Opened 6 months ago

#29815 new defect

Sign our macOS bundles on Linux

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I've wanted that for a long time and did not find an already open ticket, but we should leverage our hardened Linux box to sign our .dmg files as well, like we do for our .exe files. One part that makes it harder as the macOS signing is content signing while the authenticode signing is not. Another hard part is that there is no such thing as osslsigncode which we could use with (minimal) patching.

Or maybe there is? See: However, there is still (much) work to do, see:

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.