Sign macOS tor executables in tor expert bundle
I'm trying to use the tor executable and pluggable transports from the tor expert bundle while porting briar-desktop to macOS. I've seen #40397 (closed) and thanks for creating the tor expert bundle in the first place!
It looks like the tor
executable shipped with the expert bundle is not signed. As a result, I cannot run it as a subprocess from within the JVM. I've started debugging this and it looks like it doesn't have anything to do with the way we use ProcessBuilder
to launch the executable on the JVM (everything works fine when I use the tor.real
executable shipped with the TorBrowser DMG package). Taking the JVM side of things out of the picture, when I try to run ./tor
from the expert bundle on the shell, I do get this:
zsh: killed ./tor
It might also show a popup notifying me about the fact that the developer of the executable cannot be verified with the options in the dialog to either move it to trash or cancel the operation.
The executable shipped in the TorBrowser DMG packages works fine however. I wasn't sure it's actually the executable itself that is signed or if the OS keeps track of the DMG it has been extracted from (which is signed itself). So I extracted the file on a Linux machine and transferred it to a macOS machine that had never seen that file or TorBrowser before. I was still able to run tor.real
successfully there.
This makes me wonder: would it be desirable from your point of view and technically possible to sign the executables shipped with the expert bundle the same way the ones from the TorBrowser distribution are?