Add signature checks for app bundle on OS X (maybe all once support across all platforms has been landed)

RESOLVED WONTFIX

Status

defect
RESOLVED WONTFIX
5 years ago
7 days ago

People

(Reporter: whimboo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Originally filed for mozmill automation as https://github.com/mozilla/mozmill-automation/issues/163.

As described in bug 1047728 comment 16 we want to add checks for the app bundle signature. For all the tests it should happen at the beginning, while for update tests we also have to do it after the update has been applied. Keep in mind that the channel pref and allowed mar channels files will have to be reset first for the latter.

The command to use will be: spctl -a -v <bundlename>.app


I talked with Stephen on IRC about all those checks, and here what we agreed on:

* If a signing check fails for a build due to a broken seal we want to directly abort the testrun. No tests will be run at all. Details about the failure can be retrieved via codesign -vvv. The missing/broken files we should show in our logs.

* With 10.9.5 a signing check will fail for v1 signatures unless they are whitelisted. We should implement a workaround so that we can still run older builds. A way to retrieve the version is via codesign -dv. Maybe there is something better?

* Updating a version 1 build to a version 2 build will leave some files around, which are not being removed. A signing check will fail. Updating again will remove those files.
Product: Mozilla QA → Testing

Update tests will be removed on bug 1573406.

Status: NEW → RESOLVED
Closed: 7 days ago
Resolution: --- → WONTFIX
See Also: → 1573406
You need to log in before you can comment on or make changes to this bug.