From 5e82577acb38ba0026ae70bff931a1463f9564d2 Mon Sep 17 00:00:00 2001
From: "Brian R. Bondy" <netzen@gmail.com>
Date: Fri, 24 Feb 2012 16:29:41 -0500
Subject: [PATCH] Bug 711139 - MOZ_VERIFY_MAR_SIGNATURE build option for
 verifying MAR signatures. r=rstrong. sr=khuey

---
 browser/confvars.sh                        |  1 +
 config/autoconf.mk.in                      |  1 +
 configure.in                               | 18 ++++++++++++++++++
 toolkit/mozapps/update/updater/updater.cpp |  4 ++++
 4 files changed, 24 insertions(+)

diff --git a/browser/confvars.sh b/browser/confvars.sh
index 0164c727540a..13ca08894eb9 100755
--- a/browser/confvars.sh
+++ b/browser/confvars.sh
@@ -42,6 +42,7 @@ MOZ_UPDATER=1
 MOZ_PHOENIX=1
 
 if test "$OS_ARCH" = "WINNT"; then
+  MOZ_VERIFY_MAR_SIGNATURE=1
   if ! test "$HAVE_64BIT_OS"; then
     MOZ_MAINTENANCE_SERVICE=1
   fi
diff --git a/config/autoconf.mk.in b/config/autoconf.mk.in
index 4e373ffbc880..6a778b922ab6 100644
--- a/config/autoconf.mk.in
+++ b/config/autoconf.mk.in
@@ -140,6 +140,7 @@ MOZ_BRANDING_DIRECTORY = @MOZ_BRANDING_DIRECTORY@
 XPCOM_USE_LEA = @XPCOM_USE_LEA@
 MOZ_INSTALLER	= @MOZ_INSTALLER@
 MOZ_MAINTENANCE_SERVICE	= @MOZ_MAINTENANCE_SERVICE@
+MOZ_VERIFY_MAR_SIGNATURE	= @MOZ_VERIFY_MAR_SIGNATURE@
 MOZ_UPDATER	= @MOZ_UPDATER@
 MOZ_UPDATE_CHANNEL	= @MOZ_UPDATE_CHANNEL@
 MOZ_UPDATE_PACKAGING	= @MOZ_UPDATE_PACKAGING@
diff --git a/configure.in b/configure.in
index 3d0614c030cb..d626db818110 100644
--- a/configure.in
+++ b/configure.in
@@ -6481,6 +6481,23 @@ if test -n "$MOZ_MAINTENANCE_SERVICE"; then
   fi
 fi
 
+dnl ========================================================
+dnl Verify MAR signatures
+dnl ========================================================
+
+MOZ_ARG_ENABLE_BOOL(verify-mar,
+[  --enable-verify-mar     Enable verifying MAR signatures],
+    MOZ_VERIFY_MAR_SIGNATURE=1,
+    MOZ_VERIFY_MAR_SIGNATURE= )
+
+if test -n "$MOZ_VERIFY_MAR_SIGNATURE"; then
+  if test "$OS_ARCH" = "WINNT"; then
+    AC_DEFINE(MOZ_VERIFY_MAR_SIGNATURE)
+  else
+    AC_MSG_ERROR([Can only build with --enable-verify-mar with a Windows target])
+  fi
+fi
+
 dnl ========================================================
 dnl Updater
 dnl ========================================================
@@ -8589,6 +8606,7 @@ AC_SUBST(MOZ_ONLY_TOUCH_EVENTS)
 AC_SUBST(MOZ_USER_DIR)
 AC_SUBST(MOZ_CRASHREPORTER)
 AC_SUBST(MOZ_MAINTENANCE_SERVICE)
+AC_SUBST(MOZ_VERIFY_MAR_SIGNATURE)
 AC_SUBST(MOZ_UPDATER)
 AC_SUBST(MOZ_ANGLE)
 AC_SUBST(MOZ_DIRECTX_SDK_PATH)
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index 9a18aae3809c..37ddf5cf994a 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -1541,9 +1541,13 @@ UpdateThreadFunc(void *param)
                NS_T("%s/update.mar"), gSourcePath);
 
   rv = gArchiveReader.Open(dataFile);
+
+  #ifdef MOZ_VERIFY_MAR_SIGNATURE
   if (rv == OK) {
     rv = gArchiveReader.VerifySignature();
   }
+  #endif
+
   if (rv == OK) {
     rv = DoUpdate();
     gArchiveReader.Close();