[tbb-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 10 16:04:16 UTC 2019
#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201909 | Actual Points:
Parent ID: | Points: 2
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by mcs):
Replying to [comment:48 gk]:
> Okay, mcs/brade: What about:
>
> https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
osx64_en-US_30126_signed.dmg
> https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
osx64_en-US_30126_signed.dmg.asc
>
> It works on the 10.14 system I have and Gatekepper is telling me that
Apple checked our package for malware (and did not find any !11!).
As I mentioned on IRC, when we use the above build we are blocked by
Gatekeeper on macOS 10.15 beta 7 (but everything is OK on 10.14.6). I will
attach a screenshot of the error we see.
Another data point is the nightly build that Kathy and I notarized a few
weeks ago using our own Apple developer identity works fine on both OS
versions,and so does Firefox 68.1.0 ESR.
I wonder if there is some difference in the process you used that is
breaking things? For example, Kathy and I did not create a DMG after
notarizing a zipped up copy of Tor Browser.app.
Nearly all of the command line checks we have tried indicate that
everything is OK, e.g.,
{{{
% codesign -vvv --deep --strict ./Tor\ Browser.app
...
./Tor Browser.app: valid on disk
./Tor Browser.app: satisfies its Designated Requirement
% spctl -vvv --assess --type exec ./Tor\ Browser.app/
./Tor Browser.app/: accepted
source=Notarized Developer ID
origin=Developer ID Application: The Tor Project, Inc (MADPSAYN6T)
% codesign -dvv ./Tor\ Browser.app
Executable=/Applications/Tor Browser.app/Contents/MacOS/firefox
Identifier=org.torproject.torbrowser
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20500 size=421 flags=0x10000(runtime) hashes=4+5
location=embedded
Signature size=9022
Authority=Developer ID Application: The Tor Project, Inc (MADPSAYN6T)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Sep 10, 2019 at 7:07:40 AM
Info.plist entries=27
TeamIdentifier=MADPSAYN6T
Runtime Version=10.11.0
Sealed Resources version=2 rules=13 files=130
Internal requirements count=1 size=188
% xcrun stapler validate ./Tor\ Browser.app
Processing: /Applications/Tor Browser.app
The validate action worked!
}}}
There is one command variant which fails; compare these two (`--type exec`
vs. `--type open`):
{{{
% spctl -vvvv --assess --type exec --context context:primary-signature
Tor\ Browser.app
Tor Browser.app: accepted
source=Notarized Developer ID
origin=Developer ID Application: The Tor Project, Inc (MADPSAYN6T)
% spctl -vvvv --assess --type open --context context:primary-signature
Tor\ Browser.app
Tor Browser.app: rejected
source=Unnotarized Developer ID
origin=Developer ID Application: The Tor Project, Inc (MADPSAYN6T)
}}}
With the .app that Kathy and I notarized, both of these commands succeed.
I am not sure if this is an important difference, but it is the only one
we have found so far.
There must be some step that we missed. I assume you included the
entitlements file? Can you give us the zipped up Tor Browser.app to try
(i.e., no .dmg processing)?
Other ideas?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:49>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list