Bug 1769669 - move app signature verification to security/manager/ssl/ r=jschanck

Before this patch, the app signature verification code lived in security/apps/. The majority of the rest of PSM is in security/manager/ssl/ and there's little reason to have that extra directory for the app signature verification implementation alone. Differential Revision: https://phabricator.services.mozilla.com/D146644
2024-11-24 21:31:04 +00:00 · 2022-06-03 23:26:28 +00:00 · 2022-06-03 23:26:28 +00:00 · 872a9fafe8
commit 872a9fafe8
parent f117f58e47
10 changed files with 25 additions and 72 deletions
--- a/security/apps/moz.build
+++ b/security/apps/moz.build
@ -1,61 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-with Files("**"):
-    BUG_COMPONENT = ("Core", "Security: PSM")
-
-UNIFIED_SOURCES += [
-    "AppSignatureVerification.cpp",
-    "AppTrustDomain.cpp",
-]
-
-include("/ipc/chromium/chromium-config.mozbuild")
-
-FINAL_LIBRARY = "xul"
-
-LOCAL_INCLUDES += [
-    "/security/certverifier",
-    "/security/manager/ssl",
-    "/third_party/rust/cose-c/include",
-]
-
-DEFINES["NSS_ENABLE_ECC"] = "True"
-for var in ("DLL_PREFIX", "DLL_SUFFIX"):
-    DEFINES[var] = '"%s"' % CONFIG[var]
-
-if CONFIG["CC_TYPE"] in ("clang", "gcc"):
-    CXXFLAGS += [
-        "-Wextra",
-    ]
-
-    # Gecko headers aren't warning-free enough for us to enable these warnings.
-    CXXFLAGS += [
-        "-Wno-unused-parameter",
-    ]
-
-test_ssl_path = "/security/manager/ssl/tests/unit"
-
-headers_arrays_certs = [
-    (
-        "xpcshell.inc",
-        "xpcshellRoot",
-        test_ssl_path + "/test_signed_apps/xpcshellTestRoot.der",
-    ),
-    ("addons-public.inc", "addonsPublicRoot", "addons-public.crt"),
-    (
-        "addons-public-intermediate.inc",
-        "addonsPublicIntermediate",
-        "addons-public-intermediate.crt",
-    ),
-    ("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"),
-]
-
-for header, array_name, cert in headers_arrays_certs:
-    GeneratedFile(
-        header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert]
-    )
-
-REQUIRES_UNIFIED_BUILD = True
--- a/security/manager/ssl/AppSignatureVerification.cpp
+++ b/security/manager/ssl/AppSignatureVerification.cpp
--- a/security/manager/ssl/AppTrustDomain.cpp
+++ b/security/manager/ssl/AppTrustDomain.cpp
--- a/security/manager/ssl/AppTrustDomain.h
+++ b/security/manager/ssl/AppTrustDomain.h
--- a/security/manager/ssl/addons-public-intermediate.crt
+++ b/security/manager/ssl/addons-public-intermediate.crt
--- a/security/manager/ssl/addons-public.crt
+++ b/security/manager/ssl/addons-public.crt
--- a/security/manager/ssl/addons-stage.crt
+++ b/security/manager/ssl/addons-stage.crt
--- a/security/manager/ssl/gen_cert_header.py
+++ b/security/manager/ssl/gen_cert_header.py
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@ -100,6 +100,8 @@ EXPORTS.ipc += [
 ]

 UNIFIED_SOURCES += [
+    "AppSignatureVerification.cpp",
+    "AppTrustDomain.cpp",
    "CertStorageMemoryReporting.cpp",
    "CommonSocketControl.cpp",
    "ContentSignatureVerifier.cpp",
@ -197,17 +199,15 @@ UNIFIED_SOURCES += [
 FINAL_LIBRARY = "xul"

 LOCAL_INCLUDES += [
+    "!/dist/public/nss",
    "/dom/base",
    "/dom/crypto",
    "/netwerk/base",
    "/security/certverifier",
+    "/third_party/rust/cose-c/include",
    "/xpcom/build",
 ]

-LOCAL_INCLUDES += [
-    "!/dist/public/nss",
-]
-
 GeneratedFile(
    "nsSTSPreloadListGenerated.inc",
    script="../../../xpcom/ds/tools/make_dafsa.py",
@ -240,4 +240,24 @@ if CONFIG["CC_TYPE"] in ("clang", "gcc"):
        "-Wno-unused-parameter",
    ]

+headers_arrays_certs = [
+    (
+        "xpcshell.inc",
+        "xpcshellRoot",
+        "tests/unit/test_signed_apps/xpcshellTestRoot.der",
+    ),
+    ("addons-public.inc", "addonsPublicRoot", "addons-public.crt"),
+    (
+        "addons-public-intermediate.inc",
+        "addonsPublicIntermediate",
+        "addons-public-intermediate.crt",
+    ),
+    ("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"),
+]
+
+for header, array_name, cert in headers_arrays_certs:
+    GeneratedFile(
+        header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert]
+    )
+
 REQUIRES_UNIFIED_BUILD = True
--- a/toolkit/toolkit.mozbuild
+++ b/toolkit/toolkit.mozbuild
@ -41,13 +41,6 @@ if CONFIG['MOZ_SANDBOX']:
 if CONFIG["MOZ_USING_WASM_SANDBOXING"] and CONFIG["COMPILE_ENVIRONMENT"]:
    DIRS += ["/security/rlbox"]

-DIRS += [
-    # Depends on NSS and NSPR
-    '/security/certverifier',
-    # Depends on certverifier
-    '/security/apps',
-]
-
 # the signing related bits of libmar depend on nss
 if CONFIG['MOZ_UPDATER']:
    DIRS += ['/modules/libmar']
@ -134,6 +127,7 @@ DIRS += [
    '/tools/power',
    '/tools/profiler',
    '/extensions/spellcheck',
+    '/security/certverifier',
    '/security/manager',
    '/toolkit',
 ]