[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29815 [Applications/Tor Browser]: Sign our macOS bundles on Linux

To: undisclosed-recipients: ;
Subject: [tor-bugs] #29815 [Applications/Tor Browser]: Sign our macOS bundles on Linux
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 19 Mar 2019 14:24:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 19 Mar 2019 10:24:27 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29815: Sign our macOS bundles on Linux
------------------------------------------+----------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-rbm
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 I've wanted that for a long time and did not find an already open ticket,
 but we should leverage our hardened Linux box to sign our .dmg files as
 well, like we do for our .exe files. One part that makes it harder as the
 macOS signing is content signing while the authenticode signing is not.
 Another hard part is that there is no such thing as `osslsigncode` which
 we could use with (minimal) patching.

 Or maybe there is? See: https://github.com/saucelabs/isign. However, there
 is still (much) work to do, see:
 https://github.com/saucelabs/isign/issues/88.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29815>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #28563 [Core Tor/sbws]: Work out how sbws can report excluded relays in the bandwidth file
Next by Author: Re: [tor-bugs] #28802 [Applications/Tor Browser]: Integrate PTs and bridge support into Tor Browser for Android
Previous by thread: Re: [tor-bugs] #14389 [Applications/Tor Browser]: Improve TBB UI of hidden service client authorization
Next by thread: Re: [tor-bugs] #11660 [Core Tor/Tor]: Make tor_spawn_background and related interfaces work the same on windows and *nix
Index(es):
- Author
- Thread