[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40858: Add a script for MacOS to selfsign an unsigned browser (so it can run on ARM Mx macs)

Title: GitLab

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

  • 96045df2
    by Dan Ballard at 2023-05-29T08:02:10+00:00 
    Bug 40858: Add a script for MacOS to selfsign an unsigned browser (so it can run on ARM Mx macs)

1 changed file:

Changes:

  • tools/browser-self-sign-macos.sh
    1 
    +#!/bin/bash
    2 
    +
    3 
    +CERTNAME=my-codesign-cert-tor
    4 
    +BROWSERPATH=.
    5 
    +
    6 
    +if [ $# -ge 1 ]
    7 
    +then
    8 
    +  BROWSERPATH=$1
    9 
    +fi
    10 
    +
    11 
    +
    12 
    +security find-certificate -c $CERTNAME > /dev/null
    13 
    +
    14 
    +if [ $? -ne 0 ]
    15 
    +then
    16 
    +  echo ""
    17 
    +  echo "ERROR: Self Signing Certificate not found, please create:"
    18 
    +  echo "  1. In the Keychain Access app on your Mac, choose Keychain Access > Certificate Assistant > Create a Certificate."
    19 
    +  echo "  2. Enter the name '$CERTNAME' for the certificate"
    20 
    +  echo "  3. Choose an identity type:  Self Signed Root"
    21 
    +  echo "  4. Certificate Type > Code Signing"
    22 
    +  echo "  5. Check 'Let me override defaults' & click Continue."
    23 
    +  echo "  6. Enter a unique Serial Number. (123 is fine)"
    24 
    +  echo "  7. Enter a big Validity Period (days), like 3560 & click Continue."
    25 
    +  echo "  8. Fill in your personal information & click Continue."
    26 
    +  echo "  9. Accept defaults for the rest of the dialog boxes. (Continue several times)"
    27 
    +  echo "  10. Certificate Created! Click Done."
    28 
    +  echo ""
    29 
    +  echo "For additional help see:"
    30 
    +  echo "  https://support.apple.com/en-ca/guide/keychain-access/kyca8916/mac"
    31 
    +  echo "  https://stackoverflow.com/questions/58356844/what-are-the-ways-or-technologies-to-sign-an-executable-application-file-in-mac"
    32 
    +
    33 
    +  echo ""
    34 
    +  read -n 1 -r -s -p $'Press enter to launch "Keychain Access"...\n'
    35 
    +  open /System/Applications/Utilities/Keychain\ Access.app
    36 
    +
    37 
    +  exit -1
    38 
    +fi
    39 
    +
    40 
    +echo "Found $CERTNAME, looking for browser to sign..."
    41 
    +
    42 
    +if [ ! -f "$BROWSERPATH/XUL" ]
    43 
    +then
    44 
    +  TESTPATH="$BROWSERPATH/Contents/MacOS"
    45 
    +  if [ -f "$TESTPATH/XUL" ]
    46 
    +  then
    47 
    +      BROWSERPATH=$TESTPATH
    48 
    +  else
    49 
    +    echo "Error: browser files not detected in $BROWSERPATH!"
    50 
    +    echo "  This script needs to be run in the 'Contents/MacOS' directory of a SomeBrowser.app directory"
    51 
    +    exit -1
    52 
    +  fi
    53 
    +fi
    54 
    +
    55 
    +echo "Mozilla based browser found, signing..."
    56 
    +echo '  Will be asked for password to certificate for all the things that need to be signed. Click "Always Allow" to automate'
    57 
    +
    58 
    +cd "$BROWSERPATH"
    59 
    +
    60 
    +codesign -s $CERTNAME *.dylib
    61 
    +codesign -s $CERTNAME plugin-container.app
    62 
    +
    63 
    +if [ -d Tor ]
    64 
    +then
    65 
    +  codesign -s $CERTNAME Tor/PluggableTransports/*
    66 
    +  codesign -s $CERTNAME Tor/libevent-2.1.7.dylib
    67 
    +  if [ -f Tor/tor.real ]
    68 
    +  then
    69 
    +    codesign -s $CERTNAME Tor/tor.real
    70 
    +  fi
    71 
    +  if [ -f Tor/tor ]
    72 
    +  then
    73 
    +    codesign -s $CERTNAME Tor/tor
    74 
    +  fi
    75 
    +fi
    76 
    +
    77 
    +codesign -s $CERTNAME XUL
    78 
    +
    79 
    +if [ -d updater.app ]
    80 
    +then
    81 
    +  codesign -s $CERTNAME updater.app
    82 
    +fi
    83 
    +
    84 
    +# mullvadbrowser
    85 
    +if [ -f mullvadbrowser ]
    86 
    +then
    87 
    +  codesign -s $CERTNAME mullvadbrowser
    88 
    +fi
    89 
    +
    90 
    +# BB or TB
    91 
    +if [ -f firefox ]
    92 
    +then
    93 
    +  codesign -s $CERTNAME firefox
    94 
    +fi
    95 
    +
    96 
    +echo ""
    97 
    +echo "Browser signing step done!"
    98 
    +echo ""
    99 
    +
    100 
    +echo "App still needs one more override to be easily opened with double click in Finder"
    101 
    +echo "Alternatively you can right click it, select 'Open' and then select 'Open' from the override popup"
    102 
    +echo "Or to enable it to be double clicked to open perform the following"
    103 
    +echo ""
    104 
    +echo "Double click the app and select either 'Ok' or 'Cancel' from the warning popup depending on which you get (Do Not 'Move to Trash')"
    105 
    +echo 'Go to Preferences -> Security & Privacy and click on padlock to allow changes. '
    106 
    +echo '  Then in "Allow appications downloaded from" select either:'
    107 
    +echo '    - App Store and identified developers'
    108 
    +echo '    - Anywhere'
    109 
    +echo '  Below that may be a notice about your specific app saying it was blocked because it was not from an identified developer. Click "Open Anyways" and "Open"'
    110 
    +


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.torproject.org. Manage all notifications · Help 

    _______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits