Merging upstream version 126.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

10 files changed, 247 insertions, 0 deletions

diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build
new file mode 100644
index 0000000000..e1f4ad0981
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Framework("UpdateSettings-WrongChannel")
+FINAL_TARGET = "_tests/xpcshell/toolkit/mozapps/update/tests"
+
+DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"wrong-channel"'
+
+UNIFIED_SOURCES += [
+    "../UpdateSettings/UpdateSettings.mm",
+]
+
+OS_LIBS += [
+    "-framework Foundation",
+]
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build
new file mode 100644
index 0000000000..6c9b43b146
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Framework("UpdateSettings-xpcshell")
+FINAL_TARGET = "_tests/xpcshell/toolkit/mozapps/update/tests"
+
+DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"xpcshell-test"'
+
+UNIFIED_SOURCES += [
+    "../UpdateSettings/UpdateSettings.mm",
+]
+
+OS_LIBS += [
+    "-framework Foundation",
+]
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist
new file mode 100644
index 0000000000..65777a475f
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>CFBundleDevelopmentRegion</key>
+  <string>en</string>
+  <key>CFBundleExecutable</key>
+  <string>UpdateSettings</string>
+  <key>CFBundleIdentifier</key>
+  <string>org.mozilla.updatesettings</string>
+  <key>CFBundleInfoDictionaryVersion</key>
+  <string>6.0</string>
+  <key>CFBundleName</key>
+  <string>UpdateSettings</string>
+  <key>CFBundlePackageType</key>
+  <string>FMWK</string>
+  <key>CFBundleSignature</key>
+  <string>????</string>
+  <key>CFBundleShortVersionString</key>
+  <string>1.0</string>
+  <key>CFBundleVersion</key>
+  <string>1.0</string>
+</dict>
+</plist>
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md
new file mode 100644
index 0000000000..32b9d2ea48
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md
@@ -0,0 +1,77 @@
+# UpdateSettings macOS Framework
+
+## Summary
+
+The UpdateSettings macOS Framework is used to set the accepted MAR download
+channels.
+
+## What are MAR update channels and what are they used for?
+
+As the name implies, MAR update channels are the channels where MAR update files
+are served from and we want to ensure that the updater only applies MAR files
+from accepted channels.
+
+## Why do we need a Framework instead of compiling the accepted MAR update channels directly into the executable?
+
+There are three main use cases that make it necessary for the accepted MAR
+update channels to be set by external means, such as a macOS Framework:
+
+  1. Allowing users on the Beta channel to test RC builds
+
+Our beta users test release candidate builds before they are released to the
+release population. The MAR files related to release candidates have their MAR
+channel set to `release`. We make it possible for beta users to test these
+release candidate MAR files by having beta Firefox installs accept MAR files
+with their internal update channel set to either `release` or `beta`.
+
+  2. Switching users to another channel, such as ESR
+
+In contrast to the Beta use case outlined above, there are times where we
+explicitly WANT to switch users to a different channel. An example of this is
+when hardware or a particular macOS version have reached their EOL. In this
+case, we usually switch users to our ESR channel for extended support. We switch
+users to a different channel by serving a MAR file that forces a change to the
+update channels that will be accepted for future updates. In other words, while
+users may have previously accepted MAR update files from the `release` channel,
+they now only accept MAR files from the `esr` channel.
+
+  3. QA update testing
+
+QA requires a way to temporarily switch the MAR update channel to a test channel
+in order to test MAR updates before new releases.
+
+## How does the UpdateSettings macOS Framework address these use cases?
+
+We are able to accommodate all three use cases above by enabling the updater to
+ignore certain files on disk if they are already present, but continue to force
+update them if so desired.
+
+In the case of a Beta user updating to an RC build, the updater would encounter
+an UpdateSettings macOS Framework inside the .app bundle that has the accepted
+MAR update channels set to `beta` and `release`. In this case, the updater will
+not update the Framework, but update everything else. This beta user is now able
+to run the RC build with the update channel still set to `beta` and `release`
+and will be able to apply MAR files related to the next beta cycle once the end
+of RC builds is reached.
+
+In the case of switching users to the ESR channel, the updater will be set to
+forcefully update the UpdateSettings macOS Framework, even if already present on
+disk. After the update, the user will now be set to accept MAR updates from the
+`esr` channel only.
