背景
在 macOS 上使用 Hugo prebuilt binaries 时,无法用 Delve 调试。
报错:Failed to launch: could not launch process: not an executable file
% dlv version
Delve Debugger
Version: 1.26.3
Build: $Id: bbf4ef90346d0efffb8a156d514413ea39ae9467 $
验证
已知 Delve 在 macOS 上默认后端是 LLDB,先测试 LLDB 是否可以附加。
lldb error message
(lldb) run
error: process exited with status -1 (attach failed (Not allowed to attach to process.
Look in the console messages (Console.app), near the debugserver entries, when the attach failed.
The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.))
console messages
error: [LaunchAttach] MachTask::TaskPortForProcessID task_for_pid(10058) failed: ::task_for_pid ( target_tport = 0x0203, pid = 10058, &task ) => err = 0x00000005 ((os/kern) failure)
Workaround
从源码构建程序。
CGO_ENABLED=0 go install github.com/gohugoio/hugo@latest
排查
0x00 检查 LLDB com.apple.debugserver
一般不用这步,毕竟调试其他程序还是成功的。
com.apple.security.cs.debugger
% codesign -d --entitlements - \
/Applications/Xcode.app/Contents/SharedFrameworks/LLDB.framework/Versions/A/Resources/debugserver
0x01 检查 预制二进制 签名
根据 hugoreleaser.yaml1 可知,应有 entitlement:
com.apple.security.cs.allow-jitcom.apple.security.cs.allow-unsigned-executable-memory
% codesign -dv --verbose=4 hugo
% codesign -d --entitlements - --xml hugo
% codesign -dv --verbose=4 hugo
Executable=/Users/xxx/go/bin/hugo
Identifier=hugo
Format=Mach-O universal (x86_64 arm64)
CodeDirectory v=20500 size=405680 flags=0x10000(runtime) hashes=12667+7 location=embedded
VersionPlatform=1
VersionMin=720896
VersionSDK=787200
Hash type=sha256 size=32
CandidateCDHash sha1=7ae717390a4ef4a1d2ac49d70fd4d4fe2a917b62
CandidateCDHashFull sha1=7ae717390a4ef4a1d2ac49d70fd4d4fe2a917b62
CandidateCDHash sha256=009f09f28ad13df6fc559ba2eb905947a282484d
CandidateCDHashFull sha256=009f09f28ad13df6fc559ba2eb905947a282484dc9806550ade83f62d877ac85
Hash choices=sha1,sha256
CMSDigest=99656a0e8d77454fa5841683fa1fb1d960f6406a01689d40224a29ef5d73fe77
CMSDigestType=2
Executable Segment base=0
Executable Segment limit=38371328
Executable Segment flags=0x1
Page size=4096
CDHash=009f09f28ad13df6fc559ba2eb905947a282484d
Signature size=9071
Authority=Developer ID Application: Bjørn Erik Pedersen (ZYSJUFSYL4)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Apr 29, 2026 at 22:11:09
Info.plist=not bound
TeamIdentifier=ZYSJUFSYL4
Runtime Version=12.3.0
Sealed Resources=none
Internal requirements count=1 size=164
CODESIGN(1) > OPTION FLAGS > runtime
On macOS versions >= 10.14.0, opts signed processes into a hardened runtime environment which includes runtime code signing enforcement, library validation, hard, kill, and debugging restrictions. These restrictions can be selectively relaxed via entitlements.
Note: macOS versions older than 10.14.0 ignore the presence of this flag in the code signature.
% codesign -d --entitlements - --xml hugo
Executable=/Users/xxx/go/bin/hugo
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
</dict>
</plist>
0x02 修改 预制二进制 签名
- 添加
com.apple.security.get-task-allowcodesign -f -s - --entitlements debug_entitlements.xml hugo-un
- 移除
codesign -f -s - --timestamp=none hugo-un
0x03 验证 LLDB 是否可以附加
(lldb) r
Process 13249 launched: '/Users/xxx/go/bin/hugo-un' (arm64)
Total in 0 ms
ERROR Unable to locate config file or config directory. Perhaps you need to create a new project.
Run `hugo help new` for details.
Process 13249 exited with status = 1 (0x00000001)
0x04 验证 Delve 是否可以附加
仍然报错 Failed to launch: could not launch process: not an executable file。
% dlv exec dlv -- exec hugo-un
Type 'help' for list of command.
(dlv) b verifyBinaryFormat
Breakpoint 1 set at 0x100d49310 for github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2506
(dlv) b debugger.go:2533
Breakpoint 2 set at 0x100d4956c for github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2533
(dlv) b debugger.go:2543
Breakpoint 3 set at 0x100d495ec for github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2543
(dlv) c
2026-05-16T17:09:37+08:00 warn layer=dlv CGO_CFLAGS already set, Cgo code could be optimized.
> [Breakpoint 1] github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2506 (hits goroutine(1):1 total:1) (PC: 0x100d49310)
=>2506: func verifyBinaryFormat(exePath string) (string, error) {
(dlv) c
> [Breakpoint 2] github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2533 (hits goroutine(1):1 total:1) (PC: 0x100d4956c)
=>2533: exe, err = macho.NewFile(f)
(dlv) c
> [Breakpoint 3] github.com/go-delve/delve/service/debugger.verifyBinaryFormat() /Users/xxx/go/pkg/mod/github.com/go-delve/[email protected]/service/debugger/debugger.go:2543 (hits goroutine(1):1 total:1) (PC: 0x100d495ec)
2542: if err != nil {
=>2543: return "", api.ErrNotExecutable
(dlv) p err
error(*debug/macho.FormatError) *{
off: 0,
msg: "invalid magic number",
val: interface {} nil,}
咦,macho.NewFile 是不支持 Mach-O universal binary.
使用 lipo 获取 arm64 executable.
% lipo -thin arm64 hugo-un -output hugo-un-arm64
验证 magic number.
% xxd -g 1 -l 4 hugo-un
00000000: ca fe ba be
% xxd -g 1 -l 4 hugo-un-arm64
00000000: cf fa ed fe
IF: 在 0x01 先提取 arm64 executable
报错:Failed to launch: could not launch process: stub exited while waiting for connection: exit status 0
macOSTaskPolicy: (com.apple.debugserver) may not get the task control port of (hugo-arm64) (pid: 18840): (hugo-arm64) is hardened, (hugo-arm64) doesn't have get-task-allow, (com.apple.debugserver) is a declared debugger(com.apple.debugserver) is not a declared read-only debugger
还是要处理 entitlements.
0x05 调试 no debug info
Warning: no debug info found, some functionality will be missing such as stack traces and variable evaluation.
呃,无调试信息,从源码构建吧。
参考
- man taskgated(8)
- man codesign(1)
- Hardened Runtime
- Security entitlements
附录
debug_entitlements.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.allow-jit</key>
<true/>
<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
</dict>
</plist>