#30126: Make Tor Browser on macOS compatible with Apple's notarization ------------------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security, TorBrowserTeam201909 | Actual Points: Parent ID: | Points: 2 Reviewer: | Sponsor: ------------------------------------------------+--------------------------
Comment (by mcs): Replying to [comment:51 mcs]: > But I just realized there is a much bigger difference between what you are doing and our earlier experiments: because we did not have ESR68 macOS builds at that time, Kathy and I used an ESR60-based nightly build. We will try to re-create our experiment using a current nightly build. I did the ESR68-based experiment using browser bits that I extracted from your comment:48 build. My notarized and stapled `Tor Browser.app` opens correctly on macOS 10.15. I used the entitlements file from https://gitweb.torproject.org/tor- browser.git/plain/security/mac/hardenedruntime/production.entitlements.xml?h =tor-browser-68.1.0esr-9.0-2-build2 In detail, here are the steps I followed (all on a macOS 10.14.6 computer): Opened your .dmg in Finder and copied Tor Browser.app to a new folder. Removed your signatures: {{{ rm -rf Tor\ Browser.app/Contents/CodeResources Tor\ Browser.app/Contents/_CodeSignature }}} Signed it and created `tb.zip` which contains `Tor Browser.app` at the top level: {{{ CERT="Developer ID Application: Pearl Crescent LLC (Z4N9W47D2U)" ENTITLEMENTS=entitlements/production.entitlements.xml codesign -vvv --deep -o runtime --entitlements "$ENTITLEMENTS" \ --timestamp -f -s "$CERT" "Tor Browser.app/" zip -qr tb.zip "Tor Browser.app" }}} Submitted the zip file for notarization: {{{ BUNDLEID="org.torproject.torbrowser" xcrun altool --notarize-app -t osx -f tb.zip --primary-bundle-id "$BUNDLEID" \ -u REDACTED -p @env:PW --output-format xml }}} Checked status until it was done: {{{ xcrun altool --notarization-info GUID \ -u REDACTED -p @env:PW --output-format xml }}} Stapled the notarization ticket to the app bundle and created a new zip file: {{{ xcrun stapler staple Tor\ Browser.app zip -r tb-stapled.zip Tor\ Browser.app }}} Then I put `tb-stapled.zip` on an HTTP server and downloaded it to macOS for testing. There were three things that surprised me on macOS 10.15: 1. The "Tor Browser is an app downloaded from the Internet. Are you sure you want to open it?" prompt did not mention that the app had been checked by Apple for malicious software. But that message does not appear for Firefox 68.1.0 ESR either 2. Even though I had the app on the desktop, wjen I clicked `Open` and allowed Tor Browser to start up, it placed its `TorBrowser-Data` folder under `~/Library/Application Support/TorBrowser-Data/` instead of next to the app. Apparently notarized applications do not have access to the desktop by default, because this problem occurs on macOS 10.14.6 as well. 3. A more serious problem is that on macOS 10.15 but not on 10.14.6, all tabs seem to crash (content process crash). This problem and 2. both disappear if I run `./Tor Browser.app/Contents/MacOS/firefox` from bash. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:52> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs