зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1444487 Add preference for langpack signing r=kmag
MozReview-Commit-ID: FEPa2wlLBST --HG-- extra : rebase_source : c5e452dd62a3c913a096cfead60d5ee8eaf72489
This commit is contained in:
Andrew Swan
Родитель
59a4c043fe
Коммит
7b4af80995
|
|
@ -5100,6 +5100,7 @@ pref("browser.meta_refresh_when_inactive.disabled", false);
|
|||
pref("xpinstall.whitelist.required", true);
|
||||
// Only Firefox requires add-on signatures
|
||||
pref("xpinstall.signatures.required", false);
|
||||
pref("extensions.langpacks.signatures.required", false);
|
||||
pref("extensions.minCompatiblePlatformVersion", "2.0");
|
||||
pref("extensions.webExtensionsMinPlatformVersion", "42.0a1");
|
||||
pref("extensions.legacy.enabled", true);
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
|
|||
ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
|
||||
|
||||
const PREF_SIGNATURES_REQUIRED = "xpinstall.signatures.required";
|
||||
const PREF_LANGPACK_SIGNATURES = "extensions.langpacks.signatures.required";
|
||||
const PREF_ALLOW_LEGACY = "extensions.legacy.enabled";
|
||||
|
||||
var AddonSettings = {};
|
||||
|
|
@ -34,6 +35,9 @@ if (AppConstants.MOZ_REQUIRE_SIGNING && !Cu.isInAutomation) {
|
|||
PREF_SIGNATURES_REQUIRED, false);
|
||||
}
|
||||
|
||||
XPCOMUtils.defineLazyPreferenceGetter(AddonSettings, "LANGPACKS_REQUIRE_SIGNING",
|
||||
PREF_LANGPACK_SIGNATURES, false);
|
||||
|
||||
if (AppConstants.MOZ_ALLOW_LEGACY_EXTENSIONS || Cu.isInAutomation) {
|
||||
XPCOMUtils.defineLazyPreferenceGetter(AddonSettings, "ALLOW_LEGACY_EXTENSIONS",
|
||||
PREF_ALLOW_LEGACY, true);
|
||||
|
|
|
|||
|
|
@ -60,13 +60,14 @@ ChromeUtils.defineModuleGetter(this, "XPIInternal",
|
|||
ChromeUtils.defineModuleGetter(this, "XPIProvider",
|
||||
"resource://gre/modules/addons/XPIProvider.jsm");
|
||||
|
||||
/* globals AddonInternal, BOOTSTRAP_REASONS, KEY_APP_SYSTEM_ADDONS, KEY_APP_SYSTEM_DEFAULTS, KEY_APP_TEMPORARY, TEMPORARY_ADDON_SUFFIX, TOOLKIT_ID, XPIDatabase, XPIStates, getExternalType, isTheme, isUsableAddon, isWebExtension, recordAddonTelemetry */
|
||||
/* globals AddonInternal, BOOTSTRAP_REASONS, KEY_APP_SYSTEM_ADDONS, KEY_APP_SYSTEM_DEFAULTS, KEY_APP_TEMPORARY, TEMPORARY_ADDON_SUFFIX, SIGNED_TYPES, TOOLKIT_ID, XPIDatabase, XPIStates, getExternalType, isTheme, isUsableAddon, isWebExtension, mustSign, recordAddonTelemetry */
|
||||
const XPI_INTERNAL_SYMBOLS = [
|
||||
"AddonInternal",
|
||||
"BOOTSTRAP_REASONS",
|
||||
"KEY_APP_SYSTEM_ADDONS",
|
||||
"KEY_APP_SYSTEM_DEFAULTS",
|
||||
"KEY_APP_TEMPORARY",
|
||||
"SIGNED_TYPES",
|
||||
"TEMPORARY_ADDON_SUFFIX",
|
||||
"TOOLKIT_ID",
|
||||
"XPIDatabase",
|
||||
|
|
@ -75,6 +76,7 @@ const XPI_INTERNAL_SYMBOLS = [
|
|||
"isTheme",
|
||||
"isUsableAddon",
|
||||
"isWebExtension",
|
||||
"mustSign",
|
||||
"recordAddonTelemetry",
|
||||
];
|
||||
|
||||
|
|
@ -156,15 +158,6 @@ const RESTARTLESS_TYPES = new Set([
|
|||
"webextension-theme",
|
||||
]);
|
||||
|
||||
const SIGNED_TYPES = new Set([
|
||||
"apiextension",
|
||||
"extension",
|
||||
"experiment",
|
||||
"webextension",
|
||||
"webextension-theme",
|
||||
]);
|
||||
|
||||
|
||||
// This is a random number array that can be used as "salt" when generating
|
||||
// an automatic ID based on the directory path of an add-on. It will prevent
|
||||
// someone from creating an ID for a permanent add-on that could be replaced
|
||||
|
|
@ -172,14 +165,6 @@ const SIGNED_TYPES = new Set([
|
|||
const TEMP_INSTALL_ID_GEN_SESSION =
|
||||
new Uint8Array(Float64Array.of(Math.random()).buffer);
|
||||
|
||||
// Whether add-on signing is required.
|
||||
function mustSign(aType) {
|
||||
if (!SIGNED_TYPES.has(aType))
|
||||
return false;
|
||||
|
||||
return AddonSettings.REQUIRE_SIGNING;
|
||||
}
|
||||
|
||||
const MSG_JAR_FLUSH = "AddonJarFlush";
|
||||
const MSG_MESSAGE_MANAGER_CACHES_FLUSH = "AddonMessageManagerCachesFlush";
|
||||
|
||||
|
|
|
|||
|
|
@ -80,6 +80,7 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest";
|
|||
// xpinstall.signatures.required only supported in dev builds
|
||||
const PREF_XPI_SIGNATURES_REQUIRED = "xpinstall.signatures.required";
|
||||
const PREF_XPI_SIGNATURES_DEV_ROOT = "xpinstall.signatures.dev-root";
|
||||
const PREF_LANGPACK_SIGNATURES = "extensions.langpacks.signatures.required";
|
||||
const PREF_XPI_PERMISSIONS_BRANCH = "xpinstall.";
|
||||
const PREF_INSTALL_REQUIRESECUREORIGIN = "extensions.install.requireSecureOrigin";
|
||||
const PREF_INSTALL_DISTRO_ADDONS = "extensions.installDistroAddons";
|
||||
|
|
@ -218,6 +219,7 @@ const SIGNED_TYPES = new Set([
|
|||
"extension",
|
||||
"experiment",
|
||||
"webextension",
|
||||
"webextension-langpack",
|
||||
"webextension-theme",
|
||||
]);
|
||||
|
||||
|
|
@ -240,6 +242,10 @@ function mustSign(aType) {
|
|||
if (!SIGNED_TYPES.has(aType))
|
||||
return false;
|
||||
|
||||
if (aType == "webextension-langpack") {
|
||||
return AddonSettings.LANGPACKS_REQUIRE_SIGNING;
|
||||
}
|
||||
|
||||
return AddonSettings.REQUIRE_SIGNING;
|
||||
}
|
||||
|
||||
|
|
@ -2169,6 +2175,7 @@ var XPIProvider = {
|
|||
Services.prefs.addObserver(PREF_EM_MIN_COMPAT_PLATFORM_VERSION, this);
|
||||
if (!AppConstants.MOZ_REQUIRE_SIGNING || Cu.isInAutomation)
|
||||
Services.prefs.addObserver(PREF_XPI_SIGNATURES_REQUIRED, this);
|
||||
Services.prefs.addObserver(PREF_LANGPACK_SIGNATURES, this);
|
||||
Services.prefs.addObserver(PREF_ALLOW_LEGACY, this);
|
||||
Services.prefs.addObserver(PREF_ALLOW_NON_MPC, this);
|
||||
Services.obs.addObserver(this, NOTIFICATION_FLUSH_PERMISSIONS);
|
||||
|
|
@ -4029,6 +4036,7 @@ var XPIProvider = {
|
|||
this.updateAddonAppDisabledStates();
|
||||
break;
|
||||
case PREF_XPI_SIGNATURES_REQUIRED:
|
||||
case PREF_LANGPACK_SIGNATURES:
|
||||
case PREF_ALLOW_LEGACY:
|
||||
case PREF_ALLOW_NON_MPC:
|
||||
this.updateAddonAppDisabledStates();
|
||||
|
|
@ -6983,6 +6991,7 @@ var XPIInternal = {
|
|||
KEY_APP_SYSTEM_ADDONS,
|
||||
KEY_APP_SYSTEM_DEFAULTS,
|
||||
KEY_APP_TEMPORARY,
|
||||
SIGNED_TYPES,
|
||||
TEMPORARY_ADDON_SUFFIX,
|
||||
TOOLKIT_ID,
|
||||
XPIStates,
|
||||
|
|
@ -6990,6 +6999,7 @@ var XPIInternal = {
|
|||
isTheme,
|
||||
isUsableAddon,
|
||||
isWebExtension,
|
||||
mustSign,
|
||||
recordAddonTelemetry,
|
||||
|
||||
get XPIDatabase() { return gGlobalScope.XPIDatabase; },
|
||||
|
|
|
|||
Двоичные данные
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/langpack_signed.xpi
Normal file
Двоичные данные
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/langpack_signed.xpi
Normal file
Двоичный файл не отображается.
