[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 17 07:56:06 UTC 2019 

#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  task                                |         Status:  new
 Priority:  Very High                           |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201908  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:32 mcs]:
 > Replying to [comment:31 gk]:
 > > Alright: mcs/brade how does:
 > >
 > > https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_4-osx64_en-US.dmg
 > > https://people.torproject.org/~gk/testbuilds/TorBrowser-tbb-nightly-
 30126_4-osx64_en-US.dmg.asc
 >
 > That build fixes the problem with `tor.real`. With tor working, we could
 test further on macOS 10.9. Unfortunately, meek is not working. Trying to
 exec `meek-client-torbrowser` shows:
 > {{{
 >  dyld: Symbol not found: _unlinkat
 >   Referenced from: .../Tor
 Browser.app/Contents/MacOS/./Tor/PluggableTransports/meek-client-
 torbrowser
 >   Expected in: flat namespace
 > }}}
 >
 > According to the unlink/unlinkat man page on macOS 10.14, "The
 unlinkat() system call appeared in OS X 10.10."

 Okay, I am not convinced yet this is caused by the potential changes
 making notarization possible. mcs/brade: If I am reading your comments
 right, you did _not_ test whether `meek` as we ship it in 9.0a4 works on
 your 10.9 system? If so, could you do that just to be sure whether the
 above problem is actually a new bug caused by my patch?

 I suspect the underlying problem is a change in Go 1.12 where Go is
 starting to use `libSystem.dylib` etc. for syscalls:
 https://github.com/golang/go/issues/17490. But in that case we should hit
 the issue in our already existing bundles. (The mac-ports folks had to
 work around that e.g. in https://trac.macports.org/ticket/58138).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list