[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 43245: Use separate entitlements for signing tor



Title: GitLab

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits:

  • c4fb2737
    by Nicolas Vigier at 2024-10-31T18:19:37+00:00
    Bug 43245: Use separate entitlements for signing tor
    
    Use a separate entitlements file for signing the tor binary, with
    `com.apple.security.cs.allow-unsigned-executable-memory` enabled.
    

2 changed files:

Changes:

  • tools/signing/macos-entitlements/tor.xml
    1
    +<?xml version="1.0" encoding="UTF-8"?>
    
    2
    +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    
    3
    +<!--
    
    4
    +     Entitlements to apply to the tor process executable.
    
    5
    +-->
    
    6
    +<plist version="1.0">
    
    7
    +  <dict>
    
    8
    +    <!-- tor needs this when connecting to PoW onion-services.
    
    9
    +         See tor-browser#43250 and tor#40988 -->
    
    10
    +    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>
    
    11
    +
    
    12
    +    <!-- Allow loading third party libraries to support pkcs11 modules -->
    
    13
    +    <key>com.apple.security.cs.disable-library-validation</key><true/>
    
    14
    +
    
    15
    +    <key>com.apple.security.cs.allow-jit</key><true/>
    
    16
    +  </dict>
    
    17
    +</plist>

  • tools/signing/wrappers/sign-rcodesign-128
    ... ... @@ -82,6 +82,7 @@ $rcodesign sign \
    82 82
       --code-signature-flags Contents/Frameworks/ChannelPrefs.framework:runtime \
    
    83 83
       --code-signature-flags Contents/MacOS/plugin-container.app:runtime \
    
    84 84
       --code-signature-flags Contents/MacOS/media-plugin-helper.app:runtime \
    
    85
    +  --entitlements-xml-path Contents/MacOS/Tor/tor:/signing/tor-browser-build/tools/signing/macos-entitlements/tor.xml \
    
    85 86
       --entitlements-xml-path Contents/MacOS/plugin-container.app:/signing/tor-browser-build/tools/signing/macos-entitlements/plugin-container.xml \
    
    86 87
       --entitlements-xml-path Contents/MacOS/media-plugin-helper.app:/signing/tor-browser-build/tools/signing/macos-entitlements/media-plugin-helper.xml \
    
    87 88
       --entitlements-xml-path /signing/tor-browser-build/tools/signing/macos-entitlements/firefox.browser.xml \
    

  • _______________________________________________
    tor-commits mailing list
    tor-commits@xxxxxxxxxxxxxxxxxxxx
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits