Merging upstream version 126.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-15 03:35:49 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-15 03:35:49 +0000
commit: d8bbc7858622b6d9c278469aab701ca0b609cddf (patch)
tree: eff41dc61d9f714852212739e6b3738b82a2af87 /toolkit/modules/GMPInstallManager.sys.mjs
parent: Releasing progress-linux version 125.0.3-1~progress7.99u1. (diff)
download: firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.tar.xz
firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.zip
1 files changed, 49 insertions, 5 deletions
diff --git a/toolkit/modules/GMPInstallManager.sys.mjs b/toolkit/modules/GMPInstallManager.sys.mjs
index 41f57b9a63..c187215096 100644
--- a/toolkit/modules/GMPInstallManager.sys.mjs
+++ b/toolkit/modules/GMPInstallManager.sys.mjs
@@ -49,13 +49,23 @@ const LOCAL_GMP_SOURCES = [
   },
 ];
 
+function getLocalSources() {
+  if (GMPPrefs.getBool(GMPPrefs.KEY_ALLOW_LOCAL_SOURCES, true)) {
+    return LOCAL_GMP_SOURCES;
+  }
+
+  let log = getScopedLogger("GMPInstallManager.checkForAddons");
+  log.info("ignoring local sources");
+  return [];
+}
+
 function downloadJSON(uri) {
   let log = getScopedLogger("GMPInstallManager.checkForAddons");
   log.info("fetching config from: " + uri);
   return new Promise((resolve, reject) => {
     let xmlHttp = new lazy.ServiceRequest({ mozAnon: true });
 
-    xmlHttp.onload = function (aResponse) {
+    xmlHttp.onload = function () {
       resolve(JSON.parse(this.responseText));
     };
 
@@ -152,6 +162,36 @@ GMPInstallManager.prototype = {
   },
 
   /**
+   * Determines the root to use for verifying content signatures.
+   * @param url
+   *        The Balrog URL, i.e. the return value of _getURL().
+   */
+  _getContentSignatureRootForURL(url) {
+    // The prod and stage URLs of Balrog are documented at:
+    // https://mozilla-balrog.readthedocs.io/en/latest/infrastructure.html
+    // Note: we are matching by prefix without the full domain nor slash, to
+    // enable us to move to a different host name in the future if desired.
+    if (url.startsWith("https://aus")) {
+      return Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot;
+    }
+    if (url.startsWith("https://stage.")) {
+      return Ci.nsIContentSignatureVerifier.ContentSignatureStageRoot;
+    }
+    if (Services.env.exists("XPCSHELL_TEST_PROFILE_DIR")) {
+      return Ci.nsIX509CertDB.AppXPCShellRoot;
+    }
+    // When content signature verification for GMP was added (bug 1714621), a
+    // pref existed to configure an arbitrary root, which enabled local testing.
+    // This pref was removed later in bug 1769669, and replaced with hard-coded
+    // roots (prod and tests only). Support for testing against the stage server
+    // was restored in bug 1771992.
+    // Note: other verifiers ultimately fall back to ContentSignatureLocalRoot,
+    // to support local development. Here we use ContentSignatureProdRoot to
+    // minimize risk (and the unclear demand for "local" development).
+    return Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot;
+  },
+
+  /**
    * Records telemetry results on if fetching update.xml from Balrog succeeded
    * when content signature was used to verify the response from Balrog.
    * @param didGetAddonList
@@ -325,9 +365,10 @@ GMPInstallManager.prototype = {
     }
 
     let url = await this._getURL();
+    let trustedContentSignatureRoot = this._getContentSignatureRootForURL(url);
 
     log.info(
-      `Fetching product addon list url=${url}, allowNonBuiltIn=${allowNonBuiltIn}, certs=${certs}, checkContentSignature=${checkContentSignature}`
+      `Fetching product addon list url=${url}, allowNonBuiltIn=${allowNonBuiltIn}, certs=${certs}, checkContentSignature=${checkContentSignature}, trustedContentSignatureRoot=${trustedContentSignatureRoot}`
     );
 
     let success = true;
@@ -337,7 +378,8 @@ GMPInstallManager.prototype = {
         url,
         allowNonBuiltIn,
         certs,
-        checkContentSignature
+        checkContentSignature,
+        trustedContentSignatureRoot
       );
 
       if (checkContentSignature) {
@@ -354,10 +396,12 @@ GMPInstallManager.prototype = {
       }
     }
 
+    let localSources = getLocalSources();
+
     try {
       if (!success) {
         log.info("Falling back to local config");
-        let fallbackSources = LOCAL_GMP_SOURCES.filter(function (gmpSource) {
+        let fallbackSources = localSources.filter(function (gmpSource) {
           return gmpSource.installByDefault;
         });
         res = await downloadLocalConfig(fallbackSources);
@@ -379,7 +423,7 @@ GMPInstallManager.prototype = {
     // the user has requested be forced installed regardless of our update
     // server configuration.
     try {
-      let forcedSources = LOCAL_GMP_SOURCES.filter(function (gmpSource) {
+      let forcedSources = localSources.filter(function (gmpSource) {
         return GMPPrefs.getBool(
           GMPPrefs.KEY_PLUGIN_FORCE_INSTALL,
           false,
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-15 03:35:49 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-15 03:35:49 +0000
commit	d8bbc7858622b6d9c278469aab701ca0b609cddf (patch)
tree	eff41dc61d9f714852212739e6b3738b82a2af87 /toolkit/modules/GMPInstallManager.sys.mjs
parent	Releasing progress-linux version 125.0.3-1~progress7.99u1. (diff)
download	firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.tar.xz firefox-d8bbc7858622b6d9c278469aab701ca0b609cddf.zip