mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/python/mozboot
История
Mitchell Hentges 710be25312 Bug 1655361: Prints a warning if Windows Defender is watching the Firefox checkout directory r=firefox-build-system-reviewers,rstewart 
There's a Windows Defender CLI (`Get-MpComputerStatus`) available, but MozillaBuild
can't (easily) access PowerShell. So, instead, we find Windows Defender status and path exclusions
by checking the registry at HKLM\SOFTWARE\Microsoft\Windows Defender.

Determining if Windows Defender is "on" or not is a surprisingly vague task.
Not only does it encompass a lot of components (of which Ricky and I believe "Real-time protection"
is the part slowing down the build), but there's (at least?) two different kinds of "disabled"
states that it can be in:
* If "disabled" via Settings, it will turn itself back on after a reboot
* If an antivirus is installed, it will turn itself off permanently

Unfortunately, disabling "Real-time protection" in Settings doesn't affect any registry keys, but
I'm opting to ignore this because I doubt many users are manually disabling this protection before
each build. The repercussion of this is that users may be incorrectly warned "your Firefox
directory isn't excluded from Windows Defender!".

Focusing on the antivirus use case and querying the registry I found that:
* Querying the `IsServiceRunning` value wasn't sufficient because new Windows installations didn't have that key
* Querying the `DisableRealtimeMonitoring` value was inconsistent - it can be missing, and not always because an antivirus removed it
* Querying the `DisableAntiVirus` value doesn't _sound_ accurate (we care about Real-time Protection), but it's consistently "off" for non-AV machines, and "on" for machines with an AV installed. So, this is our winner!

TL;DR: there may be some "false positive" warnings about excluding the Firefox srcdir, but they're
accurate for my test cases and workaround-able (just add the exclusion to Windows Defender).

Also, this patch updates our Windows Defender docs to make them:
* More easily link-able
* Have direct advice to resolve the issue

Differential Revision: https://phabricator.services.mozilla.com/D85952
 		2020-08-11 20:59:40 +00:00
..
bin Bug 1482675 - Adds no-system-changes option to bootstrap. r=rstewart 2020-07-01 00:11:55 +00:00
mozboot Bug 1655361: Prints a warning if Windows Defender is watching the Firefox checkout directory r=firefox-build-system-reviewers,rstewart 2020-08-11 20:59:40 +00:00
README.rst
setup.py Bug 1210157 - Use unicode_literals in all mozboot modules r=firefox-build-system-reviewers,mshal 2019-08-20 21:19:16 +00:00

README.rst 

mozboot - Bootstrap your system to build Mozilla projects
=========================================================

This package contains code used for bootstrapping a system to build
mozilla-central.

This code is not part of the build system per se. Instead, it is related
to everything up to invoking the actual build system.

If you have a copy of the source tree, you run:

    python bin/bootstrap.py

If you don't have a copy of the source tree, you can run:

    curl https://hg.mozilla.org/mozilla-central/raw-file/default/python/mozboot/bin/bootstrap.py | python -

The bootstrap script will download everything it needs from hg.mozilla.org
automatically!