Bug 394984: Add signing certificate info to Info.plist files for Firefox and updater. r=bhearsum
☠☠ backed out by 98acf487a83d ☠ ☠
authorStephen Pohl <spohl.mozilla.bugs@gmail.com>
Tue, 11 Aug 2015 10:50:41 -0400
changeset 491468 842956e3e3003ad2816677307f7445a450377ec5
parent 491467 b49d0883c824a412be6299b9d3d85477a24df19a
child 491469 98acf487a83dff4a898002791e63079e31716232
push id47343
push userbmo:dothayer@mozilla.com
push dateWed, 01 Mar 2017 22:58:58 +0000
reviewersbhearsum
bugs394984
milestone42.0a1
Bug 394984: Add signing certificate info to Info.plist files for Firefox and updater. r=bhearsum
browser/app/Makefile.in
browser/app/macbuild/Contents/Info.plist.in
toolkit/mozapps/update/updater/Makefile.in
toolkit/mozapps/update/updater/macbuild/Contents/Info.plist
toolkit/mozapps/update/updater/macbuild/Contents/Info.plist.in
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -92,17 +92,17 @@ clean clobber repackage::
 MAC_BUNDLE_VERSION = $(shell $(PYTHON) $(srcdir)/macversion.py --version=$(MOZ_APP_VERSION) --buildid=$(DEPTH)/config/buildid)
 
 .PHONY: repackage
 tools repackage:: $(PROGRAM)
 	$(MKDIR) -p $(dist_dest)/Contents/MacOS
 	$(MKDIR) -p $(dist_dest)/$(LPROJ)
 	rsync -a --exclude '*.in' $(srcdir)/macbuild/Contents $(dist_dest) --exclude English.lproj
 	rsync -a --exclude '*.in' $(srcdir)/macbuild/Contents/Resources/English.lproj/ $(dist_dest)/$(LPROJ)
-	sed -e 's/%APP_VERSION%/$(MOZ_APP_VERSION)/' -e 's/%MAC_APP_NAME%/$(MAC_APP_NAME)/' -e 's/%MOZ_MACBUNDLE_ID%/$(MOZ_MACBUNDLE_ID)/' -e 's/%MAC_BUNDLE_VERSION%/$(MAC_BUNDLE_VERSION)/' $(srcdir)/macbuild/Contents/Info.plist.in > $(dist_dest)/Contents/Info.plist
+	sed -e 's/%APP_VERSION%/$(MOZ_APP_VERSION)/' -e 's/%MAC_APP_NAME%/$(MAC_APP_NAME)/' -e 's/%MOZ_MACBUNDLE_ID%/$(MOZ_MACBUNDLE_ID)/' -e 's/%MAC_BUNDLE_VERSION%/$(MAC_BUNDLE_VERSION)/' -e 's/%MAC_CERT_SUBJECT_OU%/$(MAC_CERT_SUBJECT_OU)/' $(srcdir)/macbuild/Contents/Info.plist.in > $(dist_dest)/Contents/Info.plist
 	sed -e 's/%MAC_APP_NAME%/$(MAC_APP_NAME)/' $(srcdir)/macbuild/Contents/Resources/English.lproj/InfoPlist.strings.in | iconv -f UTF-8 -t UTF-16 > $(dist_dest)/$(LPROJ)/InfoPlist.strings
 	rsync -a --exclude-from='$(srcdir)/macbuild/Contents/MacOS-files.in' $(DIST)/bin/ $(dist_dest)/Contents/Resources
 	rsync -a --include-from='$(srcdir)/macbuild/Contents/MacOS-files.in' --exclude '*' $(DIST)/bin/ $(dist_dest)/Contents/MacOS
 	$(RM) $(dist_dest)/Contents/MacOS/$(PROGRAM)
 	rsync -aL $(PROGRAM) $(dist_dest)/Contents/MacOS
 	cp -RL $(DIST)/branding/firefox.icns $(dist_dest)/Contents/Resources/firefox.icns
 	cp -RL $(DIST)/branding/document.icns $(dist_dest)/Contents/Resources/document.icns
 	$(MKDIR) -p $(dist_dest)/Contents/Library/LaunchServices
--- a/browser/app/macbuild/Contents/Info.plist.in
+++ b/browser/app/macbuild/Contents/Info.plist.in
@@ -213,12 +213,17 @@
 		<string>10.6.0</string>
 		<key>x86_64</key>
 		<string>10.6.0</string>
 	</dict>
   <key>NSSupportsAutomaticGraphicsSwitching</key>
   <true/>
   <key>NSPrincipalClass</key>
   <string>GeckoNSApplication</string>
+	<key>SMPrivilegedExecutables</key>
+	<dict>
+		<key>org.mozilla.updater</key>
+		<string>identifier "org.mozilla.updater" and ((anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9]) or (anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "43AQ936H96"))</string>
+	</dict>
   <key>NSDisablePersistence</key>
   <true/>
 </dict>
 </plist>
--- a/toolkit/mozapps/update/updater/Makefile.in
+++ b/toolkit/mozapps/update/updater/Makefile.in
@@ -48,14 +48,15 @@ libs:: updater.png
 endif
 
 ifeq (cocoa,$(MOZ_WIDGET_TOOLKIT))
 libs::
 	$(NSINSTALL) -D $(DIST)/bin/updater.app
 	rsync -a -C --exclude '*.in' $(srcdir)/macbuild/Contents $(DIST)/bin/updater.app 
 	sed -e 's/%APP_NAME%/$(MOZ_APP_DISPLAYNAME)/' $(srcdir)/macbuild/Contents/Resources/English.lproj/InfoPlist.strings.in | \
 	  iconv -f UTF-8 -t UTF-16 > $(DIST)/bin/updater.app/Contents/Resources/English.lproj/InfoPlist.strings
+	sed -e 's/%MOZ_MACBUNDLE_ID%/$(MOZ_MACBUNDLE_ID)/' -e 's/%MAC_CERT_SUBJECT_OU%/$(MAC_CERT_SUBJECT_OU)/' $(srcdir)/macbuild/Contents/Info.plist.in > $(dist_dest)/Contents/Info.plist
 	$(NSINSTALL) -D $(DIST)/bin/updater.app/Contents/MacOS
 	$(NSINSTALL) $(DIST)/bin/org.mozilla.updater $(DIST)/bin/updater.app/Contents/MacOS
 	rm -f $(DIST)/bin/org.mozilla.updater
 endif
 
 CXXFLAGS += $(MOZ_BZ2_CFLAGS)
rename from toolkit/mozapps/update/updater/macbuild/Contents/Info.plist
rename to toolkit/mozapps/update/updater/macbuild/Contents/Info.plist.in
--- a/toolkit/mozapps/update/updater/macbuild/Contents/Info.plist
+++ b/toolkit/mozapps/update/updater/macbuild/Contents/Info.plist.in
@@ -26,10 +26,14 @@
 	<string>10.5</string>
 	<key>LSMinimumSystemVersionByArchitecture</key>
 	<dict>
 		<key>i386</key>
 		<string>10.5.0</string>
 		<key>x86_64</key>
 		<string>10.6.0</string>
 	</dict>
+	<key>SMAuthorizedClients</key>
+	<array>
+		<string>identifier "%MOZ_MACBUNDLE_ID%" and ((anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9]) or (anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "43AQ936H96"))</string>
+	</array>
 </dict>
 </plist>