bug 1589151: geckodriver: explain macOS notarization changes; r=webdriver-reviewers,maja_zf
authorAndreas Tolfsen <ato@sny.no>
Wed, 16 Oct 2019 19:17:44 +0000
changeset 559248 759b2d177853e0011e940d4d959a8f79699267f0
parent 559247 8b5c572d769527c107efdff1b2084efe165eaab3
child 559249 de4a335d16d2a33bb413b9cc1263a73a79f29e5b
push id12175
push userccoroiu@mozilla.com
push dateThu, 17 Oct 2019 19:29:09 +0000
treeherdermozilla-beta@d333b6ef1fd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswebdriver-reviewers, maja_zf
bugs1589151
milestone71.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1589151: geckodriver: explain macOS notarization changes; r=webdriver-reviewers,maja_zf DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D49460
testing/geckodriver/doc/Notarization.md
testing/geckodriver/doc/index.rst
new file mode 100644
--- /dev/null
+++ b/testing/geckodriver/doc/Notarization.md
@@ -0,0 +1,41 @@
+macOS notarization
+==================
+
+With the introduction of macOS 10.15 “Catalina” Apple introduced
+[new notarization requirements] that all software must be signed
+and notarized centrally.
+
+Whilst geckodriver is technically both signed and notarized, the
+way we package geckodriver on macOS means the notarization is lost.
+Mozilla considers this a known bug with the [geckodriver 0.26.0
+release] and are taking steps to resolve this.  You can track the
+progress in [bug 1588081].
+
+There are some mitigating circumstances:
+
+  * Vertification problems only occur when other notarized programs,
+    such as a web browser, downloads the software from the internet.
+
+  * Arbitrary software downloaded through other means, such as
+    curl(1) is _not_ affected by this change.
+
+In other words, if your method for fetching geckodriver on macOS
+is through the GitHub web UI using a web browser, the program will
+not be able to run unless you manually disable the quarantine check
+(explained below).  If downloading geckodriver via other means
+than a macOS notarized program, you should not be affected.
+
+To bypass the notarization requirement on macOS if you have downloaded
+the geckodriver .tar.gz via a web browser, you can run the following
+command in a terminal:
+
+	% xattr -r -d com.apple.quarantine geckodriver
+
+A problem with notarization will manifest itself through a security
+dialogue appearing, explaining that the source of the program is
+not trusted.
+
+
+[new notarization requirements]: https://developer.apple.com/news/?id=04102019a
+[geckodriver 0.26.0 release]: https://github.com/mozilla/geckodriver/releases/tag/v0.26.0
+[bug 1588081]: https://bugzilla.mozilla.org/show_bug.cgi?id=1588081
--- a/testing/geckodriver/doc/index.rst
+++ b/testing/geckodriver/doc/index.rst
@@ -28,16 +28,17 @@ For users
    WebDriver capabilities <https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities>
    Capabilities.md
    Usage.md
    Flags.md
    Profiles.md
    Bugs.md
    TraceLogs.md
    CrashReports.md
+   Notarization.md
 
 
 For developers
 ==============
 .. toctree::
    :maxdepth: 1
 
    Building.md