Bug 1164168: Add a build time flag to control add-on signature checks. r=dveditz, r=gps

--HG-- extra : rebase_source : 5027a26a01d7f79067ea38e61496d8c878922097 extra : amend_source : fb3d327f5552d8cf63eb23cd06517f6cca7f42d2
2015-05-12 14:03:59 -07:00 · 2015-05-12 14:03:59 -07:00 · c2f2c25d59
--- a/browser/confvars.sh
+++ b/browser/confvars.sh
@ -67,3 +67,13 @@ MOZ_PAY=1
 MOZ_ACTIVITIES=1
 MOZ_JSDOWNLOADS=1
 MOZ_WEBM_ENCODER=1
+
+# Enable checking that add-ons are signed by the trusted root
+MOZ_ADDON_SIGNING=1
+if test "$MOZ_OFFICIAL_BRANDING"; then
+  if test "$MOZ_UPDATE_CHANNEL" = "beta" -o \
+          "$MOZ_UPDATE_CHANNEL" = "release" -o \
+          "$MOZ_UPDATE_CHANNEL" = "esr"; then
+    MOZ_REQUIRE_SIGNING=1
+  fi
+fi
--- a/configure.in
+++ b/configure.in
@ -3934,6 +3934,8 @@ MOZ_CONTENT_SANDBOX=
 MOZ_GMP_SANDBOX=
 MOZ_SANDBOX=1
 MOZ_BINARY_EXTENSIONS=
+MOZ_ADDON_SIGNING=
+MOZ_REQUIRE_SIGNING=

 case "$target_os" in
    mingw*)
@ -4097,6 +4099,19 @@ if test -n "$MOZ_ANDROID_RESOURCE_CONSTRAINED"; then
 fi
 AC_SUBST(MOZ_ANDROID_RESOURCE_CONSTRAINED)

+dnl ========================================================
+dnl = Trademarked Branding
+dnl ========================================================
+MOZ_ARG_ENABLE_BOOL(official-branding,
+[  --enable-official-branding
+                          Enable Official mozilla.org Branding
+                          Do not distribute builds with
+                          --enable-official-branding unless you have
+                          permission to use trademarks per
+                          http://www.mozilla.org/foundation/trademarks/ .],
+    MOZ_OFFICIAL_BRANDING=1,
+    MOZ_OFFICIAL_BRANDING=)
+
 # Allow the application to influence configure with a confvars.sh script.
 AC_MSG_CHECKING([if app-specific confvars.sh exists])
 if test -f "${srcdir}/${MOZ_BUILD_APP}/confvars.sh" ; then
@ -4672,28 +4687,14 @@ MOZ_ARG_ENABLE_STRING(ui-locale,
    MOZ_UI_LOCALE=$enableval )
 AC_SUBST(MOZ_UI_LOCALE)

-dnl ========================================================
-dnl = Trademarked Branding
-dnl ========================================================
-MOZ_ARG_ENABLE_BOOL(official-branding,
-[  --enable-official-branding
-                          Enable Official mozilla.org Branding
-                          Do not distribute builds with
-                          --enable-official-branding unless you have
-                          permission to use trademarks per
-                          http://www.mozilla.org/foundation/trademarks/ .],
-[
+AC_SUBST(MOZ_OFFICIAL_BRANDING)
+if test -n "$MOZ_OFFICIAL_BRANDING"; then
  if test -z "$MOZ_OFFICIAL_BRANDING_DIRECTORY"; then
    AC_MSG_ERROR([You must specify MOZ_OFFICIAL_BRANDING_DIRECTORY to use --enable-official-branding.])
  else
    MOZ_BRANDING_DIRECTORY=${MOZ_OFFICIAL_BRANDING_DIRECTORY}
-    MOZ_OFFICIAL_BRANDING=1
+    AC_DEFINE(MOZ_OFFICIAL_BRANDING)
  fi
-], MOZ_OFFICIAL_BRANDING=)
-
-AC_SUBST(MOZ_OFFICIAL_BRANDING)
-if test -n "$MOZ_OFFICIAL_BRANDING"; then
-  AC_DEFINE(MOZ_OFFICIAL_BRANDING)
 fi

 MOZ_ARG_WITH_STRING(branding,
@ -8554,6 +8555,9 @@ AC_SUBST(MOZ_POST_DSO_LIB_COMMAND)
 AC_SUBST(MOZ_POST_PROGRAM_COMMAND)
 AC_SUBST(MOZ_LINKER_EXTRACT)

+AC_SUBST(MOZ_ADDON_SIGNING)
+AC_SUBST(MOZ_REQUIRE_SIGNING)
+
 if test -n "$MOZ_BINARY_EXTENSIONS"; then
  AC_DEFINE(MOZ_BINARY_EXTENSIONS)
 fi
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@ -1348,7 +1348,7 @@ function getSignedStatus(aRv, aCert, aExpectedID) {
 * @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
 */
 function verifyZipSignedState(aFile, aAddon) {
-  if (!SIGNED_TYPES.has(aAddon.type))
+  if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
    return Promise.resolve(undefined);

  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
@ -1378,7 +1378,7 @@ function verifyZipSignedState(aFile, aAddon) {
 * @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
 */
 function verifyDirSignedState(aDir, aAddon) {
-  if (!SIGNED_TYPES.has(aAddon.type))
+  if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
    return Promise.resolve(undefined);

  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
@ -3202,7 +3202,8 @@ this.XPIProvider = {

        // If updating from a version of the app that didn't support signedState
        // then fetch that property now
-        if (aOldAddon.signedState === undefined && SIGNED_TYPES.has(aOldAddon.type)) {
+        if (aOldAddon.signedState === undefined && ADDON_SIGNING &&
+            SIGNED_TYPES.has(aOldAddon.type)) {
          let file = aInstallLocation.getLocationForID(aOldAddon.id);
          let manifest = syncLoadManifestFromFile(file);
          aOldAddon.signedState = manifest.signedState;
@ -7874,8 +7875,19 @@ WinRegInstallLocation.prototype = {
 };
 #endif

-// Make this a non-changable property so it can't be manipulated from other
+// Make these non-changable properties so they can't be manipulated from other
 // code in the app.
+Object.defineProperty(this, "ADDON_SIGNING", {
+  configurable: false,
+  enumerable: false,
+  writable: false,
+#ifdef MOZ_ADDON_SIGNING
+  value: true,
+#else
+  value: false,
+#endif
+});
+
 Object.defineProperty(this, "REQUIRE_SIGNING", {
  configurable: false,
  enumerable: false,
--- a/toolkit/mozapps/extensions/internal/moz.build
+++ b/toolkit/mozapps/extensions/internal/moz.build
@ -34,6 +34,8 @@ DEFINES['MOZ_EXTENSIONS_DB_SCHEMA'] = 17
 if CONFIG['MOZ_EM_DEBUG']:
    DEFINES['MOZ_EM_DEBUG'] = 1

-# Add-on signing cannot be preffed off in official beta, release or esr builds
-if CONFIG['MOZ_UPDATE_CHANNEL'] in ('beta', 'release', 'esr') and CONFIG['MOZ_OFFICIAL_BRANDING']:
+if CONFIG['MOZ_ADDON_SIGNING']:
+    DEFINES['MOZ_ADDON_SIGNING'] = 1
+
+if CONFIG['MOZ_REQUIRE_SIGNING']:
    DEFINES['MOZ_REQUIRE_SIGNING'] = 1