fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser

Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment

tools/torbrowser/Makefile

 .DEFAULT_GOAL := all
 
 # https://stackoverflow.com/questions/18136918/how-to-get-current-relative-directory-of-your-makefile
-mkfile_path := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
-
-DEV_ROOT = $(mkfile_path)/../..
-BINARIES = $(DEV_ROOT)/.binaries
-BUILD_OUTPUT = $(DEV_ROOT)/obj-x86_64-pc-linux-gnu
+mkfile_path := "$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))"
+
+DEV_ROOT = "$(mkfile_path)/../.."
+BINARIES = "$(DEV_ROOT)/.binaries"
+ARCHITECTURE = "$(shell uname -m)"
+
+# Correct the architecture naming for ARM to match what mozilla has
+ifeq ($(ARCHITECTURE), "arm64")
+  ARCHITECTURE = "aarch64"
+endif
+
+# Define build output path based on the platform.
+ifeq ("$(shell uname)", "Darwin")
+  BUILD_OUTPUT = "$(DEV_ROOT)/obj-$(ARCHITECTURE)-apple-darwin$(shell uname -r)"
+else
+  BUILD_OUTPUT = "$(DEV_ROOT)/obj-$(ARCHITECTURE)-pc-linux-gnu"
+endif
+
+# Define the run command based on the platform.
+ifeq ("$(shell uname)", "Darwin")
+  RUN_CMD := cd "$(BINARIES)/Tor Browser.app/Contents/MacOS/" && ./firefox
+else
+  RUN_CMD := "$(BINARIES)/dev/Browser/start-tor-browser" -v $(ARGS)
+endif
 
 config:
 	./config.sh $(DEV_ROOT)
@@ -34,7 +53,7 @@ fat-aar:
 all: build deploy
 
 run:
-	$(BINARIES)/dev/Browser/start-tor-browser -v $(ARGS)
+	$(RUN_CMD)
 
 jslint:
 	./jslint.sh $(DEV_ROOT) $(JS)

tools/torbrowser/browser-self-sign-macos.sh

+#!/bin/bash
+
+CERTNAME=my-codesign-cert-tor
+BROWSERPATH=.
+
+if [ $# -ge 1 ]
+then
+  BROWSERPATH=$1
+fi
+
+
+security find-certificate -c $CERTNAME > /dev/null
+
+if [ $? -ne 0 ]
+then
+  echo ""
+  echo "ERROR: Self Signing Certificate not found, please create:"
+  echo "  1. In the Keychain Access app on your Mac, choose Keychain Access > Certificate Assistant > Create a Certificate."
+  echo "  2. Enter the name '$CERTNAME' for the certificate"
+  echo "  3. Choose an identity type:  Self Signed Root"
+  echo "  4. Certificate Type > Code Signing"
+  echo "  5. Check 'Let me override defaults' & click Continue."
+  echo "  6. Enter a unique Serial Number. (123 is fine)"
+  echo "  7. Enter a big Validity Period (days), like 3560 & click Continue."
+  echo "  8. Fill in your personal information & click Continue."
+  echo "  9. Accept defaults for the rest of the dialog boxes. (Continue several times)"
+  echo "  10. Certificate Created! Click Done."
+  echo ""
+  echo "For additional help see:"
+  echo "  https://support.apple.com/en-ca/guide/keychain-access/kyca8916/mac"
+  echo "  https://stackoverflow.com/questions/58356844/what-are-the-ways-or-technologies-to-sign-an-executable-application-file-in-mac"
+  
+  echo ""
+  read -n 1 -r -s -p $'Press enter to launch "Keychain Access"...\n'
+  open /System/Applications/Utilities/Keychain\ Access.app
+
+  exit -1
+fi
+
+echo "Found $CERTNAME, looking for browser to sign..."
+
+if [ ! -f "$BROWSERPATH/XUL" ]
+then
+  TESTPATH="$BROWSERPATH/Contents/MacOS"
+  if [ -f "$TESTPATH/XUL" ]
+  then
+      BROWSERPATH=$TESTPATH
+  else
+    echo "Error: browser files not detected in $BROWSERPATH!"
+    echo "  This script needs to be run in the 'Contents/MacOS' directory of a SomeBrowser.app directory"
+    exit -1
+  fi
+fi
+
+echo "Mozilla based browser found, signing..."
+echo '  Will be asked for password to certificate for all the things that need to be signed. Click "Always Allow" to automate'
+
+cd "$BROWSERPATH"
+
+codesign -s $CERTNAME *.dylib
+codesign -s $CERTNAME plugin-container.app
+
+if [ -d Tor ]
+then
+  codesign -s $CERTNAME Tor/PluggableTransports/*
+  codesign -s $CERTNAME Tor/libevent-2.1.7.dylib
+  if [ -f Tor/tor.real ]
+  then
+    codesign -s $CERTNAME Tor/tor.real
+  fi
+  if [ -f Tor/tor ]
+  then
+    codesign -s $CERTNAME Tor/tor
+  fi
+fi
+
+codesign -s $CERTNAME XUL
+
+if [ -d updater.app ]
+then
+  codesign -s $CERTNAME updater.app
+fi
+
+# mullvadbrowser
+if [ -f mullvadbrowser ]
+then
+  codesign -s $CERTNAME mullvadbrowser
+fi
+
+# BB or TB
+if [ -f firefox ]
+then
+  codesign -s $CERTNAME firefox
+fi
+
+echo ""
+echo "Browser signing step done!"
+echo ""
+
+echo "App still needs one more override to be easily opened with double click in Finder"
+echo "Alternatively you can right click it, select 'Open' and then select 'Open' from the override popup"
+echo "Or to enable it to be double clicked to open perform the following"
+echo ""
+echo "Double click the app and select either 'Ok' or 'Cancel' from the warning popup depending on which you get (Do Not 'Move to Trash')"
+echo 'Go to Preferences -> Security & Privacy and click on padlock to allow changes. '
+echo '  Then in "Allow appications downloaded from" select either:'
+echo '    - App Store and identified developers'
+echo '    - Anywhere'
+echo '  Below that may be a notice about your specific app saying it was blocked because it was not from an identified developer. Click "Open Anyways" and "Open"'
+

