[tbb-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 11 07:50:38 UTC 2019
#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-security
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------
Notarization is a technique by Apple to make running apps on macOS more
secure to run. There a numerous parts to this and one can find more
details about that on:
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
Mozilla is tracking the work in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1470607
and there are a bunch of large pieces that still need to get solved on
their side, like enabling the Hardened Runtime and building with the 10.14
SDK.
However, at some point in the future apps won't run without that anymore
and the potential changes we need to made are probably considerable. Thus,
we should keep an eye on that and start thinking about which pieces of our
signing infrastructure need to get adapted. Questions could be:
1) Is it still enough to sign the builds on a 10.9 machine?
2) How do we integrate sending the apps to Apple to get their blessing
into our release process?
3) How does that system work with our plan to get rid of the Apple signing
machine and do the signing on Linux? (see: #29815)
I don't see this being relevant for ESR 68 but it might become so during
the transition to the ESR after that one (or for the regular release train
in case we'll start following that one instead).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list