[tbb-bugs] #26408 [Applications/Tor Browser]: Make MAR signature checks clearer when creating incremental MAR files

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 19 09:44:43 UTC 2018


#26408: Make MAR signature checks clearer when creating incremental MAR files
------------------------------------------+----------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-rbm
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 We have
 {{{
     # bug 26054: make sure previous macOS version is code signed
     if (($os eq 'osx64') && ! -f
 "$tmpdir/A/Contents/_CodeSignature/CodeResources") {
         exit_error "Missing code signature in $from_version while creating
 $mar_file";
     }
     if ($ENV{CHECK_CODESIGNATURE_EXISTS}) {
         unless (-f "$tmpdir/A/Contents/_CodeSignature/CodeResources"
             && -f "$tmpdir/B/Contents/_CodeSignature/CodeResources") {
             exit_error "Missing code signature while creating $mar_file";
         }
     }
 }}}
 checking twice whether essentially osx64 MAR files are signed. We should
 simplify that and be more verbose about why we are doing that and what the
 differences between both checks are. Otherwise this is easily confusing.

 For simplification, I guess we don't need two separate if-clauses, rather
 the `CHECK_CODESIGNATURE_EXISTS` one could be part of the first one, just
 checking for `$tmpdir/B/Contents/_CodeSignature/CodeResources` (as the
 first condition is already taken care of by the first if-clause).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26408>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list