Opened 4 weeks ago

Last modified 4 weeks ago

#32507 new defect

Move closer to the way Mozilla is signing macOS bundles

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-sign, GeorgKoppen201911
Cc: Actual Points:
Parent ID: #32504 Points:
Reviewer: Sponsor:

Description

Mozilla is using a bash script codesign.bash for signing macOS bundles. We should go over it and include the finer-grained signing (different entitlement files being used and sometimes entitlements are not even ready) into our setup.

(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1593071 for important changes to that bash script)

Child Tickets

Change History (1)

comment:1 Changed 4 weeks ago by gk

I think a good process could be to do this transition step-wise: first using what Mozilla did for ESR68 and including our non-browser pieces (not sure how they fit into the place yet). Then building on top of that the improvements Mozilla made since then.

Note: See TracTickets for help on using tickets.