author Randell Jesup <>
Fri, 15 Feb 2013 02:25:44 -0500
changeset 128101 e8dc0937c41d2e796d61a7df78cb8e5543fb167d
parent 121481 6a0ed6484811bc7233c39eec1687bb8ce09cb98e
child 129309 e81aef9e0d1637b6e787964d5cc2052597fe47f6
permissions -rw-r--r--
Bug 838799: Protect against funky cameras that return 0 FPS r=derf

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at

# On B2G, we need to remove the trust bits for code signing from all the
# built-in CAs, because we are redefining the code signing bit to mean
# "is trusted to issue certs that are trusted for signing apps," which none
# of the normal built-in CAs are. This is a temporary hack until we can use
# libpkix to verify the certificates. (libpkix gives the flexibility we need
# to verify certificates using different sets of trust anchors per validation.)
# Whenever we change the B2G app signing trust anchor, we need to manually
# update certdata-b2g.txt. To do so:
# 1. replace ./b2g-app-root-cert.der with the new DER-encoded root cert
# 2. In this directory run:
#     PATH=$NSS/bin:$NSS/lib addbuiltin -n "b2g-app-root-cert" -t ",,Cu" \
#       < b2g-app-root-cert.der > b2g-certdata.txt
# Then, commit the changes. We don't do this step as part of the build because
# we do not build addbuiltin as part of a Gecko build.

# Distrust all existing builtin CAs for code-signing
hacked-certdata.txt : $(srcdir)/../nss/lib/ckfw/builtins/certdata.txt
			$< > $@

combined-certdata.txt : hacked-certdata.txt $(srcdir)/b2g-certdata.txt
	cat $^ > $@

libs:: combined-certdata.txt