Opened 4 weeks ago
Last modified 4 weeks ago
#32507 new defect
Move closer to the way Mozilla is signing macOS bundles
| Reported by: | gk | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-security, tbb-sign, GeorgKoppen201911 |
| Cc: | Actual Points: | ||
| Parent ID: | #32504 | Points: | |
| Reviewer: | Sponsor: |
Description
Mozilla is using a bash script codesign.bash for signing macOS bundles. We should go over it and include the finer-grained signing (different entitlement files being used and sometimes entitlements are not even ready) into our setup.
(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1593071 for important changes to that bash script)
Child Tickets
Note: See
TracTickets for help on using
tickets.
I think a good process could be to do this transition step-wise: first using what Mozilla did for ESR68 and including our non-browser pieces (not sure how they fit into the place yet). Then building on top of that the improvements Mozilla made since then.