Add Mac Hardened Runtime entitlement files to the tree

RESOLVED FIXED in Firefox 68

Status

defect
P1
normal
RESOLVED FIXED
2 months ago
2 months ago

People

(Reporter: haik, Assigned: haik)

Tracking

(Blocks 2 bugs)

unspecified
mozilla68
Unspecified
macOS
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

Attachments

(2 attachments)

Assignee

Description

2 months ago

This bug is filed to cover landing hardened runtime entitlement files that will be used with the codesign command by release engineering to set the appropriate flags needed for notarization and hardened runtime.

Assignee

Updated

2 months ago
Assignee: nobody → haftandilian
Priority: -- → P1
Assignee

Updated

2 months ago
Blocks: 1522409
Assignee

Comment 1

2 months ago

Add entitlement files for Hardened Runtime configuration to be used by Release Engineering for official builds and try builds and developers for local builds. These entitlement files are input to the codesign command.

Hardened Runtime and codesigning is not yet enabled for local builds or try builds so for now these files will only be used by Release Engineering.

production.entitlements.xml is intended to be used for official channel builds that will be codesigned, notarized, and shipped to users.

developer.entitlements.xml is intended to be used for developer and try builds that will be codesigned, but not notarized or shipped to users. The developer file enables debugging which is not compatible with notarization, but is otherwise the same as the production file.

codesign.bash is a stop-gap script to allow developers who setup Apple Developer ID certificates to codesign Nightly themselves and enabled Hardened Runtime.

Comment 3

2 months ago
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4e7be2db653e
Add Mac Hardened Runtime entitlement files to the tree r=spohl

Comment 4

2 months ago
bugherder
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.