[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 10 18:12:32 UTC 2019
#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201909 | Actual Points:
Parent ID: | Points: 2
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by mcs):
Replying to [comment:50 gk]:
> Okay, here comes the zipped up .app dir:
>
> https://people.torproject.org/~gk/testbuilds/tbb-30126.zip
> https://people.torproject.org/~gk/testbuilds/tbb-30126.zip.asc
Using this results in the same behavior (works fine on macOS 10.14.6,
Gatekeeper error on 10.15 beta).
> When I unzip the archive after doing all the codesigning things I just
end up with a `Contents` folder. I need to (re-)create `Tor Browser.app`
and move that one into it. Not sure whether that's expected. Another thing
I probably did differently: I looked at the `codesign.bash` file in
security/mac/hardenedruntime and used an adapted
> `ditto -c -k "${BUNDLE}" "${OUTPUT_ZIP_FILE}"` for zipping the bundle up
after signing but before notarization.
What did you submit to Apple? As described in comment:11, Kathy and I ran
the codesign command on `Tor Browser.app` and then we created a .zip that
contained `Tor Browser.app`, which we then submitted via the `xcrun altool
--notarize-app ...` command.
But I just realized there is a much bigger difference between what you are
doing and our earlier experiments: because we did not have ESR68 macOS
builds at that time, Kathy and I used an ESR60-based nightly build. We
will try to re-create our experiment using a current nightly build.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:51>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list