Bug 1883452 - Obliterate Corroborator remaining bits. r=rhelmer,Gijs,firefox-desktop-core-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D205735

.eslintrc.js

@@ -574,7 +574,6 @@ module.exports = {
         "toolkit/components/cleardata/**",
         "toolkit/components/contentprefs/ContentPrefService2.sys.mjs",
         "toolkit/components/cookiebanners/**",
-        "toolkit/components/corroborator/Corroborate.sys.mjs",
         "toolkit/components/crashes/**",
         "toolkit/components/crashmonitor/CrashMonitor.sys.mjs",
         "toolkit/components/credentialmanagement/IdentityCredentialPromptService.sys.mjs",

browser/app/profile/firefox.js

@@ -2513,9 +2513,6 @@ pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", true);
 pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", true);
 pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.vpnEnabled", true);
 
-// Check bundled omni JARs for corruption.
-pref("corroborator.enabled", true);
-
 // Toolbox preferences
 pref("devtools.toolbox.footer.height", 250);
 pref("devtools.toolbox.sidebar.width", 500);

browser/components/BrowserGlue.sys.mjs

@@ -31,7 +31,6 @@ ChromeUtils.defineESModuleGetters(lazy, {
     "resource://gre/modules/ContentRelevancyManager.sys.mjs",
   ContextualIdentityService:
     "resource://gre/modules/ContextualIdentityService.sys.mjs",
-  Corroborate: "resource://gre/modules/Corroborate.sys.mjs",
   DAPTelemetrySender: "resource://gre/modules/DAPTelemetrySender.sys.mjs",
   DeferredTask: "resource://gre/modules/DeferredTask.sys.mjs",
   Discovery: "resource:///modules/Discovery.sys.mjs",
@@ -3217,12 +3216,6 @@ BrowserGlue.prototype = {
         lazy.RemoteSecuritySettings.init();
       },
 
-      function CorroborateInit() {
-        if (Services.prefs.getBoolPref("corroborator.enabled", false)) {
-          lazy.Corroborate.init().catch(console.error);
-        }
-      },
-
       function BrowserUsageTelemetryReportProfileCount() {
         lazy.BrowserUsageTelemetry.reportProfileCount();
       },

toolkit/components/corroborator/Corroborate.sys.mjs

@@ -1,53 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
-
-const lazy = {};
-
-XPCOMUtils.defineLazyServiceGetters(lazy, {
-  gCertDB: ["@mozilla.org/security/x509certdb;1", "nsIX509CertDB"],
-});
-
-/**
- * Tools for verifying internal files in Mozilla products.
- */
-export const Corroborate = {
-  async init() {},
-
-  /**
-   * Verify signed state of arbitrary JAR file. Currently only JAR files signed
-   * with Mozilla-internal keys are supported.
-   *
-   * @argument file - an nsIFile pointing to the JAR to verify.
-   *
-   * @returns {Promise} - resolves true if file exists and is valid, false otherwise.
-   *                      Never rejects.
-   */
-  verifyJar(file) {
-    let root = Ci.nsIX509CertDB.AddonsPublicRoot;
-    let expectedOrganizationalUnit = "Mozilla Components";
-
-    return new Promise(resolve => {
-      lazy.gCertDB.openSignedAppFileAsync(
-        root,
-        file,
-        (rv, _zipReader, signatureInfos) => {
-          // aSignatureInfos is an array of nsIAppSignatureInfo.
-          // This implementation could be modified to iterate through the array to
-          // determine if one or all of the verified signatures used a satisfactory
-          // algorithm and signing certificate.
-          // For now, though, it maintains existing behavior by inspecting the
-          // first signing certificate encountered.
-          resolve(
-            Components.isSuccessCode(rv) &&
-              signatureInfos.length &&
-              signatureInfos[0].signerCert.organizationalUnit ==
-                expectedOrganizationalUnit
-          );
-        }
-      );
-    });
-  },
-};

toolkit/components/corroborator/moz.build

@@ -1,17 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-with Files("**"):
-    BUG_COMPONENT = ("Toolkit", "General")
-
-EXTRA_JS_MODULES += [
-    "Corroborate.sys.mjs",
-]
-
-XPCSHELL_TESTS_MANIFESTS += [
-    "test/xpcshell/xpcshell.toml",
-]

toolkit/components/corroborator/test/xpcshell/test_verify_jar.js

@@ -1,31 +0,0 @@
-/* -*- Mode: indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* vim: set sts=2 sw=2 et tw=80: */
-"use strict";
-
-const { Corroborate } = ChromeUtils.importESModule(
-  "resource://gre/modules/Corroborate.sys.mjs"
-);
-
-add_task(async function test_various_jars() {
-  let result = await Corroborate.verifyJar(do_get_file("data/unsigned.xpi"));
-  equal(result, false, "unsigned files do not verify");
-
-  result = await Corroborate.verifyJar(do_get_file("data/signed-amo.xpi"));
-  equal(result, false, "AMO signed files do not verify");
-
-  result = await Corroborate.verifyJar(
-    do_get_file("data/signed-privileged.xpi")
-  );
-  equal(result, false, "Privileged signed files do not verify");
-
-  let missingFile = do_get_file("data");
-  missingFile.append("missing.xpi");
-
-  result = await Corroborate.verifyJar(missingFile);
-  equal(result, false, "Missing (but expected) files do not verify");
-
-  result = await Corroborate.verifyJar(
-    do_get_file("data/signed-components.xpi")
-  );
-  equal(result, true, "Components signed files do verify");
-});

toolkit/components/corroborator/test/xpcshell/xpcshell.toml

@@ -1,5 +0,0 @@
-[DEFAULT]
-tags = "corroborator"
-support-files = ["data/**"]
-
-["test_verify_jar.js"]

toolkit/components/moz.build

@@ -141,10 +141,6 @@ DIRS += ["nimbus"]
 if CONFIG["MOZ_BACKGROUNDTASKS"]:
     DIRS += ["backgroundtasks"]
 
-# This is only packaged for browser since corrupt JAR and XPI files tend to be a desktop-OS problem.
-if CONFIG["MOZ_BUILD_APP"] == "browser":
-    DIRS += ["corroborator"]
-
 if CONFIG["MOZ_UNIFFI_FIXTURES"]:
     DIRS += ["uniffi-bindgen-gecko-js/fixtures"]
 

tools/esmify/map.json

@@ -497,7 +497,6 @@
   "resource://gre/modules/ContentPrefStore.jsm": "toolkit/components/contentprefs/ContentPrefStore.jsm",
   "resource://gre/modules/ContentPrefUtils.jsm": "toolkit/components/contentprefs/ContentPrefUtils.jsm",
   "resource://gre/modules/ContextualIdentityService.jsm": "toolkit/components/contextualidentity/ContextualIdentityService.jsm",
-  "resource://gre/modules/Corroborate.jsm": "toolkit/components/corroborator/Corroborate.jsm",
   "resource://gre/modules/CoveragePing.jsm": "toolkit/components/telemetry/pings/CoveragePing.jsm",
   "resource://gre/modules/CrashManager.jsm": "toolkit/components/crashes/CrashManager.in.jsm",
   "resource://gre/modules/CrashMonitor.jsm": "toolkit/components/crashmonitor/CrashMonitor.jsm",