[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 30 06:24:26 UTC 2019 

#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  task                                |         Status:  new
 Priority:  Very High                           |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201907  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:16 mcs]:

 [snip]

 > Kathy and I looked at the cctools code, and maybe the problem is that
 the SDK version is not defaulting to the correct value. There is code to
 pick it up from the SDK path, but our SDK path is just `SDK/`. Search for
 `if -sdk_version not on command line, infer from -syslibroot` within
 https://github.com/tpoechtrager/cctools-
 port/blob/8e9c3f2506b51cf56725eaa60b6e90e240e249ca/cctools/ld64/src/ld/Options.cpp
 to see the relevant code.
 >
 > One solution is to leave our SDK directory name as `MacOSX10.11.sdk`. An
 alternative is to add `-sdk_version 10.11` to the ld command.

 Thanks for the investigation! I think I have a fix for that which follows
 Mozilla leaving the SDK directory name as `MacOSX10.11.sdk`:

 https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_2-osx64_en-US.dmg
 https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_2-osx64_en-US.dmg.asc

 Is Apple happier with that one? (Note: that's without the patch for bug
 1270217 which we might need as well) If we are good I'll open a child bug
 just for the SDK issue and get that one fixed there.

 > By the way, we could not find an open source tool that dumps mach-o
 header fields like the macOS `otool` and `objdump` commands can.

 That would be unfortunate, so I looked a bit around. It turns out that you
 are already building such a tool while building the macOS bundles :) :
 `x86_64-apple-darwin11-otool` (and a bunch of similar tools) gets built
 when assembling the `macosx-toolchain` and works for me for the purposes
 at hand (you need to put the path to `clang/lib` into `LD_LIBRARY_PATH` to
 find `libc++abi.so.1`).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list