Opened 4 weeks ago

Closed 4 weeks ago

Last modified 5 days ago

#31465 closed defect (fixed)

Adapt tor-browser-build projects for macOS notarization

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-rbm, TorBrowserTeam201908R, GeorgKoppen201908
Cc: mcs, brade, boklm, dcf Actual Points:
Parent ID: #30126 Points:
Reviewer: Sponsor:

Description

There are three issues that need to get solved

1) We need to specify the version in the sysrootdir, SDK is not enough as in this case the fallback to 10.6 is used which is too old (we need at least 10.9) (comment:16:ticket:30126)

2) We need to set MACOSX_DEPLOYMENT_TARGET for e.g. tor to 10.7 (to make sure it's not 10.11 which might be bad given that all the other binaries report 10.7) (comment:20:ticket:30126)

3) Bump the Go version to at least 1.12.6 to pick up notarization related fixed (comment:24:ticket:30126)

Child Tickets

Change History (7)

comment:1 Changed 4 weeks ago by gk

Keywords: TorBrowserTeam201908R GeorgKoppen201908 added; TorBrowserTeam201908 removed
Status: newneeds_review

bug_31465 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/log/?h=bug_31465) in my public tor-browser-build dir has three patches corresponding to the above mentioned three issues up for review. I push a branch shortly that is based on top of #30323 to make testing easier.

comment:2 Changed 4 weeks ago by gk

Okay, bug_31465_v2 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/log/?h=bug_31465_v2) is based and adapted on top of bug_30323_v2 for better testing.

comment:3 Changed 4 weeks ago by gk

bug_31465_v3 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/log/?h=bug_31465_v3) is actually the branch you want to have for review as I forgot to adapt the build script the macosx-toolchain while rebasing.

comment:4 Changed 4 weeks ago by boklm

The patches for 1) and 3) look good to me. I cherry-picked them on master as commits e5c707ff79b3e0191e0c2e1065c5df09cd584895 and e9ff8677a5ab59325bcf435fa92e06ba73d67f2f.

For 2) I suggest the following fixup, following related changes in #30323:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_31465&id=0be0e0461475a29b5c01ad3b841030633c345179

comment:5 Changed 4 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks, looks good. Merged with master in commit 039f83d716b5050d6faeda8e1bbce3a674a9f2d.

comment:6 Changed 4 weeks ago by gk

Keywords: tbb-backport added

comment:7 Changed 5 days ago by gk

Keywords: tbb-backport removed

Apple seems to have relaxed the notarization requirements so that we don't need that backport anymore for our hopefully last esr60-based browser release.

Note: See TracTickets for help on using tickets.