Closed Bug 1546299 Opened 6 years ago Closed 5 years ago

Digitally sign geckodriver binaries on Mac

Categories

(Testing :: geckodriver, enhancement, P2)

Product:
Testing
Component:
geckodriver
Version:
Version 3
Platform:
All
macOS
Type:
enhancement

Tracking

(firefox70 verified)

Status:
VERIFIED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- verified

People

(Reporter: whimboo, Assigned: mozilla)

References

(Blocks 3 open bugs)

Details

Attachments

(1 file)

Bug 1546299 - add mac geckodriver signing support. r=jlorenzo
(deleted), text/x-phabricator-request
Details

+++ This bug was initially created as a clone of Bug #1427849 +++

Bug 1427849 got signing implemented for Linux and Windows, but bug 1470607 blocks us from doing the same on Mac. Johan will continue once that other bug got fixed.

OS: Windows → macOS

Johan, I would be interested to know when we could get this feature. Reason is that I want to get the new job created which collects all the geckodriver binaries and offers them as artifacts on a single job. I assume that as long as this bug hasn't been implemented, I will have to look for geckodriver-repack for MacOS instead. Later it should hopefully be easy to get this dependency flipped.

Flags: needinfo?(jlorenzo)

Hey Whimboo!

I'm sorry, I haven't worked closely from bug 1470607, deferring to Aki.

Regarding the dependencies: yeah, using geckodriver-repack for MacOS is the way to go, if you need a quick solution.

Flags: needinfo?(jlorenzo)
Blocks: 1558497

(In reply to Johan Lorenzo [:jlorenzo] from comment #2)

Regarding the dependencies: yeah, using geckodriver-repack for MacOS is the way to go, if you need a quick solution.

Perfect. I will handle all that on bug 1558497.

I meant to NI :aki in comment 2.

Flags: needinfo?(aki)

Hm. This is the first I’ve heard of this.
Mac notarization will hopefully roll out this week. Once that happens, we can add geckodriver signing to the mac build-signing tasks. (Do we need to sign localized versions or just the en-US?)

Flags: needinfo?(aki)

Aki, that is great to hear! So we only have to sign one binary file here. There is no localization support for geckodriver. It's just English.

Using the Apple Notary service for signed builds was actually done on bug 1471004, which seems to be rolled-out now.

Aki, would anyone be able to help us with the signing task? Thanks a lot.

Depends on: 1471004
No longer depends on: 1470607
Flags: needinfo?(aki)

I'll start looking at this.

Flags: needinfo?(aki)
Assignee: nobody → aki

Also add the mac_geckodriver behavior, and remove the unused mac_pkg behavior.

Attachment #9075535 - Attachment description: Bug 1546299 - add mac geckodriver signing support. → Bug 1546299 - add mac geckodriver signing support. r=jlorenzo

Updated the mac signing pool. Once we land the in-tree patch, we'll start signing geckodriver on mac.

Thanks a lot for this quick patch Aki!

Pushed by asasaki@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/57281d612fe1 add mac geckodriver signing support. r=jlorenzo

https://hg.mozilla.org/mozilla-central/rev/57281d612fe1

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox70: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70

This looks great:

codesign --verify --verbose geckodriver
geckodriver: valid on disk
geckodriver: satisfies its Designated Requirement

Thanks a lot!

Status: RESOLVED → VERIFIED
status-firefox70: fixedverified
Blocks: 1588081
Blocks: 1783943
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: