The minidump-analyzer tool was originally conceived to be used from the crash
report client and as such was installed in the crash reporter client
application bundle on macOS. It was later adapted to work from Firefox itself
but this caused linking problems when invoked from the Firefox app bundle.
This patch moves the minidump-analyzer into the Firefox app bundle and adapts
the relevant code to find it there.
The minidump-analyzer was also not signed like the rest of our executables and
this patch addresses that issue too.
Differential Revision: https://phabricator.services.mozilla.com/D52910
--HG--
extra : moz-landing-system : lando
Add separate entitlement files for the browser (aka parent process) and plugin-container processes. Leave the old production and developer entitlement files in place.
Once automation has been updated to use the new process-specific entitlement files (bug 1593072), the older entitlement files can be removed.
Future work will change the process-specific entitlements to be minimized for each process type.
Update codesign.bash to
1) use the separate browser and plugin-container entitlement files
2) only sign executables with entitlements, not sign unnecessary files
3) output to a .dmg instead of a .zip file.
Differential Revision: https://phabricator.services.mozilla.com/D52117
--HG--
extra : moz-landing-system : lando
Revert bug 1570581 by removing the AppleEvent entitlement from our hardened runtime configuration for both production and development.
Now that native messaging helpers are started 'disclaimed' with a new attribution chain, the entitlement is not needed.
Differential Revision: https://phabricator.services.mozilla.com/D48029
--HG--
extra : moz-landing-system : lando
Revert bug 1570581 by removing the AppleEvent entitlement from our hardened runtime configuration for both production and development.
Now that native messaging helpers are started 'disclaimed' with a new attribution chain, the entitlement is not needed.
Differential Revision: https://phabricator.services.mozilla.com/D48029
--HG--
extra : moz-landing-system : lando
Add the com.apple.security.smartcard entitlement to Firefox's entitlements list.
Needed for clients of some CryptoTokenKit.framework API's, per SmartCardServices(7).
Differential Revision: https://phabricator.services.mozilla.com/D51303
--HG--
extra : moz-landing-system : lando
Relax our Hardened Runtime settings to allow the com.apple.security.automation.apple-events entitlement so that native messaging webextension helper apps (which are launched by and are child processes of Firefox) can use Apple Events to signal other processes. This will apply to Firefox and all child processes.
Differential Revision: https://phabricator.services.mozilla.com/D42929
--HG--
extra : moz-landing-system : lando
Set com.apple.security.cs.disable-library-validation=false in developer and production Hardened Runtime entitlements now that the definition has changed to mean allow/disallow unsigned libraries.
Differential Revision: https://phabricator.services.mozilla.com/D40525
--HG--
extra : moz-landing-system : lando
Add entitlement files for Hardened Runtime configuration to be used by Release Engineering for official builds and try builds and developers for local builds. These entitlement files are input to the codesign command.
Hardened Runtime and codesigning is not yet enabled for local builds or try builds so for now these files will only be used by Release Engineering.
production.entitlements.xml is intended to be used for official channel builds that will be codesigned, notarized, and shipped to users.
developer.entitlements.xml is intended to be used for developer and try builds that will be codesigned, but not notarized or shipped to users. The developer file enables debugging which is not compatible with notarization, but is otherwise the same as the production file.
codesign.bash is a stop-gap script to allow developers who setup Apple Developer ID certificates to codesign Nightly themselves and enabled Hardened Runtime.
Differential Revision: https://phabricator.services.mozilla.com/D27396
--HG--
extra : moz-landing-system : lando
Gabriele Svelto
Haik Aftandilian
Brindusan Cristian
Csoregi Natalia