Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

1 changed file:

Changes:

  • tools/browser-self-sign-macos.sh
    1
    +#!/bin/bash
    
    2
    +
    
    3
    +CERTNAME=my-codesign-cert-tor
    
    4
    +BROWSERPATH=.
    
    5
    +
    
    6
    +if [ $# -ge 1 ]
    
    7
    +then
    
    8
    +  BROWSERPATH=$1
    
    9
    +fi
    
    10
    +
    
    11
    +
    
    12
    +security find-certificate -c $CERTNAME > /dev/null
    
    13
    +
    
    14
    +if [ $? -ne 0 ]
    
    15
    +then
    
    16
    +  echo ""
    
    17
    +  echo "ERROR: Self Signing Certificate not found, please create:"
    
    18
    +  echo "  1. In the Keychain Access app on your Mac, choose Keychain Access > Certificate Assistant > Create a Certificate."
    
    19
    +  echo "  2. Enter the name '$CERTNAME' for the certificate"
    
    20
    +  echo "  3. Choose an identity type:  Self Signed Root"
    
    21
    +  echo "  4. Certificate Type > Code Signing"
    
    22
    +  echo "  5. Check 'Let me override defaults' & click Continue."
    
    23
    +  echo "  6. Enter a unique Serial Number. (123 is fine)"
    
    24
    +  echo "  7. Enter a big Validity Period (days), like 3560 & click Continue."
    
    25
    +  echo "  8. Fill in your personal information & click Continue."
    
    26
    +  echo "  9. Accept defaults for the rest of the dialog boxes. (Continue several times)"
    
    27
    +  echo "  10. Certificate Created! Click Done."
    
    28
    +  echo ""
    
    29
    +  echo "For additional help see:"
    
    30
    +  echo "  https://support.apple.com/en-ca/guide/keychain-access/kyca8916/mac"
    
    31
    +  echo "  https://stackoverflow.com/questions/58356844/what-are-the-ways-or-technologies-to-sign-an-executable-application-file-in-mac"
    
    32
    +  
    
    33
    +  echo ""
    
    34
    +  read -n 1 -r -s -p $'Press enter to launch "Keychain Access"...\n'
    
    35
    +  open /System/Applications/Utilities/Keychain\ Access.app
    
    36
    +
    
    37
    +  exit -1
    
    38
    +fi
    
    39
    +
    
    40
    +echo "Found $CERTNAME, looking for browser to sign..."
    
    41
    +
    
    42
    +if [ ! -f "$BROWSERPATH/XUL" ]
    
    43
    +then
    
    44
    +  TESTPATH="$BROWSERPATH/Contents/MacOS"
    
    45
    +  if [ -f "$TESTPATH/XUL" ]
    
    46
    +  then
    
    47
    +      BROWSERPATH=$TESTPATH
    
    48
    +  else
    
    49
    +    echo "Error: browser files not detected in $BROWSERPATH!"
    
    50
    +    echo "  This script needs to be run in the 'Contents/MacOS' directory of a SomeBrowser.app directory"
    
    51
    +    exit -1
    
    52
    +  fi
    
    53
    +fi
    
    54
    +
    
    55
    +echo "Mozilla based browser found, signing..."
    
    56
    +echo '  Will be asked for password to certificate for all the things that need to be signed. Click "Always Allow" to automate'
    
    57
    +
    
    58
    +cd "$BROWSERPATH"
    
    59
    +
    
    60
    +codesign -s $CERTNAME *.dylib
    
    61
    +codesign -s $CERTNAME plugin-container.app
    
    62
    +
    
    63
    +if [ -d Tor ]
    
    64
    +then
    
    65
    +  codesign -s $CERTNAME Tor/PluggableTransports/*
    
    66
    +  codesign -s $CERTNAME Tor/libevent-2.1.7.dylib
    
    67
    +  if [ -f Tor/tor.real ]
    
    68
    +  then
    
    69
    +    codesign -s $CERTNAME Tor/tor.real
    
    70
    +  fi
    
    71
    +  if [ -f Tor/tor ]
    
    72
    +  then
    
    73
    +    codesign -s $CERTNAME Tor/tor
    
    74
    +  fi
    
    75
    +fi
    
    76
    +
    
    77
    +codesign -s $CERTNAME XUL
    
    78
    +
    
    79
    +if [ -d updater.app ]
    
    80
    +then
    
    81
    +  codesign -s $CERTNAME updater.app
    
    82
    +fi
    
    83
    +
    
    84
    +# mullvadbrowser
    
    85
    +if [ -f mullvadbrowser ]
    
    86
    +then
    
    87
    +  codesign -s $CERTNAME mullvadbrowser
    
    88
    +fi
    
    89
    +
    
    90
    +# BB or TB
    
    91
    +if [ -f firefox ]
    
    92
    +then
    
    93
    +  codesign -s $CERTNAME firefox
    
    94
    +fi
    
    95
    +
    
    96
    +echo ""
    
    97
    +echo "Browser signing step done!"
    
    98
    +echo ""
    
    99
    +
    
    100
    +echo "App still needs one more override to be easily opened with double click in Finder"
    
    101
    +echo "Alternatively you can right click it, select 'Open' and then select 'Open' from the override popup"
    
    102
    +echo "Or to enable it to be double clicked to open perform the following"
    
    103
    +echo ""
    
    104
    +echo "Double click the app and select either 'Ok' or 'Cancel' from the warning popup depending on which you get (Do Not 'Move to Trash')"
    
    105
    +echo 'Go to Preferences -> Security & Privacy and click on padlock to allow changes. '
    
    106
    +echo '  Then in "Allow appications downloaded from" select either:'
    
    107
    +echo '    - App Store and identified developers'
    
    108
    +echo '    - Anywhere'
    
    109
    +echo '  Below that may be a notice about your specific app saying it was blocked because it was not from an identified developer. Click "Open Anyways" and "Open"'
    
    110
    +