Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fully match the upstream codesign requirements

See original GitHub issue

Description

In Chromium 98.0.4758.109, there was a commit which changed signature verification for PWAs https://chromium.googlesource.com/chromium/src/+/e660f5610cf324520b9db9ce86259424df1f15fb

We got this passing with https://github.com/brave/brave-core/pull/12418 - but ~part of codesign_requirements_basic is commented out:~ we are missing and certificate leaf[subject.OU] = KL8N8XSYF4 at the end

return 'and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */'

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
bridivercommented, Mar 2, 2022

do we know what security consequences there are to having this part commented out? that should affect the prioritization

@diracdeltas @bsclifton this ticket is not correct. We are missing and certificate leaf[subject.OU] = KL8N8XSYF4 at the end.

0reactions
diracdeltascommented, Mar 22, 2022

any update here?

Read more comments on GitHub >

github_iconTop Results From Across the Web

TN3127: Inside Code Signing: Requirements - Apple Developer
When you sign code with Xcode or codesign , they apply a default designated requirement (DR) based on the code signing identity you...
Read more >
Check upstream tarball signatures - packaging-committee
#610 Packaging guidelines: Check upstream tarball signatures ... Of course, you should check the fingerprint of the resulting key matches what you expect, ......
Read more >
Kernel Module Packages Manual - SUSE Documentation
This document specifies the requirements for RPM packages that contain ... of the same kernel package on different architectures will not match either....
Read more >
Participation and Co-creation in Citizen Science | SpringerLink
... these debates are grouped under the terms upstream engagement ... in the context of health-related and environmental science, fully ...
Read more >
Sonarr - Dive in
Notifications and fully customizable quality profiles. ... It is possible to install Sonarr manually from upstream using the .tar.gz download.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Relaunching the app after changing the language in settings results in the app not loading successfully

Next page

Linker command failure by building Brave for nVIDIA Jetson Nano