+
+Before releases, QA replaces the UpdateSettings macOS Framework within the .app
+bundle and set the accepted MAR update channels to a test channel in order to
+test MAR updates. During testing, the new Framework file would remain in place
+for typical update testing, but gets replaced in case QA was testing channel
+switching.
+
+## Why is a macOS Framework the best solution to store the accepted MAR update channels?
+
+Apple has started strengthening code signature checks and the requirements on
+developers such as ourselves on how their apps are signed. In particular,
+most files in the .app bundle are now included in signature verifications.
+
+A macOS Framework is the ideal solution to store the accepted MAR update
+channels because Frameworks are the only component within a .app bundle that can
+be replaced without invalidating the code signature on the .app bundle, as long
+as both the previous and the new Framework are signed.
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h
new file mode 100644
index 0000000000..65a7ba3e00
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef UpdateSettings_h_
+#define UpdateSettings_h_
+
+#import <Foundation/Foundation.h>
+
+extern "C" {
+
+// Returns the accepted MAR channels, as an autoreleased string.
+extern NSString* UpdateSettingsGetAcceptedMARChannels(void)
+    __attribute__((weak_import)) __attribute__((visibility("default")));
+}
+
+#endif  // UpdateSettings_h_
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm
new file mode 100644
index 0000000000..2c39f13f3b
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm
@@ -0,0 +1,13 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "UpdateSettings.h"
+
+#include "mozilla/HelperMacros.h"
+
+NSString* UpdateSettingsGetAcceptedMARChannels(void) {
+  return
+      [NSString stringWithFormat:@"[Settings]\nACCEPTED_MAR_CHANNEL_IDS=%s\n",
+                                 ACCEPTED_MAR_CHANNEL_IDS];
+}
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build
new file mode 100644
index 0000000000..67de1d68f7
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build
@@ -0,0 +1,24 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Framework("UpdateSettings")
+
+if CONFIG["ACCEPTED_MAR_CHANNEL_IDS"]:
+    DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"%s"' % CONFIG["ACCEPTED_MAR_CHANNEL_IDS"]
+else:
+    DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '""'
+
+EXPORTS += [
+    "UpdateSettings.h",
+]
+
+UNIFIED_SOURCES += [
+    "UpdateSettings.mm",
+]
+
+OS_LIBS += [
+    "-framework Foundation",
+]
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h
new file mode 100644
index 0000000000..5964d9fb18
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h
@@ -0,0 +1,17 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef UpdateSettingsUtil_h_
+#define UpdateSettingsUtil_h_
+
+#include <optional>
+#include <string>
+
+class UpdateSettingsUtil {
+ public:
+  static std::optional<std::string> GetAcceptedMARChannelsValue();
+};
+
+#endif  // UpdateSettingsUtil_h_
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm
new file mode 100644
index 0000000000..6555fd1350
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm
@@ -0,0 +1,21 @@
+/* -*- Mode: Objective-C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset:
+ * 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#import "UpdateSettings/UpdateSettings.h"
+
+#include "UpdateSettingsUtil.h"
+
+/* static */
+std::optional<std::string> UpdateSettingsUtil::GetAcceptedMARChannelsValue() {
+  // `UpdateSettingsGetAcceptedMARChannels` is resolved at runtime and requires
+  // the UpdateSettings framework to be loaded.
+  if (UpdateSettingsGetAcceptedMARChannels) {
+    NSString* marChannels = UpdateSettingsGetAcceptedMARChannels();
+    return [marChannels UTF8String];
+  }
+  return {};
+}
diff --git a/toolkit/mozapps/update/updater/macos-frameworks/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/moz.build
new file mode 100644
index 0000000000..19fa11942e
--- /dev/null
+++ b/toolkit/mozapps/update/updater/macos-frameworks/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Toolkit", "Application Update")
+
+DIRS += ["UpdateSettings", "UpdateSettings-xpcshell", "UpdateSettings-WrongChannel"]
+
+EXPORTS += [
+    "UpdateSettingsUtil.h",
+]
+
+UNIFIED_SOURCES += [
+    "UpdateSettingsUtil.mm",
+]