tools/torbrowser/deploy.sh

 #!/bin/bash
 set -e
-BINARIES=$1
-BUILD_OUTPUT=$2
 
-SCRIPT_DIR=$(realpath "$(dirname "$0")")
+BINARIES="$1"
+BUILD_OUTPUT="$2"
+SCRIPT_DIR="$(realpath "$(dirname "$0")")"
+
+RESDIR="$BUILD_OUTPUT/dist/firefox"
+if [ "$(uname)" = "Darwin" ]; then 
+    RESDIR="$RESDIR/Tor Browser.app/Contents/Resources"
+fi
 
 # Add built-in bridges
-mkdir -p $BUILD_OUTPUT/_omni/defaults/preferences
-cat $BUILD_OUTPUT/dist/bin/browser/defaults/preferences/000-tor-browser.js $SCRIPT_DIR/bridges.js >> $BUILD_OUTPUT/_omni/defaults/preferences/000-tor-browser.js
-cd $BUILD_OUTPUT/_omni && zip -Xmr $BUILD_OUTPUT/dist/firefox/browser/omni.ja defaults/preferences/000-tor-browser.js
-rm -rf $BUILD_OUTPUT/_omni
+mkdir -p "$BUILD_OUTPUT/_omni/defaults/preferences"
+cat "$BUILD_OUTPUT/dist/bin/browser/defaults/preferences/000-tor-browser.js" "$SCRIPT_DIR/bridges.js" >> "$BUILD_OUTPUT/_omni/defaults/preferences/000-tor-browser.js"
+cd "$BUILD_OUTPUT/_omni"
+zip -Xmr "$RESDIR/browser/omni.ja" "defaults/preferences/000-tor-browser.js"
+rm -rf "$BUILD_OUTPUT/_omni"
 
 # Repackage the manual
 # rm -rf $BUILD_OUTPUT/_omni
 # mkdir $BUILD_OUTPUT/_omni
 # unzip $BINARIES/dev/Browser/browser/omni.ja -d $BUILD_OUTPUT/_omni
-# cd $BUILD_OUTPUT/_omni && zip -Xmr $BUILD_OUTPUT/dist/firefox/browser/omni.ja chrome/browser/content/browser/manual
+# cd $BUILD_OUTPUT/_omni && zip -Xmr $RESDIR/browser/omni.ja chrome/browser/content/browser/manual
 # rm -rf $BUILD_OUTPUT/_omni
 
