[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 14 20:43:54 UTC 2019
#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201907 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by mcs):
Kathy and I need to do more research, but here are some things we learned
so far.
Additional resources:
* https://stackoverflow.com/a/53121755/2517441 (assuming this answer is
accurate, it provides detailed steps we will need to execute).
* https://blog.zeplin.io/dev-journal-automate-notarizing-macos-apps-
94b0b144ba9d (provides a good overview of a command line approach to
notarization).
*
https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow
Some of the requirements, as specified by Apple's documentation:
* Link against the macOS 10.9 or later SDK (already done for Tor Browser).
* Notarization requires Xcode 10 or later (maybe simply because we need an
`xcrun` that supports the `altool`, and that first appeared in Xcode
10.0).
* Building a new app for notarization requires macOS 10.13.6 or later &
Xcode 10 (macOS 10.13.6 is required for Xcode 10.0).
* Stapling an app requires macOS 10.12 or later (but I guess we will have
macOS 10.13.16 or newer anyway).
* Enable code-signing for all of the executables you distribute (hopefully
we already do this).
* Use a Developer ID application, kernel extension, or installer
certificate for your code-signing signature (a Mac Distribution or local
development certificate will not work).
* Include a secure timestamp with your code-signing signature (which means
we need to include the `--timestamp` option when running the `codesign`
tool).
* Enable the Hardened Runtime capability for your app (how do we handle
entitlements?)
* Don't include the `com.apple.security.get-task-allow` entitlement with
the value set to any variation of true (again, how do we add entitlements
during our build process — if at all?)
The following Firefox bug includes at least one patch related to
entitlements, although the patches are for taskcluster and not core
Firefox code: https://bugzilla.mozilla.org/show_bug.cgi?id=1471004
It was suggested that we look at how Bitcoin Core is handling
notarization, but all we found so far is this open issue:
https://github.com/bitcoin/bitcoin/issues/15774
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list