[tor-qa] Testing an OS X code-signed bundle
Wilton Gorske
wilton at riseup.net
Fri Apr 15 13:59:25 UTC 2016
Hi,
I tried all options and these were the results (screenshots also attached):
Testing: torbrowser-signing-test.dmg
Platform: Mac OS X 10.11.4 (15E65)
——————————————————————————————————————————
Allow apps download from: Mac App Store
“TorBrowser.app” can’t be opened because it was not downloaded from the
Mac App Store.
Your security preferences allow installation of only apps from the Mac
App Store.
“TorBrowser.app” is on the disk image “torbrowser-signing-test.dmg”.
Firefox.app downloaded this disk image today at 09:45.
[ok]
——————————————————————————————————————————
Allow apps download from: Mac App Store and identified developers
“TorBrowser.app” is an application downloaded from the Internet. Are you
sure you want to open it?
“TorBrowser.app” is on the disk image “torbrowser-signing-test.dmg”.
Firefox.app downloaded this disk image today at 09:45.
[checkbox] Don’t warn me when opening applications on this disk image
[cancel] [show disk image] [open]
——————————————————————————————————————————
Allow apps download from: Anywhere
“TorBrowser.app” is an application downloaded from the Internet. Are you
sure you want to open it?
“TorBrowser.app” is on the disk image “torbrowser-signing-test.dmg”.
Firefox.app downloaded this disk image today at 09:45.
[checkbox] Don’t warn me when opening applications on this disk image
[cancel] [show disk image] [open]
——————————————————————————————————————————
Best,
Wilton
Georg Koppen:
> Hi,
>
> after spending a lot of time and energy in getting all the bits
> correctly assembled we now think we have a properly[1] signed OS X
> bundle that should pass the Gatekeeper test:
>
> https://people.torproject.org/~gk/testbuilds/torbrowser-signing-test.dmg
> https://people.torproject.org/~gk/testbuilds/torbrowser-signing-test.dmg.asc
>
> If you happen to own an OS X with Gatekeeper enabled, please give it a
> try and report back if things are working fine or a broken.
>
> Thanks,
>
> Georg
>
> [1] There is one caveat: the bundle is not timestamped at the moment.
> But that should not impact the validity of the signature until the
> certificate is expired.
>
>
>
> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-04-15 at 09.48.31.png
Type: image/png
Size: 157773 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160415/2112289d/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-04-15 at 09.48.49.png
Type: image/png
Size: 155430 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160415/2112289d/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-04-15 at 09.49.47.png
Type: image/png
Size: 310163 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160415/2112289d/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160415/2112289d/attachment-0001.sig>
More information about the tor-qa
mailing list