[tor-bugs] #18371 [Tor Browser]: TorBrowser.app.meek-http-helper symlinks incompatible with Gatekeeper signing

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 22 16:52:18 UTC 2016

#18371: TorBrowser.app.meek-http-helper symlinks incompatible with Gatekeeper
     Reporter:  mcs          |      Owner:  mcs
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:  #13252
       Points:               |    Sponsor:
 Experimentation shows that the symlink approach that we currently use to
 create a meek-specific "copy" of Tor Browser on Mac OS is not compatible
 with Apple's Gatekeeper code signing. Apple's codesign command complains
 about an invalid Info.plist because it is checking that the application
 binary (firefox) is where the Info.plist says it is and symlinks are
 apparently not traversed.

 One possible solution is to eliminate the TorBrowser.app.meek-http-helper
 linked app bundle and add support to firefox for a command line option
 that causes the application to run as a background app. See
 https://trac.torproject.org/projects/tor/ticket/11429#comment:8 for more

 Perhaps if we make the call to TransformProcessType() very early during
 firefox startup the problem that occurred before (dock icon appearing
 briefly during startup of the meek browser) will not occur. Another
 possibility is to change the Info.plist for Tor Browser so that the dock
 icon is hidden by default and then un-hide it when *not* running as the
 meek helper browser.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18371>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list