Bug 1566523 - Remove com.apple.quarantine from gmp downloads. r=dminor a=RyanVM DEVEDITION_69_0b10_BUILD1 DEVEDITION_69_0b10_RELEASE FIREFOX_69_0b10_BUILD1 FIREFOX_69_0b10_RELEASE
authorBryce Van Dyk <bvandyk@mozilla.com>
Thu, 25 Jul 2019 18:38:57 +0000
changeset 544883 2fc476538438ee9ae515aedce64807bd104fab2f
parent 544882 252d1331b7688955a58ad928164fd25373766c3d
child 544884 11087befe8d8389074b8eec5404bd8432bcf3eaa
push id2131
push userffxbld-merge
push dateMon, 26 Aug 2019 18:30:20 +0000
treeherdermozilla-release@b19ffb3ca153 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdminor, RyanVM
bugs1566523, 1566700
milestone69.0
Bug 1566523 - Remove com.apple.quarantine from gmp downloads. r=dminor a=RyanVM On MacOS Firefox will add the com.apple.quarantine attribute to files it downloads. Firefox does this as a safety measure to indicate to the OS that the file may be from an untrusted source. While the attribute can be set prior to MacOS 10.15, the attribute is used to enforce new features in 10.15. This leads to issues where if we do not clear the attribute from GMPs we download, we will fail to load dynamic libs. This patch means we will clear the quarantine from GMP downloads. These GMPs come from a trusted source and are checksummed via hash. Note, most of the heavy lifting for this was done in bug 1566700. We just leverage the new API here. Differential Revision: https://phabricator.services.mozilla.com/D39369
toolkit/modules/GMPExtractorWorker.js
--- a/toolkit/modules/GMPExtractorWorker.js
+++ b/toolkit/modules/GMPExtractorWorker.js
@@ -55,16 +55,30 @@ onmessage = async function(msg) {
       // directory.
       let destPath = OS.Path.join(installToDirPath, fileName);
       await OS.File.writeAtomic(destPath, new Uint8Array(fileData), {
         tmpPath: destPath + ".tmp",
       });
       // Ensure files are writable and executable. Otherwise, we may be
       // unable to execute or uninstall them.
       await OS.File.setPermissions(destPath, { unixMode: 0o700 });
+      if (OS.Constants.Sys.Name == "Darwin") {
+        // If we're on MacOS Firefox will add the quarantine xattr to files it
+        // downloads. In this case we want to clear that xattr so we can load
+        // the CDM.
+        try {
+          await OS.File.macRemoveXAttr(destPath, "com.apple.quarantine");
+        } catch (e) {
+          // Failed to remove the attribute. This could be because the profile
+          // exists on a file system without xattr support.
+          //
+          // Don't fail the extraction here, as in this case it's likely we
+          // didn't set quarantine on these files in the first place.
+        }
+      }
       extractedPaths.push(destPath);
     }
     postMessage({
       result: "success",
       extractedPaths,
     });
   } catch (e) {
     postMessage({