[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 11 07:56:57 UTC 2019
#30126: Make Tor Browser on macOS compatible with Apple's notarization
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Description changed by gk:
Old description:
> Notarization is a technique by Apple to make running apps on macOS more
> secure to run. There a numerous parts to this and one can find more
> details about that on:
>
> https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
>
> Mozilla is tracking the work in:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1470607
>
> and there are a bunch of large pieces that still need to get solved on
> their side, like enabling the Hardened Runtime and building with the
> 10.14 SDK.
>
> However, at some point in the future apps won't run without that anymore
> and the potential changes we need to made are probably considerable.
> Thus, we should keep an eye on that and start thinking about which pieces
> of our signing infrastructure need to get adapted. Questions could be:
>
> 1) Is it still enough to sign the builds on a 10.9 machine?
> 2) How do we integrate sending the apps to Apple to get their blessing
> into our release process?
> 3) How does that system work with our plan to get rid of the Apple
> signing machine and do the signing on Linux? (see: #29815)
>
> I don't see this being relevant for ESR 68 but it might become so during
> the transition to the ESR after that one (or for the regular release
> train in case we'll start following that one instead).
New description:
Notarization is a technique by Apple to make apps on macOS more secure to
run. There a numerous parts to this and one can find more details about
that on:
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution
Mozilla is tracking the work in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1470607
and there are a bunch of large pieces that still need to get solved on
their side, like enabling the Hardened Runtime and building with the 10.14
SDK.
However, at some point in the future apps won't run without that anymore
and the potential changes we need to made are probably considerable. Thus,
we should keep an eye on that and start thinking about which pieces of our
signing infrastructure need to get adapted. Questions could be:
1) Is it still enough to sign the builds on a 10.9 machine?
2) How do we integrate sending the apps to Apple to get their blessing
into our release process?
3) How does that system work with our plan to get rid of the Apple signing
machine and do the signing on Linux? (see: #29815)
I don't see this being relevant for ESR 68 but it might become so during
the transition to the ESR after that one (or for the regular release train
in case we'll start following that one instead).
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list