[tor-bugs] #26408 [Applications/Tor Browser]: Make MAR signature checks clearer when creating incremental MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 19 09:44:43 UTC 2018
#26408: Make MAR signature checks clearer when creating incremental MAR files
------------------------------------------+----------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-rbm
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
We have
{{{
# bug 26054: make sure previous macOS version is code signed
if (($os eq 'osx64') && ! -f
"$tmpdir/A/Contents/_CodeSignature/CodeResources") {
exit_error "Missing code signature in $from_version while creating
$mar_file";
}
if ($ENV{CHECK_CODESIGNATURE_EXISTS}) {
unless (-f "$tmpdir/A/Contents/_CodeSignature/CodeResources"
&& -f "$tmpdir/B/Contents/_CodeSignature/CodeResources") {
exit_error "Missing code signature while creating $mar_file";
}
}
}}}
checking twice whether essentially osx64 MAR files are signed. We should
simplify that and be more verbose about why we are doing that and what the
differences between both checks are. Otherwise this is easily confusing.
For simplification, I guess we don't need two separate if-clauses, rather
the `CHECK_CODESIGNATURE_EXISTS` one could be part of the first one, just
checking for `$tmpdir/B/Contents/_CodeSignature/CodeResources` (as the
first condition is already taken care of by the first if-clause).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26408>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list