[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #26408 [Applications/Tor Browser]: Make MAR signature checks clearer when creating incremental MAR files
#26408: Make MAR signature checks clearer when creating incremental MAR files
------------------------------------------+----------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-rbm
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
We have
{{{
# bug 26054: make sure previous macOS version is code signed
if (($os eq 'osx64') && ! -f
"$tmpdir/A/Contents/_CodeSignature/CodeResources") {
exit_error "Missing code signature in $from_version while creating
$mar_file";
}
if ($ENV{CHECK_CODESIGNATURE_EXISTS}) {
unless (-f "$tmpdir/A/Contents/_CodeSignature/CodeResources"
&& -f "$tmpdir/B/Contents/_CodeSignature/CodeResources") {
exit_error "Missing code signature while creating $mar_file";
}
}
}}}
checking twice whether essentially osx64 MAR files are signed. We should
simplify that and be more verbose about why we are doing that and what the
differences between both checks are. Otherwise this is easily confusing.
For simplification, I guess we don't need two separate if-clauses, rather
the `CHECK_CODESIGNATURE_EXISTS` one could be part of the first one, just
checking for `$tmpdir/B/Contents/_CodeSignature/CodeResources` (as the
first condition is already taken care of by the first if-clause).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26408>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs