зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1883452 - Obliterate Corroborator remaining bits. r=rhelmer,Gijs,firefox-desktop-core-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D205735
This commit is contained in:
Родитель
eadb36e933
Коммит
e364e07097
|
@ -574,7 +574,6 @@ module.exports = {
|
|||
"toolkit/components/cleardata/**",
|
||||
"toolkit/components/contentprefs/ContentPrefService2.sys.mjs",
|
||||
"toolkit/components/cookiebanners/**",
|
||||
"toolkit/components/corroborator/Corroborate.sys.mjs",
|
||||
"toolkit/components/crashes/**",
|
||||
"toolkit/components/crashmonitor/CrashMonitor.sys.mjs",
|
||||
"toolkit/components/credentialmanagement/IdentityCredentialPromptService.sys.mjs",
|
||||
|
|
|
@ -2513,9 +2513,6 @@ pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", true);
|
|||
pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", true);
|
||||
pref("identity.fxaccounts.toolbar.pxiToolbarEnabled.vpnEnabled", true);
|
||||
|
||||
// Check bundled omni JARs for corruption.
|
||||
pref("corroborator.enabled", true);
|
||||
|
||||
// Toolbox preferences
|
||||
pref("devtools.toolbox.footer.height", 250);
|
||||
pref("devtools.toolbox.sidebar.width", 500);
|
||||
|
|
|
@ -31,7 +31,6 @@ ChromeUtils.defineESModuleGetters(lazy, {
|
|||
"resource://gre/modules/ContentRelevancyManager.sys.mjs",
|
||||
ContextualIdentityService:
|
||||
"resource://gre/modules/ContextualIdentityService.sys.mjs",
|
||||
Corroborate: "resource://gre/modules/Corroborate.sys.mjs",
|
||||
DAPTelemetrySender: "resource://gre/modules/DAPTelemetrySender.sys.mjs",
|
||||
DeferredTask: "resource://gre/modules/DeferredTask.sys.mjs",
|
||||
Discovery: "resource:///modules/Discovery.sys.mjs",
|
||||
|
@ -3217,12 +3216,6 @@ BrowserGlue.prototype = {
|
|||
lazy.RemoteSecuritySettings.init();
|
||||
},
|
||||
|
||||
function CorroborateInit() {
|
||||
if (Services.prefs.getBoolPref("corroborator.enabled", false)) {
|
||||
lazy.Corroborate.init().catch(console.error);
|
||||
}
|
||||
},
|
||||
|
||||
function BrowserUsageTelemetryReportProfileCount() {
|
||||
lazy.BrowserUsageTelemetry.reportProfileCount();
|
||||
},
|
||||
|
|
|
@ -1,53 +0,0 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
|
||||
|
||||
const lazy = {};
|
||||
|
||||
XPCOMUtils.defineLazyServiceGetters(lazy, {
|
||||
gCertDB: ["@mozilla.org/security/x509certdb;1", "nsIX509CertDB"],
|
||||
});
|
||||
|
||||
/**
|
||||
* Tools for verifying internal files in Mozilla products.
|
||||
*/
|
||||
export const Corroborate = {
|
||||
async init() {},
|
||||
|
||||
/**
|
||||
* Verify signed state of arbitrary JAR file. Currently only JAR files signed
|
||||
* with Mozilla-internal keys are supported.
|
||||
*
|
||||
* @argument file - an nsIFile pointing to the JAR to verify.
|
||||
*
|
||||
* @returns {Promise} - resolves true if file exists and is valid, false otherwise.
|
||||
* Never rejects.
|
||||
*/
|
||||
verifyJar(file) {
|
||||
let root = Ci.nsIX509CertDB.AddonsPublicRoot;
|
||||
let expectedOrganizationalUnit = "Mozilla Components";
|
||||
|
||||
return new Promise(resolve => {
|
||||
lazy.gCertDB.openSignedAppFileAsync(
|
||||
root,
|
||||
file,
|
||||
(rv, _zipReader, signatureInfos) => {
|
||||
// aSignatureInfos is an array of nsIAppSignatureInfo.
|
||||
// This implementation could be modified to iterate through the array to
|
||||
// determine if one or all of the verified signatures used a satisfactory
|
||||
// algorithm and signing certificate.
|
||||
// For now, though, it maintains existing behavior by inspecting the
|
||||
// first signing certificate encountered.
|
||||
resolve(
|
||||
Components.isSuccessCode(rv) &&
|
||||
signatureInfos.length &&
|
||||
signatureInfos[0].signerCert.organizationalUnit ==
|
||||
expectedOrganizationalUnit
|
||||
);
|
||||
}
|
||||
);
|
||||
});
|
||||
},
|
||||
};
|
|
@ -1,17 +0,0 @@
|
|||
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
|
||||
# vim: set filetype=python:
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
|
||||
with Files("**"):
|
||||
BUG_COMPONENT = ("Toolkit", "General")
|
||||
|
||||
EXTRA_JS_MODULES += [
|
||||
"Corroborate.sys.mjs",
|
||||
]
|
||||
|
||||
XPCSHELL_TESTS_MANIFESTS += [
|
||||
"test/xpcshell/xpcshell.toml",
|
||||
]
|
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичные данные
toolkit/components/corroborator/test/xpcshell/data/unsigned.xpi
Двоичные данные
toolkit/components/corroborator/test/xpcshell/data/unsigned.xpi
Двоичный файл не отображается.
|
@ -1,31 +0,0 @@
|
|||
/* -*- Mode: indent-tabs-mode: nil; js-indent-level: 2 -*- */
|
||||
/* vim: set sts=2 sw=2 et tw=80: */
|
||||
"use strict";
|
||||
|
||||
const { Corroborate } = ChromeUtils.importESModule(
|
||||
"resource://gre/modules/Corroborate.sys.mjs"
|
||||
);
|
||||
|
||||
add_task(async function test_various_jars() {
|
||||
let result = await Corroborate.verifyJar(do_get_file("data/unsigned.xpi"));
|
||||
equal(result, false, "unsigned files do not verify");
|
||||
|
||||
result = await Corroborate.verifyJar(do_get_file("data/signed-amo.xpi"));
|
||||
equal(result, false, "AMO signed files do not verify");
|
||||
|
||||
result = await Corroborate.verifyJar(
|
||||
do_get_file("data/signed-privileged.xpi")
|
||||
);
|
||||
equal(result, false, "Privileged signed files do not verify");
|
||||
|
||||
let missingFile = do_get_file("data");
|
||||
missingFile.append("missing.xpi");
|
||||
|
||||
result = await Corroborate.verifyJar(missingFile);
|
||||
equal(result, false, "Missing (but expected) files do not verify");
|
||||
|
||||
result = await Corroborate.verifyJar(
|
||||
do_get_file("data/signed-components.xpi")
|
||||
);
|
||||
equal(result, true, "Components signed files do verify");
|
||||
});
|
|
@ -1,5 +0,0 @@
|
|||
[DEFAULT]
|
||||
tags = "corroborator"
|
||||
support-files = ["data/**"]
|
||||
|
||||
["test_verify_jar.js"]
|
|
@ -141,10 +141,6 @@ DIRS += ["nimbus"]
|
|||
if CONFIG["MOZ_BACKGROUNDTASKS"]:
|
||||
DIRS += ["backgroundtasks"]
|
||||
|
||||
# This is only packaged for browser since corrupt JAR and XPI files tend to be a desktop-OS problem.
|
||||
if CONFIG["MOZ_BUILD_APP"] == "browser":
|
||||
DIRS += ["corroborator"]
|
||||
|
||||
if CONFIG["MOZ_UNIFFI_FIXTURES"]:
|
||||
DIRS += ["uniffi-bindgen-gecko-js/fixtures"]
|
||||
|
||||
|
|
|
@ -497,7 +497,6 @@
|
|||
"resource://gre/modules/ContentPrefStore.jsm": "toolkit/components/contentprefs/ContentPrefStore.jsm",
|
||||
"resource://gre/modules/ContentPrefUtils.jsm": "toolkit/components/contentprefs/ContentPrefUtils.jsm",
|
||||
"resource://gre/modules/ContextualIdentityService.jsm": "toolkit/components/contextualidentity/ContextualIdentityService.jsm",
|
||||
"resource://gre/modules/Corroborate.jsm": "toolkit/components/corroborator/Corroborate.jsm",
|
||||
"resource://gre/modules/CoveragePing.jsm": "toolkit/components/telemetry/pings/CoveragePing.jsm",
|
||||
"resource://gre/modules/CrashManager.jsm": "toolkit/components/crashes/CrashManager.in.jsm",
|
||||
"resource://gre/modules/CrashMonitor.jsm": "toolkit/components/crashmonitor/CrashMonitor.jsm",
|
||||
|
|
Загрузка…
Ссылка в новой задаче