From d8bbc7858622b6d9c278469aab701ca0b609cddf Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 15 May 2024 05:35:49 +0200 Subject: Merging upstream version 126.0. Signed-off-by: Daniel Baumann --- .../UpdateSettings-WrongChannel/moz.build | 18 +++++ .../UpdateSettings-xpcshell/moz.build | 18 +++++ .../macos-frameworks/UpdateSettings/Info.plist | 24 +++++++ .../macos-frameworks/UpdateSettings/README.md | 77 ++++++++++++++++++++++ .../UpdateSettings/UpdateSettings.h | 17 +++++ .../UpdateSettings/UpdateSettings.mm | 13 ++++ .../macos-frameworks/UpdateSettings/moz.build | 24 +++++++ .../updater/macos-frameworks/UpdateSettingsUtil.h | 17 +++++ .../updater/macos-frameworks/UpdateSettingsUtil.mm | 21 ++++++ .../update/updater/macos-frameworks/moz.build | 18 +++++ 10 files changed, 247 insertions(+) create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm create mode 100644 toolkit/mozapps/update/updater/macos-frameworks/moz.build (limited to 'toolkit/mozapps/update/updater/macos-frameworks') diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build new file mode 100644 index 0000000000..e1f4ad0981 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-WrongChannel/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Framework("UpdateSettings-WrongChannel") +FINAL_TARGET = "_tests/xpcshell/toolkit/mozapps/update/tests" + +DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"wrong-channel"' + +UNIFIED_SOURCES += [ + "../UpdateSettings/UpdateSettings.mm", +] + +OS_LIBS += [ + "-framework Foundation", +] diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build new file mode 100644 index 0000000000..6c9b43b146 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings-xpcshell/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Framework("UpdateSettings-xpcshell") +FINAL_TARGET = "_tests/xpcshell/toolkit/mozapps/update/tests" + +DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"xpcshell-test"' + +UNIFIED_SOURCES += [ + "../UpdateSettings/UpdateSettings.mm", +] + +OS_LIBS += [ + "-framework Foundation", +] diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist new file mode 100644 index 0000000000..65777a475f --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/Info.plist @@ -0,0 +1,24 @@ + + + + + CFBundleDevelopmentRegion + en + CFBundleExecutable + UpdateSettings + CFBundleIdentifier + org.mozilla.updatesettings + CFBundleInfoDictionaryVersion + 6.0 + CFBundleName + UpdateSettings + CFBundlePackageType + FMWK + CFBundleSignature + ???? + CFBundleShortVersionString + 1.0 + CFBundleVersion + 1.0 + + diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md new file mode 100644 index 0000000000..32b9d2ea48 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/README.md @@ -0,0 +1,77 @@ +# UpdateSettings macOS Framework + +## Summary + +The UpdateSettings macOS Framework is used to set the accepted MAR download +channels. + +## What are MAR update channels and what are they used for? + +As the name implies, MAR update channels are the channels where MAR update files +are served from and we want to ensure that the updater only applies MAR files +from accepted channels. + +## Why do we need a Framework instead of compiling the accepted MAR update channels directly into the executable? + +There are three main use cases that make it necessary for the accepted MAR +update channels to be set by external means, such as a macOS Framework: + + 1. Allowing users on the Beta channel to test RC builds + +Our beta users test release candidate builds before they are released to the +release population. The MAR files related to release candidates have their MAR +channel set to `release`. We make it possible for beta users to test these +release candidate MAR files by having beta Firefox installs accept MAR files +with their internal update channel set to either `release` or `beta`. + + 2. Switching users to another channel, such as ESR + +In contrast to the Beta use case outlined above, there are times where we +explicitly WANT to switch users to a different channel. An example of this is +when hardware or a particular macOS version have reached their EOL. In this +case, we usually switch users to our ESR channel for extended support. We switch +users to a different channel by serving a MAR file that forces a change to the +update channels that will be accepted for future updates. In other words, while +users may have previously accepted MAR update files from the `release` channel, +they now only accept MAR files from the `esr` channel. + + 3. QA update testing + +QA requires a way to temporarily switch the MAR update channel to a test channel +in order to test MAR updates before new releases. + +## How does the UpdateSettings macOS Framework address these use cases? + +We are able to accommodate all three use cases above by enabling the updater to +ignore certain files on disk if they are already present, but continue to force +update them if so desired. + +In the case of a Beta user updating to an RC build, the updater would encounter +an UpdateSettings macOS