GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Unverified Commit bd5b25f2 authored by Alex Catarineu's avatar Alex Catarineu Committed by Matthew Finkel
Browse files

Bug 40128: Allow updating Fenix allowed_addons.json

parent c154b2d3
This source diff could not be displayed because it is too large. You can view the blob instead.
#!/bin/bash
[% c("var/set_default_env") -%]
ext_dir=assets/extensions
assets_dir=assets
ext_dir=$assets_dir/extensions
qa_apk=[% dest_dir %]/[% c('filename') %]/tor-browser-[% c("version") %]-[% c("var/osname") %]-multi-qa.apk
apk=$rootdir/fenix/app-[% c("var/abi") %]-*.apk
......@@ -15,8 +16,16 @@ cd /var/tmp/build
unzip -d $ext_dir/https-everywhere $rootdir/[% c('input_files_by_name/https-everywhere') %]
mv $rootdir/[% c('input_files_by_name/noscript') %] $ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[% IF c("var/verify_allowed_addons") %]
# Check that allowed_addons.json contains the right versions of NoScript and HTTPS Everywhere
# If so, replace the default allowed_addons.json by ours in the apk assets folder.
$rootdir/verify_allowed_addons.py "$rootdir/allowed_addons.json" "$ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi" "$rootdir/[% c('input_files_by_name/https-everywhere') %]"
[% END %]
mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json
[% c('zip', {
zip_src => [ '$ext_dir' ],
zip_src => [ '$assets_dir' ],
zip_args => '$apk',
}) %]
......
......@@ -47,6 +47,7 @@ targets:
var:
arch_deps:
- apksigner
verify_allowed_addons: 1
input_files:
- project: container-image
......@@ -115,3 +116,7 @@ input_files:
enable: '[% c("var/namecoin") %]'
- filename: namecoin.patch
enable: '[% c("var/namecoin") %]'
- filename: allowed_addons.json
enable: '[% c("var/android") %]'
- filename: verify_allowed_addons.py
enable: '[% c("var/android") && c("var/verify_allowed_addons") %]'
#!/usr/bin/env python
import json
import sys
import hashlib
import zipfile
def find_addon(addons, addon_id):
results = addons['results']
for x in results:
addon = x['addon']
if addon['guid'] == addon_id:
return addon
sys.exit("Error: cannot find addon " + addon_id)
def verify_extension_version(addons, addon_id, version):
addon = find_addon(addons, addon_id)
expected_version = addon['current_version']['version']
if version != expected_version:
sys.exit("Error: version " + version + " != " + expected_version)
def verify_extension_hash(addons, addon_id, hash):
addon = find_addon(addons, addon_id)
expected_hash = addon["current_version"]["files"][0]["hash"]
if hash != expected_hash:
sys.exit("Error: hash " + hash + " != " + expected_hash)
def read_extension_manifest(path):
return json.loads(zipfile.ZipFile(path, 'r').read('manifest.json'))
def main(argv):
allowed_addons_path = argv[0]
noscript_path = argv[1]
https_everywhere_path = argv[2]
addons = None
with open(allowed_addons_path, 'r') as file:
addons = json.loads(file.read())
noscript_hash = None
with open(noscript_path, 'rb') as file:
noscript_hash = "sha256:" + hashlib.sha256(file.read()).hexdigest()
noscript_version = read_extension_manifest(noscript_path)["version"]
https_everywhere_version = read_extension_manifest(https_everywhere_path)["version"]
verify_extension_hash(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_hash)
verify_extension_version(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_version)
verify_extension_version(addons, 'https-everywhere-eff@eff.org', https_everywhere_version)
if __name__ == "__main__":
main(sys.argv[1:])
#!/usr/bin/env python3
import urllib.request
import json
import base64
import sys
def fetch(x):
with urllib.request.urlopen(x) as response:
return response.read()
def find_addon(addons, addon_id):
results = addons['results']
for x in results:
addon = x['addon']
if addon['guid'] == addon_id:
return addon
sys.exit("Error: cannot find addon " + addon_id)
def fetch_and_embed_icons(addons):
results = addons['results']
for x in results:
addon = x['addon']
icon_data = fetch(addon['icon_url'])
addon['icon_url'] = 'data:image/png;base64,' + str(base64.b64encode(icon_data), 'utf8')
def patch_https_everywhere(addons):
addon = find_addon(addons, 'https-everywhere@eff.org')
addon['guid'] = 'https-everywhere-eff@eff.org'
addon['url'] = 'https://www.eff.org/https-everywhere'
def main(argv):
amo_collection = argv[0] if argv else '83a9cccfe6e24a34bd7b155ff9ee32'
url = 'https://addons.mozilla.org/api/v4/accounts/account/mozilla/collections/' + amo_collection + '/addons/'
data = json.loads(fetch(url))
fetch_and_embed_icons(data)
patch_https_everywhere(data)
data['results'].sort(key=lambda x: x['addon']['guid'])
find_addon(data, '{73a6fe31-595d-460b-a920-fcc0f8843232}') # Check that NoScript is present
print(json.dumps(data, indent=2, ensure_ascii=False))
if __name__ == "__main__":
main(sys.argv[1:])
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment