mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-22 17:55:50 +00:00
Bug 1160340: Themes should not be marked as unsigned in the add-ons manager. r=dveditz
--HG-- extra : rebase_source : 98fd079d1a5da4836763ceb6be553c031be4fabe extra : amend_source : 21bdc204d19de3068e953582e5068b2d9d7347ed
This commit is contained in:
parent
308b758233
commit
807c708c09
@ -1060,10 +1060,7 @@ let loadManifestFromDir = Task.async(function* loadManifestFromDir(aDir) {
|
||||
addon.hasBinaryComponents = ChromeManifestParser.hasType(chromeManifest,
|
||||
"binary-component");
|
||||
|
||||
if (SIGNED_TYPES.has(addon.type))
|
||||
addon.signedState = yield verifyDirSignedState(aDir, addon.id);
|
||||
else
|
||||
addon.signedState = AddonManager.SIGNEDSTATE_MISSING;
|
||||
addon.signedState = yield verifyDirSignedState(aDir, addon);
|
||||
|
||||
addon.appDisabled = !isUsableAddon(addon);
|
||||
return addon;
|
||||
@ -1108,10 +1105,7 @@ let loadManifestFromZipReader = Task.async(function* loadManifestFromZipReader(a
|
||||
addon.hasBinaryComponents = false;
|
||||
}
|
||||
|
||||
if (SIGNED_TYPES.has(addon.type))
|
||||
addon.signedState = yield verifyZipSignedState(aZipReader.file, addon.id, addon.version);
|
||||
else
|
||||
addon.signedState = AddonManager.SIGNEDSTATE_MISSING;
|
||||
addon.signedState = yield verifyZipSignedState(aZipReader.file, addon);
|
||||
|
||||
addon.appDisabled = !isUsableAddon(addon);
|
||||
return addon;
|
||||
@ -1325,11 +1319,14 @@ function getSignedStatus(aRv, aCert, aExpectedID) {
|
||||
*
|
||||
* @param aFile
|
||||
* the xpi file to check
|
||||
* @param aExpectedID
|
||||
* the expected ID of the signature
|
||||
* @param aAddon
|
||||
* the add-on object to verify
|
||||
* @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
|
||||
*/
|
||||
function verifyZipSignedState(aFile, aExpectedID, aVersion) {
|
||||
function verifyZipSignedState(aFile, aAddon) {
|
||||
if (!SIGNED_TYPES.has(aAddon.type))
|
||||
return Promise.resolve(undefined);
|
||||
|
||||
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
|
||||
.getService(Ci.nsIX509CertDB);
|
||||
|
||||
@ -1341,7 +1338,7 @@ function verifyZipSignedState(aFile, aExpectedID, aVersion) {
|
||||
certDB.openSignedAppFileAsync(root, aFile, (aRv, aZipReader, aCert) => {
|
||||
if (aZipReader)
|
||||
aZipReader.close();
|
||||
resolve(getSignedStatus(aRv, aCert, aExpectedID));
|
||||
resolve(getSignedStatus(aRv, aCert, aAddon.id));
|
||||
});
|
||||
});
|
||||
}
|
||||
@ -1352,11 +1349,14 @@ function verifyZipSignedState(aFile, aExpectedID, aVersion) {
|
||||
*
|
||||
* @param aDir
|
||||
* the directory to check
|
||||
* @param aExpectedID
|
||||
* the expected ID of the signature
|
||||
* @param aAddon
|
||||
* the add-on object to verify
|
||||
* @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
|
||||
*/
|
||||
function verifyDirSignedState(aDir, aExpectedID) {
|
||||
function verifyDirSignedState(aDir, aAddon) {
|
||||
if (!SIGNED_TYPES.has(aAddon.type))
|
||||
return Promise.resolve(undefined);
|
||||
|
||||
// TODO: Get the certificate for an unpacked add-on (bug 1038072)
|
||||
return Promise.resolve(AddonManager.SIGNEDSTATE_MISSING);
|
||||
}
|
||||
@ -1367,14 +1367,14 @@ function verifyDirSignedState(aDir, aExpectedID) {
|
||||
*
|
||||
* @param aBundle
|
||||
* the nsIFile for the bundle to check, either a directory or zip file
|
||||
* @param aExpectedID
|
||||
* the expected ID of the signature
|
||||
* @param aAddon
|
||||
* the add-on object to verify
|
||||
* @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
|
||||
*/
|
||||
function verifyBundleSignedState(aBundle, aExpectedID) {
|
||||
function verifyBundleSignedState(aBundle, aAddon) {
|
||||
if (aBundle.isFile())
|
||||
return verifyZipSignedState(aBundle, aExpectedID);
|
||||
return verifyDirSignedState(aBundle, aExpectedID);
|
||||
return verifyZipSignedState(aBundle, aAddon);
|
||||
return verifyDirSignedState(aBundle, aAddon);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2522,7 +2522,7 @@ this.XPIProvider = {
|
||||
* Verifies that all installed add-ons are still correctly signed.
