bug 1589151: geckodriver: explain macOS notarization changes; r=webdriver-reviewers,maja_zf
authorAndreas Tolfsen <ato@sny.no>
Wed, 16 Oct 2019 19:17:44 +0000
changeset 559248 759b2d177853e0011e940d4d959a8f79699267f0
parent 559247 8b5c572d769527c107efdff1b2084efe165eaab3
child 559249 de4a335d16d2a33bb413b9cc1263a73a79f29e5b
push id12175
push userccoroiu@mozilla.com
push dateThu, 17 Oct 2019 19:29:09 +0000
treeherdermozilla-beta@d333b6ef1fd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswebdriver-reviewers, maja_zf
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1589151: geckodriver: explain macOS notarization changes; r=webdriver-reviewers,maja_zf DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D49460
new file mode 100644
--- /dev/null
+++ b/testing/geckodriver/doc/Notarization.md
@@ -0,0 +1,41 @@
+macOS notarization
+With the introduction of macOS 10.15 “Catalina” Apple introduced
+[new notarization requirements] that all software must be signed
+and notarized centrally.
+Whilst geckodriver is technically both signed and notarized, the
+way we package geckodriver on macOS means the notarization is lost.
+Mozilla considers this a known bug with the [geckodriver 0.26.0
+release] and are taking steps to resolve this.  You can track the
+progress in [bug 1588081].
+There are some mitigating circumstances:
+  * Vertification problems only occur when other notarized programs,
+    such as a web browser, downloads the software from the internet.
+  * Arbitrary software downloaded through other means, such as
+    curl(1) is _not_ affected by this change.
+In other words, if your method for fetching geckodriver on macOS
+is through the GitHub web UI using a web browser, the program will
+not be able to run unless you manually disable the quarantine check
+(explained below).  If downloading geckodriver via other means
+than a macOS notarized program, you should not be affected.
+To bypass the notarization requirement on macOS if you have downloaded
+the geckodriver .tar.gz via a web browser, you can run the following
+command in a terminal:
+	% xattr -r -d com.apple.quarantine geckodriver
+A problem with notarization will manifest itself through a security
+dialogue appearing, explaining that the source of the program is
+not trusted.
+[new notarization requirements]: https://developer.apple.com/news/?id=04102019a
+[geckodriver 0.26.0 release]: https://github.com/mozilla/geckodriver/releases/tag/v0.26.0
+[bug 1588081]: https://bugzilla.mozilla.org/show_bug.cgi?id=1588081
--- a/testing/geckodriver/doc/index.rst
+++ b/testing/geckodriver/doc/index.rst
@@ -28,16 +28,17 @@ For users
    WebDriver capabilities <https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities>
+   Notarization.md
 For developers
 .. toctree::
    :maxdepth: 1