mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-21 17:25:36 +00:00
c41a8afa77
Summary: Our previous approach to making this intermediate available relied on being able to add it to the user's NSS cert DB. This does work in the majority of cases, but there are some situations where it doesn't work (e.g. if the user's DB is set to read only, if they've configured Firefox to run in "nocertdb" mode, if they have a master password but forgot it, and so on). This patch compiles the intermediate in to Firefox in the same way we incorporate the root, so it should always be available. At the same time, this patch reverts the changes from 023dd959512e2cfa685187616560f91efa91183c and 1d35f8d88bdd007e01d42c4ff76c6d10d7c01a98 (the patches that implemented the original approach) because they should no longer be necessary. Reviewers: jcj!, kmag! Tags: #secure-revision Bug #: 1549249 Differential Revision: https://phabricator.services.mozilla.com/D30090 --HG-- extra : amend_source : dd475918be3f263a4a363c66a60edc708d3bdcca extra : histedit_source : b6861a1d7c7ddbe07d5df73d76734d9a48ee3164%2C54cbc4b0446ff1ee3dc860bb2d3798ba8f662566
44 lines
1.4 KiB
Python
44 lines
1.4 KiB
Python
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
import binascii
|
|
|
|
|
|
def _file_byte_generator(filename):
|
|
with open(filename, "rb") as f:
|
|
contents = f.read()
|
|
|
|
# Treat empty files the same as a file containing a lone 0;
|
|
# a single-element array will fail cert verifcation just as an
|
|
# empty array would.
|
|
if not contents:
|
|
return ['\0']
|
|
|
|
return contents
|
|
|
|
|
|
def _create_header(array_name, cert_bytes):
|
|
hexified = ["0x" + binascii.hexlify(byte) for byte in cert_bytes]
|
|
substs = {'array_name': array_name, 'bytes': ', '.join(hexified)}
|
|
return "const uint8_t %(array_name)s[] = {\n%(bytes)s\n};\n" % substs
|
|
|
|
|
|
# Create functions named the same as the data arrays that we're going to
|
|
# write to the headers, so we don't have to duplicate the names like so:
|
|
#
|
|
# def arrayName(header, cert_filename):
|
|
# header.write(_create_header("arrayName", cert_filename))
|
|
array_names = [
|
|
'xpcshellRoot',
|
|
'addonsPublicRoot',
|
|
'addonsPublicIntermediate',
|
|
'addonsStageRoot',
|
|
'privilegedPackageRoot',
|
|
]
|
|
|
|
for n in array_names:
|
|
# Make sure the lambda captures the right string.
|
|
globals()[n] = lambda header, cert_filename, name=n: header.write(
|
|
_create_header(name, _file_byte_generator(cert_filename)))
|