MyProduct' from project 'MyProduct')
                      cd /Volumes/devel/wxwprojects_MyProduct12/MyProduct/Project/XCode
                      export CODESIGN_ALLOCATE=/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate
                  Signing Identity:     "-"
                      /usr/bin/codesign --force --sign - -o runtime --entitlements /Users/joostn/Library/Developer/Xcode/DerivedData/MyProduct-fvgvvkwupoapzkazuzzceweakusy/Build/Intermediates.noindex/MyProduct.build/Release/MyProduct.build/MyProduct.app.xcent /Users/joostn/Library/Developer/Xcode/DerivedData/MyProduct-fvgvvkwupoapzkazuzzceweakusy/Build/Products/Release/MyProduct.app
                  /Users/joostn/Library/Developer/Xcode/DerivedData/MyProduct-fvgvvkwupoapzkazuzzceweakusy/Build/Products/Release/MyProduct.app: replacing existing signature


                  The .xcent file appears to contain no entitlements:

                  cat /Users/joostn/Library/Developer/Xcode/DerivedData/MyProduct-fvgvvkwupoapzkazuzzceweakusy/Build/Intermediates.noindex/MyProduct.build/Release/MyProduct.build/MyProduct.app.xcent

                  And indeed codesign -d --entitlements reports that my app has no entitlements.


                  Any ideas?

                • Re: Debugging fails with "Error 1" if hardened runtime is enabled
                  AMAbernathy Level 1 Level 1 (0 points)

                  I was able to work around this by setting the "Code Signing Identity" to "Sign to Run Localy" and also changing "Enable Hardend Runtime" to "No".  Both of these settings are in the build settings of the target under signing.