|
||||
*/
|
||||
verifySignatures: function XPI_verifySignatures() {
|
||||
XPIDatabase.getAddonList(addon => SIGNED_TYPES.has(addon.type), (addons) => {
|
||||
XPIDatabase.getAddonList(a => true, (addons) => {
|
||||
Task.spawn(function*() {
|
||||
let changes = {
|
||||
enabled: [],
|
||||
@ -2534,7 +2534,7 @@ this.XPIProvider = {
|
||||
if (!addon._sourceBundle.exists())
|
||||
continue;
|
||||
|
||||
let signedState = yield verifyBundleSignedState(addon._sourceBundle, addon.id);
|
||||
let signedState = yield verifyBundleSignedState(addon._sourceBundle, addon);
|
||||
if (signedState == addon.signedState)
|
||||
continue;
|
||||
|
||||
@ -3168,7 +3168,7 @@ this.XPIProvider = {
|
||||
|
||||
// If updating from a version of the app that didn't support signedState
|
||||
// then fetch that property now
|
||||
if (aOldAddon.signedState === undefined) {
|
||||
if (aOldAddon.signedState === undefined && SIGNED_TYPES.has(aOldAddon.type)) {
|
||||
let file = aInstallLocation.getLocationForID(aOldAddon.id);
|
||||
let manifest = syncLoadManifestFromFile(file);
|
||||
aOldAddon.signedState = manifest.signedState;
|
||||
@ -5418,7 +5418,8 @@ AddonInstall.prototype = {
|
||||
"signature verification failed"])
|
||||
}
|
||||
}
|
||||
else if (this.addon.signedState == AddonManager.SIGNEDSTATE_UNKNOWN) {
|
||||
else if (this.addon.signedState == AddonManager.SIGNEDSTATE_UNKNOWN ||
|
||||
this.addon.signedState == undefined) {
|
||||
// Check object signing certificate, if any
|
||||
let x509 = zipreader.getSigningCert(null);
|
||||
if (x509) {
|
||||
|
@ -95,10 +95,12 @@ function run_test() {
|
||||
do_check_neq(d, null);
|
||||
do_check_false(d.skinnable);
|
||||
do_check_false(d.foreignInstall);
|
||||
do_check_eq(d.signedState, undefined);
|
||||
|
||||
do_check_neq(t1, null);
|
||||
do_check_false(t1.userDisabled);
|
||||
do_check_false(t1.appDisabled);
|
||||
do_check_eq(t1.signedState, undefined);
|
||||
do_check_true(t1.isActive);
|
||||
do_check_true(t1.skinnable);
|
||||
do_check_true(t1.foreignInstall);
|
||||
@ -112,6 +114,7 @@ function run_test() {
|
||||
do_check_neq(t2, null);
|
||||
do_check_true(t2.userDisabled);
|
||||
do_check_false(t2.appDisabled);
|
||||
do_check_eq(t2.signedState, undefined);
|
||||
do_check_false(t2.isActive);
|
||||
do_check_false(t2.skinnable);
|
||||
do_check_true(t2.foreignInstall);
|
||||
|
Loading…
Reference in New Issue
Block a user