bug 1490119: Build separate updater that always embeds dep certificates. r=ted,firefox-build-system-reviewers
authorBen Hearsum <bhearsum@mozilla.com>
Fri, 21 Sep 2018 10:07:27 +0000
changeset 437642 eeb4c8b9087292d98d1ddd8ffead55a6b5838496
parent 437641 29972a9da2511f68c60bb58db17a01b789c985b6
child 437643 98b7811a0baee813fd14000e04127f58596d0e81
push id34689
push usercbrindusan@mozilla.com
push dateFri, 21 Sep 2018 17:27:39 +0000
treeherdermozilla-central@3ffe4318af3a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersted, firefox-build-system-reviewers
bugs1490119
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1490119: Build separate updater that always embeds dep certificates. r=ted,firefox-build-system-reviewers This patch gets us building an updater binary that always embeds the dep certificates (instead of release or nightly), and builds a new tests package that includes it. This was originally D5900, but that was backed out due to busting artifact builds. I've fixed that by removing the Makefile that Ted pointed out is unnecessary. Differential Revision: https://phabricator.services.mozilla.com/D6418
build/gen_test_packages_manifest.py
python/mozbuild/mozbuild/action/test_archive.py
testing/testsuite-targets.mk
toolkit/mozapps/update/updater/archivereader.cpp
toolkit/mozapps/update/updater/moz.build
toolkit/mozapps/update/updater/updater-dep/moz.build
toolkit/mozapps/update/updater/updater.rc
--- a/build/gen_test_packages_manifest.py
+++ b/build/gen_test_packages_manifest.py
@@ -16,27 +16,29 @@ ALL_HARNESSES = [
     'cppunittest',
     'jittest',
     'mozbase',
     'web-platform',
     'talos',
     'raptor',
     'awsy',
     'gtest',
+    'updater-dep'
 ]
 
 PACKAGE_SPECIFIED_HARNESSES = [
     'cppunittest',
     'mochitest',
     'reftest',
     'xpcshell',
     'web-platform',
     'talos',
     'raptor',
     'awsy',
+    'updater-dep',
 ]
 
 # These packages are not present for every build configuration.
 OPTIONAL_PACKAGES = [
     'gtest',
 ]
 
 
--- a/python/mozbuild/mozbuild/action/test_archive.py
+++ b/python/mozbuild/mozbuild/action/test_archive.py
@@ -105,16 +105,17 @@ ARCHIVE_FILES = {
                 'gtest/**',
                 'mochitest/**',
                 'reftest/**',
                 'talos/**',
                 'raptor/**',
                 'awsy/**',
                 'web-platform/**',
                 'xpcshell/**',
+                'updater-dep/**',
             ],
         },
         {
             'source': buildconfig.topobjdir,
             'base': '_tests',
             'pattern': 'modules/**',
         },
         {
@@ -514,16 +515,31 @@ ARCHIVE_FILES = {
         },
         {
             'source': buildconfig.topobjdir,
             'base': 'build',
             'pattern': 'automation.py',
             'dest': 'xpcshell',
         },
     ],
+    'updater-dep': [
+        {
+            'source': buildconfig.topobjdir,
+            'base': '_tests/updater-dep',
+            'pattern': '**',
+            'dest': 'updater-dep',
+        },
+        # Required by the updater on Linux
+        {
+            'source': buildconfig.topobjdir,
+            'base': 'config/external/sqlite',
+            'pattern': 'libmozsqlite3.so',
+            'dest': 'updater-dep',
+        },
+    ],
 }
 
 if buildconfig.substs.get('MOZ_CODE_COVERAGE'):
     ARCHIVE_FILES['common'].append({
         'source': buildconfig.topsrcdir,
         'base': 'python/mozbuild/',
         'patterns': [
             'mozpack/**',
@@ -621,17 +637,17 @@ def find_files(archive):
 
         ignore = list(entry.get('ignore', []))
         ignore.extend([
             '**/.flake8',
             '**/.mkdir.done',
             '**/*.pyc',
         ])
 
-        if archive != 'common' and base.startswith('_tests'):
+        if archive not in ('common', 'updater-dep') and base.startswith('_tests'):
             # We may have generated_harness_files to exclude from this entry.
             for path in generated_harness_files:
                 if path.startswith(base):
                     ignore.append(path[len(base) + 1:])
 
         common_kwargs = {
             'find_dotfiles': True,
             'ignore': ignore,
--- a/testing/testsuite-targets.mk
+++ b/testing/testsuite-targets.mk
@@ -120,16 +120,17 @@ TEST_PKGS_TARGZ := \
   cppunittest \
   mochitest \
   reftest \
   talos \
   raptor \
   awsy \
   xpcshell \
   web-platform \
+  updater-dep \
   $(NULL)
 
 ifdef LINK_GTEST_DURING_COMPILE
 stage-all: stage-gtest
 TEST_PKGS_ZIP += gtest
 endif
 
 PKG_ARG = --$(1) '$(PKG_BASENAME).$(1).tests.$(2)'
--- a/toolkit/mozapps/update/updater/archivereader.cpp
+++ b/toolkit/mozapps/update/updater/archivereader.cpp
@@ -20,16 +20,19 @@
 #define XZ_USE_CRC64
 #include "xz.h"
 
