Mozilla developer Ben Hearsum wrote a blog post today, describing the status of the effort to integrate code signing into the automated build process for Firefox on Mac OS X. Mozilla aims to turn on code signing for the browser’s nightly builds by next week.
The application needs to be signed so that it will continue to work on Mac OS X 10.8, codenamed "Mountain Lion," which is expected to launch later this year. Mountain Lion introduces a new security feature called Gatekeeper that will prevent the platform from executing applications that come from untrusted sources.
Gatekeeper supports several different configurations, but the default setting will only allow users to run software that has been signed with an Apple-supplied developer key or that comes from the Mac App Store. Third-party developers who do not distribute their applications through the Mac App Store will need to register with Apple, obtain a developer ID and start signing their applications.
Complying with the signing requirement won’t pose any major difficulties for the vast majority of Mac developers who already use Apple’s development tools. It might not be quite as simple, however, for applications with specialized build processes, many different builds, and extremely frequent releases. One such application is Mozilla’s Firefox Web browser.
As Hearsum previously described in a February blog post about Firefox build automation, Mozilla already performs code signing with GPG and Authenticode signatures during the build process. Some early work on integrating native Mac OS X signing into the build process began in 2010, but it was never completed. Hearsum resurrected the project this year and has been moving it forward towards production readiness.
One challenge for Mozilla was determining the best version of OS X to use for signing. Mozilla’s Erick Dransch reported in a blog post earlier this year that Firefox builds signed on 10.7 didn’t verify on 10.5, which is why Mozilla decided to use 10.6 on their signing servers. Dransch also described how Mozilla uses the command-line security utility on Mac OS X to unlock the keychain where the signing key is stored without having to deal with an interactive prompt that would interfere with automation.
Mozilla also had to make some decisions about what kind of Apple-approved certificate to use and what level of permission to assign to various kinds of Firefox builds. The “dep” and “try” builds, which are only used internally by Firefox developers, will be signed with a self-signed certificate, which means that they won’t be compatible with the default settings on 10.8.
All of the user-facing builds will be signed with official Developer ID certificates, but Mozilla plans to use two separate IDs. One ID will be used for the Nightly and Aurora builds. A second ID will be used for the beta and release builds. Hearsum wrote in his blog post that the purpose of using two separate IDs "gives us some degree of isolation in terms of certificate revocation."
Some recent rumors suggest that Mountain Lion could arrive within the next month, possibly even during WWDC in the first half of June. Mozilla is working to ensure that they have a stable version of the browser that has been signed ready for the launch.
reader comments
35