[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 15 15:00:43 UTC 2014
#13379: Sign our MAR files
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-security,
Browser | TorBrowserTeam201412,TorBrowserTeam201412R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Replying to [comment:38 gk]:
> This one looks good to me. Just one question: Why do we need the changes
in cryptox.h? I was under the impression we have `MAR_NSS` defined anyway
and thus there is no risk we would enter the `#elif XP_MACOSX` and `#elif
defined(XP_WIN)` blocks.
Just paranoia. Indeed, we should not be using any code in those blocks.
> I think I am going to test the MAR signing a bit. What scenarios did
your testing already cover?
We tested a variety of scenarios as we worked on signing. With the most
recent code, we built a 4.5-alpha-2-ish build using the gitian-based
process (embedding the certificate I described in comment:36) and ran the
resulting builds on Mac OS 10.8.5, an old Fedora Linux32 system, and Win7.
To force an update, we modified the .htaccess file on a test update server
of ours.
We tested that unsigned MARs were rejected.
We tested that signed MARs were accepted.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list