security/apps/moz.build
author Dana Keeler <dkeeler@mozilla.com>
Mon, 06 May 2019 23:12:36 +0000
changeset 516455 5b264ffa56e752df9a66c8a781e06fde51ada9e8
parent 497699 432a98e50d2bfab224328254266069aef1a474cc
permissions -rw-r--r--
bug 1549249 - hard-code new add-on signing intermediate so it's always available r=jcj,kmag a=tomprince Our previous approach to making this intermediate available relied on being able to add it to the user's NSS cert DB. This does work in the majority of cases, but there are some situations where it doesn't work (e.g. if the user's DB is set to read only, if they've configured Firefox to run in "nocertdb" mode, if they have a master password but forgot it, and so on). This patch compiles the intermediate in to Firefox in the same way we incorporate the root, so it should always be available. At the same time, this patch reverts the changes from 848b15028562c6757748070f637e0e4f0bbb5f65 (the patch that implemented the original approach) because it should no longer be necessary. This also bumps the add-on DB schema to trigger add-on revalidation. Differential Revision: https://phabricator.services.mozilla.com/D30140

# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

with Files("**"):
    BUG_COMPONENT = ("Core", "Security: PSM")

UNIFIED_SOURCES += [
    'AppSignatureVerification.cpp',
    'AppTrustDomain.cpp',
]

FINAL_LIBRARY = 'xul'

LOCAL_INCLUDES += [
    '/security/certverifier',
    '/security/manager/ssl',
    '/third_party/rust/cose-c/include',
]

DEFINES['NSS_ENABLE_ECC'] = 'True'
for var in ('DLL_PREFIX', 'DLL_SUFFIX'):
    DEFINES[var] = '"%s"' % CONFIG[var]

if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
    CXXFLAGS += [
        '-Wextra',
    ]

    # Gecko headers aren't warning-free enough for us to enable these warnings.
    CXXFLAGS += [
        '-Wno-unused-parameter',
    ]

test_ssl_path = '/security/manager/ssl/tests/unit'

headers_arrays_certs = [
    ('xpcshell.inc', 'xpcshellRoot', test_ssl_path + '/test_signed_apps/xpcshellTestRoot.der'),
    ('addons-public.inc', 'addonsPublicRoot', 'addons-public.crt'),
    ('addons-public-intermediate.inc', 'addonsPublicIntermediate', 'addons-public-intermediate.crt'),
    ('addons-stage.inc', 'addonsStageRoot', 'addons-stage.crt'),
    ('privileged-package-root.inc', 'privilegedPackageRoot', 'privileged-package-root.der'),
]

for header, array_name, cert in headers_arrays_certs:
    GENERATED_FILES += [header]
    h = GENERATED_FILES[header]
    h.script = 'gen_cert_header.py:' + array_name
    h.inputs = [cert]