Bug 32556: Keep track of entitlement files and add signing script templates

The files in this directory are a large part of what we use when signing

releases. The scripts are meant to be templates, though, at the moment

omitting specific paths and credential information.

Additionally, when starting to used them for an own signing setup don't forget

to adapt the locale list if needed. The entitlement files, however, are kept

up-to-date.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<!--

     Entitlements to apply to the .app bundle and all executable files

     contained within it during codesigning of production channel builds that

     will be notarized. These entitlements enable hardened runtime protections

     to the extent possible for Firefox. Some supporting binaries within the

     bundle could use more restrictive entitlements, but they are launched by

     the main Firefox process and therefore inherit the parent process

     entitlements.

-->

<plist version="1.0">

  <dict>

    <!-- Firefox does not use MAP_JIT for executable mappings -->

    <key>com.apple.security.cs.allow-jit</key><false/>

    <!-- Firefox needs to create executable pages (without MAP_JIT) -->

    <key>com.apple.security.cs.allow-unsigned-executable-memory</key><true/>

    <!-- Code paged in from disk should match the signature at page in-time -->

    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>

    <!-- Allow loading third party libraries. Needed for Flash and CDMs -->

    <key>com.apple.security.cs.disable-library-validation</key><true/>

    <!-- Allow dyld environment variables. Needed because Firefox uses

         dyld variables to load libaries from within the .app bundle. -->

    <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/>

    <!-- Don't allow debugging of the executable. Debuggers will be prevented

         from attaching to running executables. Notarization does not permit

         access to get-task-allow (as documented by Apple) so this must be

         disabled on notarized builds. -->

    <key>com.apple.security.get-task-allow</key><false/>

    <!-- Firefox needs to access the microphone on sites the user allows -->

    <key>com.apple.security.device.audio-input</key><true/>

    <!-- Firefox needs to access the camera on sites the user allows -->

    <key>com.apple.security.device.camera</key><true/>

    <!-- Firefox needs to access the location on sites the user allows -->

    <key>com.apple.security.personal-information.location</key><true/>

    <!-- Allow Firefox to send Apple events to other applications. Needed

         for native messaging webextension helper applications launched by

         Firefox which rely on Apple Events to signal other processes. -->

    <key>com.apple.security.automation.apple-events</key><true/>

    <!-- For SmartCardServices(7) -->

    <key>com.apple.security.smartcard</key><true/>

  </dict>

</plist>

#!/bin/bash

# Copyright (c) 2019, The Tor Project, Inc.

#

# Redistribution and use in source and binary forms, with or without

# modification, are permitted provided that the following conditions are

# met:

#     * Redistributions of source code must retain the above copyright

# notice, this list of conditions and the following disclaimer.

#

#     * Redistributions in binary form must reproduce the above

# copyright notice, this list of conditions and the following disclaimer

# in the documentation and/or other materials provided with the

# distribution.

#

#     * Neither the names of the copyright owners nor the names of its

# contributors may be used to endorse or promote products derived from

# this software without specific prior written permission.

#

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

set -e

read -sp "Enter passphrase: " pass

echo

for i in `find . -name "*.exe" -print`

do

  /path/to/patched/osslsigncode/build/osslsigncode \

                 -pkcs11engine /usr/lib/engines/engine_pkcs11.so \

                 -pkcs11module /usr/lib/libeTPkcs11.so \

                 -pass $pass \

                 -h sha256 \

                 -certs $path/to/cert \

                 -key $key \

                 $i $i-signed

done

rename -f 's/-signed//' *-signed

#!/bin/bash

# Copyright (c) 2019, The Tor Project, Inc.

#

# Redistribution and use in source and binary forms, with or without

# modification, are permitted provided that the following conditions are

# met:

#     * Redistributions of source code must retain the above copyright

# notice, this list of conditions and the following disclaimer.

#

#     * Redistributions in binary form must reproduce the above

# copyright notice, this list of conditions and the following disclaimer

# in the documentation and/or other materials provided with the

# distribution.

#

#     * Neither the names of the copyright owners nor the names of its

# contributors may be used to endorse or promote products derived from

# this software without specific prior written permission.

#

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

set -e

COUNT=0

for i in `find . -name "*.exe" -print`

do

  /path/to/patched/osslsigncode add \

                 -t http://timestamp.digicert.com \

                 -p socks://127.0.0.1:9050 \

                 $i $i-timestamped

  COUNT=$((COUNT + 1))

done

echo "Timestamped $COUNT .exe files, now renaming"

rename -f 's/-timestamped//' *-timestamped

#!/bin/bash

# Copyright (c) 2019, The Tor Project, Inc.

#

# Redistribution and use in source and binary forms, with or without

# modification, are permitted provided that the following conditions are

# met:

#     * Redistributions of source code must retain the above copyright

# notice, this list of conditions and the following disclaimer.

#

#     * Redistributions in binary form must reproduce the above

# copyright notice, this list of conditions and the following disclaimer

# in the documentation and/or other materials provided with the

# distribution.

#

#     * Neither the names of the copyright owners nor the names of its

# contributors may be used to endorse or promote products derived from

# this software without specific prior written permission.

#

# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

TORBROWSER_VERSION=$1

if [ -z $TORBROWSER_VERSION ];

then

  echo "Please call this script with a Tor Browser version!"

  exit 1

fi

BUNDLE_LOCALES="ar ca cs da de el en-US es-AR es-ES fa fr ga-IE he hu id is it ja ka ko mk nb-NO nl pl pt-BR ro ru sv-SE tr vi zh-CN zh-TW"

builddir=/path/to/the/build/dir

mkdir $builddir/$TORBROWSER_VERSION-signed

for LANG in $BUNDLE_LOCALES

do

  cd $builddir/dmg

  unzip -q $builddir/$TORBROWSER_VERSION/tb-${TORBROWSER_VERSION}_$LANG-stapled.zip

  cd ..

  $builddir/ddmg.sh $builddir/$TORBROWSER_VERSION-signed/TorBrowser-${TORBROWSER_VERSION}-osx64_$LANG.dmg $builddir/dmg/

  rm -rf 'dmg/Tor Browser.app'

done