 // These are generated at compile time based on the DER file for the channel
 // being used
 #ifdef MOZ_VERIFY_MAR_SIGNATURE
 #ifdef TEST_UPDATER
 #include "../xpcshellCert.h"
+#elif DEP_UPDATER
+#include "../dep1Cert.h"
+#include "../dep2Cert.h"
 #else
 #include "primaryCert.h"
 #include "secondaryCert.h"
 #endif
 #endif
 
 #define UPDATER_NO_STRING_GLUE_STL
 #include "nsVersionComparator.cpp"
@@ -82,16 +85,21 @@ ArchiveReader::VerifySignature()
     return ARCHIVE_NOT_OPEN;
   }
 
 #ifndef MOZ_VERIFY_MAR_SIGNATURE
   return OK;
 #else
 #ifdef TEST_UPDATER
   int rv = VerifyLoadedCert(mArchive, xpcshellCertData);
+#elif DEP_UPDATER
+  int rv = VerifyLoadedCert(mArchive, dep1CertData);
+  if (rv != OK) {
+    rv = VerifyLoadedCert(mArchive, dep2CertData);
+  }
 #else
   int rv = VerifyLoadedCert(mArchive, primaryCertData);
   if (rv != OK) {
     rv = VerifyLoadedCert(mArchive, secondaryCertData);
   }
 #endif
   return rv;
 #endif
--- a/toolkit/mozapps/update/updater/moz.build
+++ b/toolkit/mozapps/update/updater/moz.build
@@ -6,55 +6,64 @@
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
     Program('org.mozilla.updater')
 else:
     Program('updater')
 
 updater_rel_path = ''
 include('updater-common.build')
+DIRS += ['updater-dep']
 if CONFIG['ENABLE_TESTS']:
     DIRS += ['updater-xpcshell']
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
     LDFLAGS += ['-sectcreate',
                 '__TEXT',
                 '__info_plist',
                 TOPOBJDIR + '/dist/bin/Info.plist',
                 '-sectcreate',
                 '__TEXT',
                 '__launchd_plist',
                 SRCDIR + '/Launchd.plist']
 
 GENERATED_FILES = [
+    'dep1Cert.h',
+    'dep2Cert.h',
     'primaryCert.h',
     'secondaryCert.h',
     'xpcshellCert.h',
 ]
 
 primary_cert = GENERATED_FILES['primaryCert.h']
 secondary_cert = GENERATED_FILES['secondaryCert.h']
 
 # This is how the xpcshellCertificate.der file is generated, in case we ever
 # have to regenerate it.
 # ./certutil -L -d modules/libmar/tests/unit/data -n mycert -r > xpcshellCertificate.der
 xpcshell_cert = GENERATED_FILES['xpcshellCert.h']
+dep1_cert = GENERATED_FILES['dep1Cert.h']
+dep2_cert = GENERATED_FILES['dep2Cert.h']
 
 primary_cert.script = 'gen_cert_header.py:create_header'
 secondary_cert.script = 'gen_cert_header.py:create_header'
 xpcshell_cert.script = 'gen_cert_header.py:create_header'
+dep1_cert.script = 'gen_cert_header.py:create_header'
+dep2_cert.script = 'gen_cert_header.py:create_header'
 
 if CONFIG['MOZ_UPDATE_CHANNEL'] in ('beta', 'release', 'esr'):
     primary_cert.inputs += ['release_primary.der']
     secondary_cert.inputs += ['release_secondary.der']
 elif CONFIG['MOZ_UPDATE_CHANNEL'] in ('nightly', 'aurora', 'nightly-elm',
                                       'nightly-profiling', 'nightly-oak',
                                       'nightly-ux'):
     primary_cert.inputs += ['nightly_aurora_level3_primary.der']
     secondary_cert.inputs += ['nightly_aurora_level3_secondary.der']
 else:
     primary_cert.inputs += ['dep1.der']
     secondary_cert.inputs += ['dep2.der']
 
+dep1_cert.inputs += ['dep1.der']
+dep2_cert.inputs += ['dep2.der']
 xpcshell_cert.inputs += ['xpcshellCertificate.der']
 
 if 'gtk' in CONFIG['MOZ_WIDGET_TOOLKIT']:
     FINAL_TARGET_FILES.icons += ['updater.png']
new file mode 100644
--- /dev/null
+++ b/toolkit/mozapps/update/updater/updater-dep/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+FINAL_TARGET = '_tests/updater-dep'
+
+Program('updater-dep')
+
+updater_rel_path = '../'
+DEFINES['DEP_UPDATER'] = True
+include('../updater-common.build')
+
--- a/toolkit/mozapps/update/updater/updater.rc
+++ b/toolkit/mozapps/update/updater/updater.rc
@@ -1,15 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Microsoft Visual C++ generated resource script.
 //
-#ifdef TEST_UPDATER
+#if defined(TEST_UPDATER) || defined(DEP_UPDATER)
 #include "../resource.h"
 #define MANIFEST_PATH "../updater.exe.manifest"
 #define COMCTL32_MANIFEST_PATH "../updater.exe.comctl32.manifest"
 #define ICON_PATH "../updater.ico"
 #else
 #include "resource.h"
 #define MANIFEST_PATH "updater.exe.manifest"
 #define COMCTL32_MANIFEST_PATH "updater.exe.comctl32.manifest"