summaryrefslogtreecommitdiffstats
path: root/toolkit/modules/GMPInstallManager.sys.mjs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:34:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:34:50 +0000
commitdef92d1b8e9d373e2f6f27c366d578d97d8960c6 (patch)
tree2ef34b9ad8bb9a9220e05d60352558b15f513894 /toolkit/modules/GMPInstallManager.sys.mjs
parentAdding debian version 125.0.3-1. (diff)
downloadfirefox-def92d1b8e9d373e2f6f27c366d578d97d8960c6.tar.xz
firefox-def92d1b8e9d373e2f6f27c366d578d97d8960c6.zip
Merging upstream version 126.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/modules/GMPInstallManager.sys.mjs')
-rw-r--r--toolkit/modules/GMPInstallManager.sys.mjs54
1 files changed, 49 insertions, 5 deletions
diff --git a/toolkit/modules/GMPInstallManager.sys.mjs b/toolkit/modules/GMPInstallManager.sys.mjs
index 41f57b9a63..c187215096 100644
--- a/toolkit/modules/GMPInstallManager.sys.mjs
+++ b/toolkit/modules/GMPInstallManager.sys.mjs
@@ -49,13 +49,23 @@ const LOCAL_GMP_SOURCES = [
},
];
+function getLocalSources() {
+ if (GMPPrefs.getBool(GMPPrefs.KEY_ALLOW_LOCAL_SOURCES, true)) {
+ return LOCAL_GMP_SOURCES;
+ }
+
+ let log = getScopedLogger("GMPInstallManager.checkForAddons");
+ log.info("ignoring local sources");
+ return [];
+}
+
function downloadJSON(uri) {
let log = getScopedLogger("GMPInstallManager.checkForAddons");
log.info("fetching config from: " + uri);
return new Promise((resolve, reject) => {
let xmlHttp = new lazy.ServiceRequest({ mozAnon: true });
- xmlHttp.onload = function (aResponse) {
+ xmlHttp.onload = function () {
resolve(JSON.parse(this.responseText));
};
@@ -152,6 +162,36 @@ GMPInstallManager.prototype = {
},
/**
+ * Determines the root to use for verifying content signatures.
+ * @param url
+ * The Balrog URL, i.e. the return value of _getURL().
+ */
+ _getContentSignatureRootForURL(url) {
+ // The prod and stage URLs of Balrog are documented at:
+ // https://mozilla-balrog.readthedocs.io/en/latest/infrastructure.html
+ // Note: we are matching by prefix without the full domain nor slash, to
+ // enable us to move to a different host name in the future if desired.
+ if (url.startsWith("https://aus")) {
+ return Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot;
+ }
+ if (url.startsWith("https://stage.")) {
+ return Ci.nsIContentSignatureVerifier.ContentSignatureStageRoot;
+ }
+ if (Services.env.exists("XPCSHELL_TEST_PROFILE_DIR")) {
+ return Ci.nsIX509CertDB.AppXPCShellRoot;
+ }
+ // When content signature verification for GMP was added (bug 1714621), a
+ // pref existed to configure an arbitrary root, which enabled local testing.
+ // This pref was removed later in bug 1769669, and replaced with hard-coded
+ // roots (prod and tests only). Support for testing against the stage server
+ // was restored in bug 1771992.
+ // Note: other verifiers ultimately fall back to ContentSignatureLocalRoot,
+ // to support local development. Here we use ContentSignatureProdRoot to
+ // minimize risk (and the unclear demand for "local" development).
+ return Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot;
+ },
+
+ /**
* Records telemetry results on if fetching update.xml from Balrog succeeded
* when content signature was used to verify the response from Balrog.
* @param didGetAddonList
@@ -325,9 +365,10 @@ GMPInstallManager.prototype = {
}
let url = await this._getURL();
+ let trustedContentSignatureRoot = this._getContentSignatureRootForURL(url);
log.info(
- `Fetching product addon list url=${url}, allowNonBuiltIn=${allowNonBuiltIn}, certs=${certs}, checkContentSignature=${checkContentSignature}`
+ `Fetching product addon list url=${url}, allowNonBuiltIn=${allowNonBuiltIn}, certs=${certs}, checkContentSignature=${checkContentSignature}, trustedContentSignatureRoot=${trustedContentSignatureRoot}`
);
let success = true;
@@ -337,7 +378,8 @@ GMPInstallManager.prototype = {
url,
allowNonBuiltIn,
certs,
- checkContentSignature
+ checkContentSignature,
+ trustedContentSignatureRoot
);
if (checkContentSignature) {
@@ -354,10 +396,12 @@ GMPInstallManager.prototype = {
}
}
+ let localSources = getLocalSources();
+
try {
if (!success) {
log.info("Falling back to local config");
- let fallbackSources = LOCAL_GMP_SOURCES.filter(function (gmpSource) {
+ let fallbackSources = localSources.filter(function (gmpSource) {
return gmpSource.installByDefault;
});
res = await downloadLocalConfig(fallbackSources);
@@ -379,7 +423,7 @@ GMPInstallManager.prototype = {
// the user has requested be forced installed regardless of our update
// server configuration.
try {
- let forcedSources = LOCAL_GMP_SOURCES.filter(function (gmpSource) {
+ let forcedSources = localSources.filter(function (gmpSource) {
return GMPPrefs.getBool(
GMPPrefs.KEY_PLUGIN_FORCE_INSTALL,
false,