Opened 4 weeks ago
Last modified 4 weeks ago
#32507 new defect
Move closer to the way Mozilla is signing macOS bundles
Reported by: | gk | Owned by: | tbb-team |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Normal | Keywords: | tbb-security, tbb-sign, GeorgKoppen201911 |
Cc: | Actual Points: | ||
Parent ID: | #32504 | Points: | |
Reviewer: | Sponsor: |
Description
Mozilla is using a bash script codesign.bash
for signing macOS bundles. We should go over it and include the finer-grained signing (different entitlement files being used and sometimes entitlements are not even ready) into our setup.
(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1593071 for important changes to that bash script)
Child Tickets
Note: See
TracTickets for help on using
tickets.
I think a good process could be to do this transition step-wise: first using what Mozilla did for ESR68 and including our non-browser pieces (not sure how they fit into the place yet). Then building on top of that the improvements Mozilla made since then.