Двоичные данные
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/langpack_unsigned.xpi
Normal file
Двоичные данные
toolkit/mozapps/extensions/test/xpcshell/data/signing_checks/langpack_unsigned.xpi
Normal file
Двоичный файл не отображается.
|
|
@ -0,0 +1,56 @@
|
|||
|
||||
const PREF_SIGNATURES_GENERAL = "xpinstall.signatures.required";
|
||||
const PREF_SIGNATURES_LANGPACKS = "extensions.langpacks.signatures.required";
|
||||
|
||||
// Try to install the given XPI file, and assert that the install
|
||||
// succeeds. Uninstalls before returning.
|
||||
async function installShouldSucceed(file) {
|
||||
let install = await promiseInstallFile(file);
|
||||
Assert.equal(install.state, AddonManager.STATE_INSTALLED);
|
||||
Assert.notEqual(install.addon, null);
|
||||
install.addon.uninstall();
|
||||
}
|
||||
|
||||
// Try to install the given XPI file, assert that the install fails
|
||||
// due to lack of signing.
|
||||
async function installShouldFail(file) {
|
||||
let install;
|
||||
try {
|
||||
install = await AddonManager.getInstallForFile(file);
|
||||
} catch (err) {}
|
||||
Assert.equal(install.state, AddonManager.STATE_DOWNLOAD_FAILED);
|
||||
Assert.equal(install.error, AddonManager.ERROR_SIGNEDSTATE_REQUIRED);
|
||||
Assert.equal(install.addon, null);
|
||||
}
|
||||
|
||||
// Test that the preference controlling langpack signing works properly
|
||||
// (and that the general preference for addon signing does not affect
|
||||
// language packs).
|
||||
add_task(async function() {
|
||||
AddonTestUtils.useRealCertChecks = true;
|
||||
|
||||
createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "1", "1.9");
|
||||
await promiseStartupManager();
|
||||
|
||||
Services.prefs.setBoolPref(PREF_SIGNATURES_GENERAL, true);
|
||||
Services.prefs.setBoolPref(PREF_SIGNATURES_LANGPACKS, true);
|
||||
|
||||
// The signed langpack should always install.
|
||||
let signedXPI = do_get_file("data/signing_checks/langpack_signed.xpi");
|
||||
await installShouldSucceed(signedXPI);
|
||||
|
||||
// With signatures required, unsigned langpack should not install.
|
||||
let unsignedXPI = do_get_file("data/signing_checks/langpack_unsigned.xpi");
|
||||
await installShouldFail(unsignedXPI);
|
||||
|
||||
// Even with the general xpi signing pref off, an unsigned langapck
|
||||
// should not install.
|
||||
Services.prefs.setBoolPref(PREF_SIGNATURES_GENERAL, false);
|
||||
await installShouldFail(unsignedXPI);
|
||||
|
||||
// But with the langpack signing pref off, unsigned langpack should isntall.
|
||||
Services.prefs.setBoolPref(PREF_SIGNATURES_LANGPACKS, false);
|
||||
await installShouldSucceed(unsignedXPI);
|
||||
|
||||
await promiseShutdownManager();
|
||||
});
|
||||
|
|
@ -318,6 +318,8 @@ skip-if = true
|
|||
[test_signed_install.js]
|
||||
run-if = addon_signing
|
||||
run-sequentially = Uses hardcoded ports in xpi files.
|
||||
[test_signed_langpack.js]
|
||||
run-if = addon_signing
|
||||
[test_signed_long.js]
|
||||
run-if = addon_signing
|
||||
[test_startup.js]
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче