Opened 16 months ago

#26408 new enhancement

Make MAR signature checks clearer when creating incremental MAR files

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm
Cc: boklm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We have

    # bug 26054: make sure previous macOS version is code signed
    if (($os eq 'osx64') && ! -f "$tmpdir/A/Contents/_CodeSignature/CodeResources") {
        exit_error "Missing code signature in $from_version while creating $mar_file";
    }
    if ($ENV{CHECK_CODESIGNATURE_EXISTS}) {
        unless (-f "$tmpdir/A/Contents/_CodeSignature/CodeResources"
            && -f "$tmpdir/B/Contents/_CodeSignature/CodeResources") {
            exit_error "Missing code signature while creating $mar_file";
        }
    }

checking twice whether essentially osx64 MAR files are signed. We should simplify that and be more verbose about why we are doing that and what the differences between both checks are. Otherwise this is easily confusing.

For simplification, I guess we don't need two separate if-clauses, rather the CHECK_CODESIGNATURE_EXISTS one could be part of the first one, just checking for $tmpdir/B/Contents/_CodeSignature/CodeResources (as the first condition is already taken care of by the first if-clause).

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.