[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29815 [Applications/Tor Browser]: Sign our macOS bundles on Linux



#29815: Sign our macOS bundles on Linux
------------------------------------------+----------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-rbm
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 I've wanted that for a long time and did not find an already open ticket,
 but we should leverage our hardened Linux box to sign our .dmg files as
 well, like we do for our .exe files. One part that makes it harder as the
 macOS signing is content signing while the authenticode signing is not.
 Another hard part is that there is no such thing as `osslsigncode` which
 we could use with (minimal) patching.

 Or maybe there is? See: https://github.com/saucelabs/isign. However, there
 is still (much) work to do, see:
 https://github.com/saucelabs/isign/issues/88.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29815>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs