Bug 1158866 - Enable MAR verification on linux via NSS. r=rstrong
authorBrian R. Bondy <netzen@gmail.com>
Tue, 21 Apr 2015 16:39:59 -0400 (2015-04-21)
changeset 241363 27eafcbadfdaa84c0001624f1b0feb750bc9b282
parent 241362 a2619dca0a1691f3b01bc9defa595c9de9179a91
child 241364 4db48835e8ac0d220622db2d00b51ea1382e6e86
push id28658
push usercbook@mozilla.com
push dateTue, 28 Apr 2015 10:01:27 +0000 (2015-04-28)
treeherdermozilla-central@e0299ad29b85 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrstrong
bugs1158866
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1158866 - Enable MAR verification on linux via NSS. r=rstrong
toolkit/mozapps/update/updater/updater-common.build
toolkit/xre/nsUpdateDriver.cpp
--- a/toolkit/mozapps/update/updater/updater-common.build
+++ b/toolkit/mozapps/update/updater/updater-common.build
@@ -46,17 +46,17 @@ if CONFIG['OS_ARCH'] == 'WINNT':
         'advapi32',
     ]
 elif CONFIG['OS_ARCH'] == 'Linux' and CONFIG['MOZ_VERIFY_MAR_SIGNATURE']:
     USE_LIBS += [
         'nss',
         'signmar',
         'updatecommon',
     ]
-    OS_LIBS += CONFIG['nspr']
+    OS_LIBS += CONFIG['NSPR_LIBS']
 else:
     USE_LIBS += [
         'updatecommon',
     ]
 
 USE_LIBS += [
     'mar',
 ]
--- a/toolkit/xre/nsUpdateDriver.cpp
+++ b/toolkit/xre/nsUpdateDriver.cpp
@@ -395,16 +395,46 @@ CopyUpdaterIntoUpdateDir(nsIFile *greDir
   if (NS_FAILED(tmp) || NS_FAILED(rv))
     return false;
 #endif
   rv = updater->AppendNative(NS_LITERAL_CSTRING(kUpdaterBin));
   return NS_SUCCEEDED(rv); 
 }
 
 /**
+ * Appends the specified path to the library path.
+ * This is used so that updater can find libmozsqlite3.so and other shared libs.
+ *
+ * @param pathToAppend A new library path to prepend to LD_LIBRARY_PATH
+ */
+#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && !defined(XP_MACOSX)
+#include "prprf.h"
+#define PATH_SEPARATOR ":"
+#define LD_LIBRARY_PATH_ENVVAR_NAME "LD_LIBRARY_PATH"
+static void
+AppendToLibPath(const char *pathToAppend)
+{
+  char *s = nullptr;
+  char *pathValue = getenv(LD_LIBRARY_PATH_ENVVAR_NAME);
+  if (nullptr == pathValue || '\0' == *pathValue) {
+    s = PR_smprintf("%s=%s", LD_LIBRARY_PATH_ENVVAR_NAME, pathToAppend);
+  } else {
+    s = PR_smprintf("%s=%s" PATH_SEPARATOR "%s",
+                    LD_LIBRARY_PATH_ENVVAR_NAME, pathToAppend, pathValue);
+  }
+
+  // The memory used by PR_SetEnv is not copied to the environment on all
+  // platform, it can be used by reference directly. So we purposely do not
+  // call PR_smprintf_free on s.  Subsequent calls to PR_SetEnv will free
+  // the old memory first.
+  PR_SetEnv(s);
+}
+#endif
+
+/**
  * Switch an existing application directory to an updated version that has been
  * staged.
  *
  * @param greDir the GRE dir
  * @param updateDir the update dir where the mar file is located
  * @param appDir the app dir
  * @param appArgc the number of args to the application
  * @param appArgv the args to the application, used for restarting if needed
@@ -580,16 +610,19 @@ SwitchToUpdatedApp(nsIFile *greDir, nsIF
   } else {
     argc = 5;
     argv[5] = nullptr;
   }
 
   if (gSafeMode) {
     PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
   }
+#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && !defined(XP_MACOSX)
+  AppendToLibPath(installDirPath.get());
+#endif
 
   LOG(("spawning updater process for replacing [%s]\n", updaterPath.get()));
 
 #if defined(USE_EXECV)
 # if defined(MOZ_WIDGET_GONK)
   // In Gonk, we preload libmozglue, which the updater process doesn't need.
   // Since the updater will move and delete libmozglue.so, this can actually
   // stop the /system mount from correctly being remounted as read-only.
@@ -845,16 +878,19 @@ ApplyUpdate(nsIFile *greDir, nsIFile *up
   } else {
     argc = 5;
     argv[5] = nullptr;
   }
 
   if (gSafeMode) {
     PR_SetEnv("MOZ_SAFE_MODE_RESTART=1");
   }
+#if defined(MOZ_VERIFY_MAR_SIGNATURE) && !defined(XP_WIN) && !defined(XP_MACOSX)
+  AppendToLibPath(installDirPath.get());
+#endif
 
   if (isOSUpdate) {
     PR_SetEnv("MOZ_OS_UPDATE=1");
   }
 #if defined(MOZ_WIDGET_GONK)
   // We want the updater to be CPU friendly and not subject to being killed by
   // the low memory killer, so we pass in some preferences to allow it to
   // adjust its priority.