How to undo codesign?

Question

In an attempt to codesign gdb, I used an incorrect certificate, so now gdb is codesigned but does not work as expected.

I attempted to codesign gdb using the correct certificate, however codesign complains that gdb is already signed.

So how to undo it?

The codesign command I used was:

codesign -s gdb-cert gdb

answered here... http://stackoverflow.com/a/26320600/2975337 — , Jul 20 '16 at 13:50

score 17 · Accepted Answer · answered Jan 02 '14 at 03:42

17

It's not well documented at all, from what I can tell, but you may be able to remove code signing via:

codesign --remove-signature gdb

answered Jan 02 '14 at 03:42

1

This removes a signature, but note that it leaves the binary unable to be re-signed with the `codesign` tool afterwards. You should just `brew reinstall gdb` and call it a day. – Mahmoud Al-Qudsi Jun 08 '17 at 05:11
Yup, but see my answer at the the linked https://stackoverflow.com/questions/7500381/bug-in-codesign-remove-signature-feature?noredirect=1&lq=1 And there is definitely more to it than `brew reinstall gdb`; one has to have the right certificate in your Keychain, like with lldb: https://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt – Geoff Nixon Jun 26 '18 at 08:42

score 7 · Answer 2 · answered Jul 17 '19 at 19:55

7

Add --force to the arguments of your codesign command to make it re-sign something.

For example:

codesign --force --sign gdb-cert gdb

answered Jul 17 '19 at 19:55

Perry

score 3 · Answer 3 · answered Jan 17 '15 at 22:26

3

I had a problem with removing signature as suggested by Micheal:

unsupported type or version of signature

Finally I used -f flag and force loaded new certificate.

answered Jan 17 '15 at 22:26

Krzysztof Kaczor

3 Answers3