+if [ "$(uname)" = "Darwin" ]; then
+
+    # copy binaries
+    cp -r "$BUILD_OUTPUT/dist/firefox/Tor Browser.app/Contents/"* "$BINARIES/Tor Browser.app/Contents/"
+    rm -rf "$BINARIES/TorBrowser-Data/Browser/Caches/*.default/startupCache"
+
+    # Self sign the Binaries
+    cd "$BINARIES/Tor Browser.app/Contents/MacOS"
+    "$SCRIPT_DIR/browser-self-sign-macos.sh"
+
+  else
+
     # backup the startup script
-mv $BINARIES/dev/Browser/firefox $BINARIES/dev/Browser/firefox.bak
+    mv "$BINARIES/dev/Browser/firefox" "$BINARIES/dev/Browser/firefox.bak"
     
     # copy binaries 
-cp -r $BUILD_OUTPUT/dist/firefox/* $BINARIES/dev/Browser
-rm -rf $BINARIES/dev/Browser/TorBrowser/Data/Browser/profile.default/startupCache
+    cp -r "$RESDIR/"* "$BINARIES/dev/Browser"
+    rm -rf "$BINARIES/dev/Browser/TorBrowser/Data/Browser/profile.default/startupCache"
 
     # shuffle firefox bin around and restore script to match a real deployment
-mv $BINARIES/dev/Browser/firefox $BINARIES/dev/Browser/firefox.real
-mv $BINARIES/dev/Browser/firefox.bak $BINARIES/dev/Browser/firefox
+    mv "$BINARIES/dev/Browser/firefox" "$BINARIES/dev/Browser/firefox.real"
+    mv "$BINARIES/dev/Browser/firefox.bak" "$BINARIES/dev/Browser/firefox"
+
+fi

tools/torbrowser/fetch.sh

 #!/bin/sh
 set -e
 
-BINARIES_DIR=$1
+BINARIES_DIR="$1"
 
 # download the current downloads.json
 wget https://aus1.torproject.org/torbrowser/update_3/alpha/downloads.json
-# get url for latest alpha linux en_US package
+# get url for latest alpha linux package
 TOR_BROWSER_VERSION=$(grep -Eo "\"version\":\"[0-9.a]+\"" downloads.json | grep -Eo "[0-9.a]+")
-TOR_BROWSER_PACKAGE="tor-browser-linux64-${TOR_BROWSER_VERSION}_ALL.tar.xz"
+if [ "$(uname)" = "Darwin" ]; then
+    TOR_BROWSER_PACKAGE="tor-browser-macos-${TOR_BROWSER_VERSION}.dmg"
+  else
+    TOR_BROWSER_PACKAGE="tor-browser-linux-x86_64-${TOR_BROWSER_VERSION}.tar.xz"
+fi
 TOR_BROWSER_PACKAGE_URL="https://dist.torproject.org/torbrowser/${TOR_BROWSER_VERSION}/${TOR_BROWSER_PACKAGE}"
 
 # remove download manifest
 rm downloads.json
 
 # clear out previous tor-browser and previous package
-rm -rf "${BINARIES_DIR}/dev"
+rm -rf "${BINARIES_DIR}"
 rm -f "${TOR_BROWSER_PACKAGE}"
 
 # download
-rm -f "${TOR_BROWSER_PACKAGE}"
 wget "${TOR_BROWSER_PACKAGE_URL}"
 mkdir -p "${BINARIES_DIR}"
 
 # and extract
-tar -xf ${TOR_BROWSER_PACKAGE} -C "${BINARIES_DIR}"
+if [ "$(uname)" = "Darwin" ]
+  then
+    hdiutil attach "${TOR_BROWSER_PACKAGE}"
+    cp -R "/Volumes/Tor Browser/Tor Browser.app" "${BINARIES_DIR}"
+    hdiutil detach "/Volumes/Tor Browser"
+  else
+    tar -xf "${TOR_BROWSER_PACKAGE}" -C "${BINARIES_DIR}"
     mv "${BINARIES_DIR}/tor-browser" "${BINARIES_DIR}/dev"
+fi
 
-# cleanup
+# Final cleanup
 rm -f "${TOR_BROWSER_PACKAGE}"