Bug 1234339 part 1, Inform the updater and maintenance service of the new SHA2 certificate issuer, r=callek, a=rkent
authorR Kent James <rkent@caspia.com>
Mon, 21 Dec 2015 13:53:07 -0800
changeset 26560 bf85d1a01f6bbcfc307676fe4fbd91db01ffdc48
parent 26559 027f2e6404681b5731ddf4c880ef2a0213335c65
child 26563 37c43fbe053728f85c346481762435394ef13f1c
push id1850
push userclokep@gmail.com
push dateWed, 08 Mar 2017 19:29:12 +0000
treeherdercomm-esr52@028df196b2d9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscallek, rkent
bugs1234339
Bug 1234339 part 1, Inform the updater and maintenance service of the new SHA2 certificate issuer, r=callek, a=rkent
mail/installer/windows/nsis/defines.nsi.in
mail/installer/windows/nsis/maintenanceservice_installer.nsi
mail/installer/windows/nsis/shared.nsh
--- a/mail/installer/windows/nsis/defines.nsi.in
+++ b/mail/installer/windows/nsis/defines.nsi.in
@@ -18,18 +18,22 @@
 !define AppRegNameNews        "Thunderbird (News)"
 
 !define ClientsRegName        "Mozilla Thunderbird"
 
 !define BrandShortName        "@MOZ_APP_DISPLAYNAME@"
 !define PreReleaseSuffix      "@PRE_RELEASE_SUFFIX@"
 !define BrandFullName         "${BrandFullNameInternal}${PreReleaseSuffix}"
 
-!define CERTIFICATE_NAME      "Mozilla Corporation"
-!define CERTIFICATE_ISSUER    "DigiCert Assured ID Code Signing CA-1"
+!define CERTIFICATE_NAME            "Mozilla Corporation"
+!define CERTIFICATE_ISSUER          "DigiCert SHA2 Assured ID Code Signing CA"
+; Changing the name or issuer requires us to have both the old and the new
+;  in the registry at the same time, temporarily.
+!define CERTIFICATE_NAME_PREVIOUS   "Mozilla Corporation"
+!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert Assured ID Code Signing CA-1"
 
 # NO_INSTDIR_FROM_REG is defined for pre-releases which have a PreReleaseSuffix
 # (e.g. Alpha X, Beta X, etc.) to prevent finding a non-default installation
 # directory in the registry and using that as the default. This prevents
 # Beta releases built with official branding from finding an existing install
 # of an official release and defaulting to its installation directory.
 !if "@PRE_RELEASE_SUFFIX@" != ""
 !define NO_INSTDIR_FROM_REG
--- a/mail/installer/windows/nsis/maintenanceservice_installer.nsi
+++ b/mail/installer/windows/nsis/maintenanceservice_installer.nsi
@@ -214,17 +214,17 @@ Section "MaintenanceService"
   ${EndIf}
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Attempted" 1
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Installed" 1
 
   ; Included here for debug purposes only.  
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   ; WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Assured ID Code Signing CA-1"
+  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
   ${If} ${RunningX64}
     SetRegView lastused
   ${EndIf}
 SectionEnd
 
 ; By renaming before deleting we improve things slightly in case
 ; there is a file in use error. In this case a new install can happen.
 Function un.RenameDelete
--- a/mail/installer/windows/nsis/shared.nsh
+++ b/mail/installer/windows/nsis/shared.nsh
@@ -572,16 +572,22 @@
     ; with at most one certificate.  A fallback certificate can only be used
     ; if the binary is replaced with a different certificate.
     ; We always use the 64bit registry for certs.
     ; This call is ignored on 32-bit systems.
     SetRegView 64
     DeleteRegKey HKLM "$R0"
     WriteRegStr HKLM "$R0\0" "name" "${CERTIFICATE_NAME}"
     WriteRegStr HKLM "$R0\0" "issuer" "${CERTIFICATE_ISSUER}"
+    ; These values associate the allowed certificates for the previous
+    ;  installation, so that we can update from it cleanly using the
+    ;  old updater.exe (which will still have this signature).
+    WriteRegStr HKLM "$R0\1" "name" "${CERTIFICATE_NAME_PREVIOUS}"
+    WriteRegStr HKLM "$R0\1" "issuer" "${CERTIFICATE_ISSUER_PREVIOUS}"
+
     SetRegView lastused
     ClearErrors
   ${EndIf} 
   ; Restore the previously used value back
   Pop $R0
 !macroend
 !define AddMaintCertKeys "!insertmacro AddMaintCertKeys"
 !endif