Bug 1079858 - Part 1: Inform the updater and maintenance service of the new SHA2 certicicate issuer r=rstrong, a=ritu
authorMatt Howell <mhowell@mozilla.com>
Wed, 09 Dec 2015 11:26:51 -0500
changeset 298612 3f46faf48a4a31f33d0194499faaf16734f2b229
parent 298611 bd82bec9bc34028f7dc86f3a492dccc7e150cdb4
child 298613 e8bb3550be0f344804a13cc7aa268b91a9154e93
child 298615 fe61b8683f3a30fe261d86324fea3b810244f842
push id974
push userkwierso@gmail.com
push dateWed, 16 Dec 2015 23:43:55 +0000
treeherdermozilla-release@3f46faf48a4a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrstrong, ritu
bugs1079858
milestone43.0.1
Bug 1079858 - Part 1: Inform the updater and maintenance service of the new SHA2 certicicate issuer r=rstrong, a=ritu
browser/installer/windows/nsis/defines.nsi.in
browser/installer/windows/nsis/maintenanceservice_installer.nsi
browser/installer/windows/nsis/shared.nsh
toolkit/components/maintenanceservice/bootstrapinstaller/maintenanceservice_installer.nsi
--- a/browser/installer/windows/nsis/defines.nsi.in
+++ b/browser/installer/windows/nsis/defines.nsi.in
@@ -31,18 +31,22 @@
 !define DDEApplication        "Firefox"
 !define AppRegName            "Firefox"
 
 !ifndef DEV_EDITION
 !define BrandShortName        "@MOZ_APP_DISPLAYNAME@"
 !endif
 !define BrandFullName         "${BrandFullNameInternal}"
 
-!define CERTIFICATE_NAME      "Mozilla Corporation"
-!define CERTIFICATE_ISSUER    "DigiCert Assured ID Code Signing CA-1"
+!define CERTIFICATE_NAME            "Mozilla Corporation"
+!define CERTIFICATE_ISSUER          "DigiCert SHA2 Assured ID Code Signing CA"
+; Changing the name or issuer requires us to have both the old and the new
+;  in the registry at the same time, temporarily.
+!define CERTIFICATE_NAME_PREVIOUS   "Mozilla Corporation"
+!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert Assured ID Code Signing CA-1"
 
 # LSP_CATEGORIES is the permitted LSP categories for the application. Each LSP
 # category value is ANDed together to set multiple permitted categories.
 # See http://msdn.microsoft.com/en-us/library/ms742253%28VS.85%29.aspx
 # The value below removes all LSP categories previously set.
 !define LSP_CATEGORIES "0x00000000"
 
 !if "@MOZ_UPDATE_CHANNEL@" == ""
--- a/browser/installer/windows/nsis/maintenanceservice_installer.nsi
+++ b/browser/installer/windows/nsis/maintenanceservice_installer.nsi
@@ -215,17 +215,17 @@ Section "MaintenanceService"
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Attempted" 1
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Installed" 1
   DeleteRegValue HKLM "Software\Mozilla\MaintenanceService" "FFPrefetchDisabled"
 
   ; Included here for debug purposes only.  
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   ; WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Assured ID Code Signing CA-1"
+  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
   ${If} ${RunningX64}
     SetRegView lastused
   ${EndIf}
 SectionEnd
 
 ; By renaming before deleting we improve things slightly in case
 ; there is a file in use error. In this case a new install can happen.
 Function un.RenameDelete
--- a/browser/installer/windows/nsis/shared.nsh
+++ b/browser/installer/windows/nsis/shared.nsh
@@ -769,16 +769,21 @@
     ; install will never be attempted again after this from updates.  The value
     ; is used only to see if updates should attempt new service installs.
     WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Attempted" 1
 
     ; These values associate the allowed certificates for the current
     ; installation.
     WriteRegStr HKLM "$R0\0" "name" "${CERTIFICATE_NAME}"
     WriteRegStr HKLM "$R0\0" "issuer" "${CERTIFICATE_ISSUER}"
+    ; These values associate the allowed certificates for the previous
+    ;  installation, so that we can update from it cleanly using the
+    ;  old updater.exe (which will still have this signature).
+    WriteRegStr HKLM "$R0\1" "name" "${CERTIFICATE_NAME_PREVIOUS}"
+    WriteRegStr HKLM "$R0\1" "issuer" "${CERTIFICATE_ISSUER_PREVIOUS}"
     ${If} ${RunningX64}
       SetRegView lastused
     ${EndIf}
     ClearErrors
   ${EndIf}
   ; Restore the previously used value back
   Pop $R0
 !macroend
--- a/toolkit/components/maintenanceservice/bootstrapinstaller/maintenanceservice_installer.nsi
+++ b/toolkit/components/maintenanceservice/bootstrapinstaller/maintenanceservice_installer.nsi
@@ -212,17 +212,17 @@ Section "MaintenanceService"
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Attempted" 1
   WriteRegDWORD HKLM "Software\Mozilla\MaintenanceService" "Installed" 1
   DeleteRegValue HKLM "Software\Mozilla\MaintenanceService" "FFPrefetchDisabled"
 
   ; Included here for debug purposes only.  
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Assured ID Code Signing CA-1"
+  WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
   WriteRegStr HKLM "${FallbackKey}\1" "name" "Mozilla Fake SPC"
   WriteRegStr HKLM "${FallbackKey}\1" "issuer" "Mozilla Fake CA"
   ${If} ${RunningX64}
     SetRegView lastused
   ${EndIf}
 SectionEnd
 
 ; By renaming before deleting we improve things slightly in case