Versions Compared

Old Version 3

changes.mady.by.user rhoover rhoover

Saved on

compared with

New Version Current

changes.mady.by.user Iris Clark

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
CSS Stylesheet
.wiki-content .confluenceTh,
.wiki-content .confluenceTd {
    border: 2px solid #e76f00;
}
This feature was delivered into JDK 7u4 which was released April 2012 and was subsequently dissolved February 2020. Discussion about ports may be found on porters-dev.

Using Java analysis tools jsadebug, jinfo, and jmap

Some of the Java analysis tools access other Java processes via the HotSpot serviceability agent and introspection into the other process. On MacOS, this access is controlled for security reasons. There are two ways to get these tools to function:

...

The OpenJDK build makefile attempts to sign these commands using a certificate named openjdk_codesign. When Oracle builds binary releases with an authoritative certificate of this name, their binaries should be accepted by all computers recognizing that authority. Alternatively, the individual OpenJDK builder can create a code-sigining certificate that will give authorization on their computers.

Creating A Code-Signing Certificate (courtesy of the lldb project)

  • Launch /Applications/Utilities/Keychain Access.app

...

  • Click Create
  • Click Continue
  • Click Done
  • Click on the "My Certificates"
  • Double click on your new lldbopenjdk_codesign certificate
  • Turn down the "Trust" disclosure triangle

...

The next steps are necessary on SnowLeopard, but are probably because of a bug in how Keychain Access makes certificates. (Note: These also apply for Lion.)

  • Option-drag the new lldbopenjdk_codesign certificate from the login keychain to the System keychain in the Keychains pane of the main Keychain Access window to make a copy of this certificate in the System keychain. You'll have to authorize a few more times, set it to be "Always trusted" when asked.
  • Switch to the System keychain, and drag the copy of lldbopenjdk_codesign you just made there onto the desktop.
  • Switch to Terminal, and run the following:
Code Block

sudo security add-trust -d -r trustRoot -p basic -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/openjdk_codesign.cer
  • Right click on the "lldbopenjdk_codesign" certificate in the "System" keychain (NOT "login", but the one in "System"), and select "Delete" to delete it from
    the "System" keychain.
  • Reboot (I've found this step unnecessary.)
  • Clean and rebuild OpenJDK and you should be able to debug. (You can just remove the jsadebug,jinfo,jmap binaries in build/macosx-universal/bin instead of cleaning everything.)