Framework inside the .app bundle that has the accepted +MAR update channels set to `beta` and `release`. In this case, the updater will +not update the Framework, but update everything else. This beta user is now able +to run the RC build with the update channel still set to `beta` and `release` +and will be able to apply MAR files related to the next beta cycle once the end +of RC builds is reached. + +In the case of switching users to the ESR channel, the updater will be set to +forcefully update the UpdateSettings macOS Framework, even if already present on +disk. After the update, the user will now be set to accept MAR updates from the +`esr` channel only. + +Before releases, QA replaces the UpdateSettings macOS Framework within the .app +bundle and set the accepted MAR update channels to a test channel in order to +test MAR updates. During testing, the new Framework file would remain in place +for typical update testing, but gets replaced in case QA was testing channel +switching. + +## Why is a macOS Framework the best solution to store the accepted MAR update channels? + +Apple has started strengthening code signature checks and the requirements on +developers such as ourselves on how their apps are signed. In particular, +most files in the .app bundle are now included in signature verifications. + +A macOS Framework is the ideal solution to store the accepted MAR update +channels because Frameworks are the only component within a .app bundle that can +be replaced without invalidating the code signature on the .app bundle, as long +as both the previous and the new Framework are signed. diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h new file mode 100644 index 0000000000..65a7ba3e00 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.h @@ -0,0 +1,17 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef UpdateSettings_h_ +#define UpdateSettings_h_ + +#import + +extern "C" { + +// Returns the accepted MAR channels, as an autoreleased string. +extern NSString* UpdateSettingsGetAcceptedMARChannels(void) + __attribute__((weak_import)) __attribute__((visibility("default"))); +} + +#endif // UpdateSettings_h_ diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm new file mode 100644 index 0000000000..2c39f13f3b --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/UpdateSettings.mm @@ -0,0 +1,13 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "UpdateSettings.h" + +#include "mozilla/HelperMacros.h" + +NSString* UpdateSettingsGetAcceptedMARChannels(void) { + return + [NSString stringWithFormat:@"[Settings]\nACCEPTED_MAR_CHANNEL_IDS=%s\n", + ACCEPTED_MAR_CHANNEL_IDS]; +} diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build new file mode 100644 index 0000000000..67de1d68f7 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettings/moz.build @@ -0,0 +1,24 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Framework("UpdateSettings") + +if CONFIG["ACCEPTED_MAR_CHANNEL_IDS"]: + DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '"%s"' % CONFIG["ACCEPTED_MAR_CHANNEL_IDS"] +else: + DEFINES["ACCEPTED_MAR_CHANNEL_IDS"] = '""' + +EXPORTS += [ + "UpdateSettings.h", +] + +UNIFIED_SOURCES += [ + "UpdateSettings.mm", +] + +OS_LIBS += [ + "-framework Foundation", +] diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h new file mode 100644 index 0000000000..5964d9fb18 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.h @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef UpdateSettingsUtil_h_ +#define UpdateSettingsUtil_h_ + +#include +#include + +class UpdateSettingsUtil { + public: + static std::optional GetAcceptedMARChannelsValue(); +}; + +#endif // UpdateSettingsUtil_h_ diff --git a/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm new file mode 100644 index 0000000000..6555fd1350 --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/UpdateSettingsUtil.mm @@ -0,0 +1,21 @@ +/* -*- Mode: Objective-C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: + * 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#import "UpdateSettings/UpdateSettings.h" + +#include "UpdateSettingsUtil.h" + +/* static */ +std::optional UpdateSettingsUtil::GetAcceptedMARChannelsValue() { + // `UpdateSettingsGetAcceptedMARChannels` is resolved at runtime and requires + // the UpdateSettings framework to be loaded. + if (UpdateSettingsGetAcceptedMARChannels) { + NSString* marChannels = UpdateSettingsGetAcceptedMARChannels(); + return [marChannels UTF8String]; + } + return {}; +} diff --git a/toolkit/mozapps/update/updater/macos-frameworks/moz.build b/toolkit/mozapps/update/updater/macos-frameworks/moz.build new file mode 100644 index 0000000000..19fa11942e --- /dev/null +++ b/toolkit/mozapps/update/updater/macos-frameworks/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +with Files("**"): + BUG_COMPONENT = ("Toolkit", "Application Update") + +DIRS += ["UpdateSettings", "UpdateSettings-xpcshell", "UpdateSettings-WrongChannel"] + +EXPORTS += [ + "UpdateSettingsUtil.h", +] + +UNIFIED_SOURCES += [ + "UpdateSettingsUtil.mm", +] -- cgit v1.2.3