Verified Commit 16f42e30 authored by Pier Angelo Vendrame's avatar Pier Angelo Vendrame 🎃
Browse files

fixup! Bug 13379: Allow using NSS to sign and verify MAR signatures

Bug 41668: Port some updater patches to Base Browser

Use a configure-time flag to force using NSS for MARs signatures.
parent eb16c8cc
Loading
Loading
Loading
Loading
+8 −0
Original line number Diff line number Diff line
@@ -32,6 +32,14 @@ set_config(
    "MOZ_VERIFY_MAR_SIGNATURE", depends_if("--enable-verify-mar")(lambda _: True)
)

# Use NSS for MAR signatures even on platforms where system libraries are
# supported (currently Windows and macOS).
# ==============================================================

option("--enable-nss-mar", help="Always use NSS for MAR signatures")

set_config("MOZ_USE_NSS_FOR_MAR", True, when="--enable-nss-mar")

# Maintenance service (Windows only)
# ==============================================================

+3 −3
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ if CONFIG["MOZ_BUILD_APP"] != "tools/update-packaging":
        "verifymar",
    ]

    if CONFIG["TOR_BROWSER_UPDATE"]:
    if CONFIG["MOZ_USE_NSS_FOR_MAR"]:
        DEFINES["MAR_NSS"] = True

    if CONFIG["OS_ARCH"] == "WINNT":
@@ -52,12 +52,12 @@ if CONFIG["MOZ_BUILD_APP"] != "tools/update-packaging":
        OS_LIBS += [
            "ws2_32",
        ]
        if not CONFIG["TOR_BROWSER_UPDATE"]:
        if not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
            OS_LIBS += [
                "crypt32",
                "advapi32",
            ]
    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["TOR_BROWSER_UPDATE"]:
    elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
        OS_LIBS += [
            "-framework CoreFoundation",
            "-framework Security",
+13 −8
Original line number Diff line number Diff line
@@ -15,12 +15,15 @@ FORCE_STATIC_LIB = True

if CONFIG["OS_ARCH"] == "WINNT":
    USE_STATIC_LIBS = True
elif CONFIG["OS_ARCH"] == "Darwin":
    USE_LIBS += [
        "nspr",
        "nss",
        "signmar",
    use_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"]
elif CONFIG["OS_ARCH"] == "Darwin" and not CONFIG["MOZ_USE_NSS_FOR_MAR"]:
    UNIFIED_SOURCES += [
        "MacVerifyCrypto.cpp",
    ]
    OS_LIBS += [
        "-framework Security",
    ]
    use_nss = False
else:
    USE_LIBS += [
        "nspr",
@@ -34,14 +37,16 @@ else:
    OS_LIBS += [
        "-Wl,-rpath=\\$$ORIGIN",
    ]

DEFINES["MAR_NSS"] = True
LOCAL_INCLUDES += ["../sign"]
    use_nss = True

LOCAL_INCLUDES += [
    "../src",
]

if use_nss:
    LOCAL_INCLUDES += ["../sign"]
    DEFINES["MAR_NSS"] = True

# C11 for static_assert
c11_flags = ["-std=gnu11"]
if CONFIG["CC_TYPE"] == "clang-cl":
+5 −3
Original line number Diff line number Diff line
@@ -4,10 +4,12 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

link_with_nss = CONFIG["MOZ_USE_NSS_FOR_MAR"] or (
    CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"]
)
if link_with_nss:
    DEFINES["MAR_NSS"] = True

link_with_nss = DEFINES["MAR_NSS"] or (CONFIG["OS_ARCH"] == "Linux" and CONFIG["MOZ_VERIFY_MAR_SIGNATURE"])

srcs = [
    "archivereader.cpp",
    "updater.cpp",
+2 −2
Original line number Diff line number Diff line
@@ -232,8 +232,8 @@ for var in ("APP_VERSION", "APP_ID"):
if CONFIG["MOZ_BUILD_APP"] == "browser":
    DEFINES["MOZ_BUILD_APP_IS_BROWSER"] = True

if CONFIG['TOR_BROWSER_UPDATE']:
    DEFINES['MAR_NSS'] = True
if CONFIG["MOZ_USE_NSS_FOR_MAR"]:
    DEFINES["MAR_NSS"] = True

LOCAL_INCLUDES += [
    "../../other-licenses/nsis/Contrib/CityHash/cityhash",
Loading