[tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 14 20:43:54 UTC 2019 

#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  task                                |         Status:  new
 Priority:  Very High                           |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201907  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by mcs):

 Kathy and I need to do more research, but here are some things we learned
 so far.

 Additional resources:
 * https://stackoverflow.com/a/53121755/2517441 (assuming this answer is
 accurate, it provides detailed steps we will need to execute).
 * https://blog.zeplin.io/dev-journal-automate-notarizing-macos-apps-
 94b0b144ba9d (provides a good overview of a command line approach to
 notarization).
 *
 https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/customizing_the_notarization_workflow

 Some of the requirements, as specified by Apple's documentation:
 * Link against the macOS 10.9 or later SDK (already done for Tor Browser).
 * Notarization requires Xcode 10 or later (maybe simply because we need an
 `xcrun` that supports the `altool`, and that first appeared in Xcode
 10.0).
 * Building a new app for notarization requires macOS 10.13.6 or later &
 Xcode 10 (macOS 10.13.6 is required for Xcode 10.0).
 * Stapling an app requires macOS 10.12 or later (but I guess we will have
 macOS 10.13.16 or newer anyway).
 * Enable code-signing for all of the executables you distribute (hopefully
 we already do this).
 * Use a Developer ID application, kernel extension, or installer
 certificate for your code-signing signature (a Mac Distribution or local
 development certificate will not work).
 * Include a secure timestamp with your code-signing signature (which means
 we need to include the `--timestamp` option when running the `codesign`
 tool).
 * Enable the Hardened Runtime capability for your app (how do we handle
 entitlements?)
 * Don't include the `com.apple.security.get-task-allow` entitlement with
 the value set to any variation of true (again, how do we add entitlements
 during our build process — if at all?)

 The following Firefox bug includes at least one patch related to
 entitlements, although the patches are for taskcluster and not core
 Firefox code: https://bugzilla.mozilla.org/show_bug.cgi?id=1471004

 It was suggested that we look at how Bitcoin Core is handling
 notarization, but all we found so far is this open issue:
 https://github.com/bitcoin/bitcoin/issues/15774

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list