[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 1 15:45:39 UTC 2019 

#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  task                                |         Status:  new
 Priority:  Very High                           |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201907  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:27 mcs]:
 > Replying to [comment:26 gk]:
 > > Alright: mcs/brade: could you give
 > >
 > > https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_3-osx64_en-US.dmg
 > > https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_3-osx64_en-US.dmg.asc
 > >
 > > a round of testing? I think I've fixed all the blockers for
 notarization in our build system now. making sure the whole bundle is
 still running (even on a system < 10.11) would be neat as well. :)
 >
 > The good news is that the notarization process works with that build.

 \o/

 > I am not sure it matters, but the following three files have different
 min OS version and SDK values in their mach-o headers:
 >  Tor Browser.app/Contents/MacOS/Tor/PluggableTransports/meek-client
 >  Tor Browser.app/Contents/MacOS/Tor/PluggableTransports/meek-client-
 torbrowser
 >  Tor Browser.app/Contents/MacOS/Tor/PluggableTransports/obfs4proxy
 > While all other binaries have min OS version 10.7 and SDK 10.11, the
 above three files have 10.9 and 10.9.

 That's expected with the switch to Go >= 1.12.6 and  is okay I think

 > We did find one blocker though: when we tested on a macOS 10.9.x system
 we experienced #26876 again. Since Tor Browser 9.0a4 does not have this
 problem, there must besome difference in how `tor.real` is built for your
 test builds.

 If you look at `bug_30126_v2` in my `tor-browser-build` dir you see the
 changes I am doing. For `tor.real` in particular I set `export
 MACOSX_DEPLOYMENT_TARGET=10.7`. _That_ alone should not cause this issue.
 A couple of possible options come to mind here: 1) We might need to set it
 earlier, that is before the configure step. 2) It's somehow caused by us
 setting the SDK option to 10.11 now.

 I suspect you get the same problem with the build 2 in comment:17?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list