diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /toolkit/mozapps/update/UpdateService.sys.mjs | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'toolkit/mozapps/update/UpdateService.sys.mjs')
-rw-r--r-- | toolkit/mozapps/update/UpdateService.sys.mjs | 7229 |
1 files changed, 7229 insertions, 0 deletions
diff --git a/toolkit/mozapps/update/UpdateService.sys.mjs b/toolkit/mozapps/update/UpdateService.sys.mjs new file mode 100644 index 0000000000..5e9caf090e --- /dev/null +++ b/toolkit/mozapps/update/UpdateService.sys.mjs @@ -0,0 +1,7229 @@ +/* -*- Mode: javascript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; +import { AUSTLMY } from "resource://gre/modules/UpdateTelemetry.sys.mjs"; + +import { + Bits, + BitsRequest, + BitsUnknownError, + BitsVerificationError, +} from "resource://gre/modules/Bits.sys.mjs"; +import { FileUtils } from "resource://gre/modules/FileUtils.sys.mjs"; +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + AddonManager: "resource://gre/modules/AddonManager.sys.mjs", + AsyncShutdown: "resource://gre/modules/AsyncShutdown.sys.mjs", + CertUtils: "resource://gre/modules/CertUtils.sys.mjs", + DeferredTask: "resource://gre/modules/DeferredTask.sys.mjs", + UpdateUtils: "resource://gre/modules/UpdateUtils.sys.mjs", + WindowsRegistry: "resource://gre/modules/WindowsRegistry.sys.mjs", + ctypes: "resource://gre/modules/ctypes.sys.mjs", + setTimeout: "resource://gre/modules/Timer.sys.mjs", +}); + +XPCOMUtils.defineLazyServiceGetter( + lazy, + "AUS", + "@mozilla.org/updates/update-service;1", + "nsIApplicationUpdateService" +); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "UM", + "@mozilla.org/updates/update-manager;1", + "nsIUpdateManager" +); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "CheckSvc", + "@mozilla.org/updates/update-checker;1", + "nsIUpdateChecker" +); + +if (AppConstants.ENABLE_WEBDRIVER) { + XPCOMUtils.defineLazyServiceGetter( + lazy, + "Marionette", + "@mozilla.org/remote/marionette;1", + "nsIMarionette" + ); + + XPCOMUtils.defineLazyServiceGetter( + lazy, + "RemoteAgent", + "@mozilla.org/remote/agent;1", + "nsIRemoteAgent" + ); +} else { + lazy.Marionette = { running: false }; + lazy.RemoteAgent = { running: false }; +} + +const UPDATESERVICE_CID = Components.ID( + "{B3C290A6-3943-4B89-8BBE-C01EB7B3B311}" +); + +const PREF_APP_UPDATE_ALTUPDATEDIRPATH = "app.update.altUpdateDirPath"; +const PREF_APP_UPDATE_BACKGROUNDERRORS = "app.update.backgroundErrors"; +const PREF_APP_UPDATE_BACKGROUNDMAXERRORS = "app.update.backgroundMaxErrors"; +const PREF_APP_UPDATE_BITS_ENABLED = "app.update.BITS.enabled"; +const PREF_APP_UPDATE_CANCELATIONS = "app.update.cancelations"; +const PREF_APP_UPDATE_CANCELATIONS_OSX = "app.update.cancelations.osx"; +const PREF_APP_UPDATE_CANCELATIONS_OSX_MAX = "app.update.cancelations.osx.max"; +const PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_ENABLED = + "app.update.checkOnlyInstance.enabled"; +const PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_INTERVAL = + "app.update.checkOnlyInstance.interval"; +const PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_TIMEOUT = + "app.update.checkOnlyInstance.timeout"; +const PREF_APP_UPDATE_DISABLEDFORTESTING = "app.update.disabledForTesting"; +const PREF_APP_UPDATE_DOWNLOAD_ATTEMPTS = "app.update.download.attempts"; +const PREF_APP_UPDATE_DOWNLOAD_MAXATTEMPTS = "app.update.download.maxAttempts"; +const PREF_APP_UPDATE_ELEVATE_NEVER = "app.update.elevate.never"; +const PREF_APP_UPDATE_ELEVATE_VERSION = "app.update.elevate.version"; +const PREF_APP_UPDATE_ELEVATE_ATTEMPTS = "app.update.elevate.attempts"; +const PREF_APP_UPDATE_ELEVATE_MAXATTEMPTS = "app.update.elevate.maxAttempts"; +const PREF_APP_UPDATE_LANGPACK_ENABLED = "app.update.langpack.enabled"; +const PREF_APP_UPDATE_LANGPACK_TIMEOUT = "app.update.langpack.timeout"; +const PREF_APP_UPDATE_LOG = "app.update.log"; +const PREF_APP_UPDATE_LOG_FILE = "app.update.log.file"; +const PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD = "app.update.notifyDuringDownload"; +const PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_ENABLED = + "app.update.noWindowAutoRestart.enabled"; +const PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_DELAY_MS = + "app.update.noWindowAutoRestart.delayMs"; +const PREF_APP_UPDATE_PROMPTWAITTIME = "app.update.promptWaitTime"; +const PREF_APP_UPDATE_SERVICE_ENABLED = "app.update.service.enabled"; +const PREF_APP_UPDATE_SERVICE_ERRORS = "app.update.service.errors"; +const PREF_APP_UPDATE_SERVICE_MAXERRORS = "app.update.service.maxErrors"; +const PREF_APP_UPDATE_SOCKET_MAXERRORS = "app.update.socket.maxErrors"; +const PREF_APP_UPDATE_SOCKET_RETRYTIMEOUT = "app.update.socket.retryTimeout"; +const PREF_APP_UPDATE_STAGING_ENABLED = "app.update.staging.enabled"; +const PREF_APP_UPDATE_URL_DETAILS = "app.update.url.details"; +const PREF_NETWORK_PROXY_TYPE = "network.proxy.type"; + +const URI_BRAND_PROPERTIES = "chrome://branding/locale/brand.properties"; +const URI_UPDATE_NS = "http://www.mozilla.org/2005/app-update"; +const URI_UPDATES_PROPERTIES = + "chrome://mozapps/locale/update/updates.properties"; + +const KEY_EXECUTABLE = "XREExeF"; +const KEY_PROFILE_DIR = "ProfD"; +const KEY_UPDROOT = "UpdRootD"; +const KEY_OLD_UPDROOT = "OldUpdRootD"; + +const DIR_UPDATES = "updates"; +const DIR_UPDATE_READY = "0"; +const DIR_UPDATE_DOWNLOADING = "downloading"; + +const FILE_ACTIVE_UPDATE_XML = "active-update.xml"; +const FILE_BACKUP_UPDATE_LOG = "backup-update.log"; +const FILE_BT_RESULT = "bt.result"; +const FILE_LAST_UPDATE_LOG = "last-update.log"; +const FILE_UPDATES_XML = "updates.xml"; +const FILE_UPDATE_LOG = "update.log"; +const FILE_UPDATE_MAR = "update.mar"; +const FILE_UPDATE_STATUS = "update.status"; +const FILE_UPDATE_TEST = "update.test"; +const FILE_UPDATE_VERSION = "update.version"; +const FILE_UPDATE_MESSAGES = "update_messages.log"; + +const STATE_NONE = "null"; +const STATE_DOWNLOADING = "downloading"; +const STATE_PENDING = "pending"; +const STATE_PENDING_SERVICE = "pending-service"; +const STATE_PENDING_ELEVATE = "pending-elevate"; +const STATE_APPLYING = "applying"; +const STATE_APPLIED = "applied"; +const STATE_APPLIED_SERVICE = "applied-service"; +const STATE_SUCCEEDED = "succeeded"; +const STATE_DOWNLOAD_FAILED = "download-failed"; +const STATE_FAILED = "failed"; + +// BITS will keep retrying a download after transient errors, unless this much +// time has passed since there has been download progress. +// Similarly to ...POLL_RATE_MS below, we are much more aggressive when the user +// is watching the download progress. +const BITS_IDLE_NO_PROGRESS_TIMEOUT_SECS = 3600; // 1 hour +const BITS_ACTIVE_NO_PROGRESS_TIMEOUT_SECS = 5; + +// These value control how frequently we get updates from the BITS client on +// the progress made downloading. The difference between the two is that the +// active interval is the one used when the user is watching. The idle interval +// is the one used when no one is watching. +const BITS_IDLE_POLL_RATE_MS = 1000; +const BITS_ACTIVE_POLL_RATE_MS = 200; + +// The values below used by this code are from common/updatererrors.h +const WRITE_ERROR = 7; +const ELEVATION_CANCELED = 9; +const SERVICE_UPDATER_COULD_NOT_BE_STARTED = 24; +const SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS = 25; +const SERVICE_UPDATER_SIGN_ERROR = 26; +const SERVICE_UPDATER_COMPARE_ERROR = 27; +const SERVICE_UPDATER_IDENTITY_ERROR = 28; +const SERVICE_STILL_APPLYING_ON_SUCCESS = 29; +const SERVICE_STILL_APPLYING_ON_FAILURE = 30; +const SERVICE_UPDATER_NOT_FIXED_DRIVE = 31; +const SERVICE_COULD_NOT_LOCK_UPDATER = 32; +const SERVICE_INSTALLDIR_ERROR = 33; +const WRITE_ERROR_ACCESS_DENIED = 35; +const WRITE_ERROR_CALLBACK_APP = 37; +const UNEXPECTED_STAGING_ERROR = 43; +const DELETE_ERROR_STAGING_LOCK_FILE = 44; +const SERVICE_COULD_NOT_COPY_UPDATER = 49; +const SERVICE_STILL_APPLYING_TERMINATED = 50; +const SERVICE_STILL_APPLYING_NO_EXIT_CODE = 51; +const SERVICE_COULD_NOT_IMPERSONATE = 58; +const WRITE_ERROR_FILE_COPY = 61; +const WRITE_ERROR_DELETE_FILE = 62; +const WRITE_ERROR_OPEN_PATCH_FILE = 63; +const WRITE_ERROR_PATCH_FILE = 64; +const WRITE_ERROR_APPLY_DIR_PATH = 65; +const WRITE_ERROR_CALLBACK_PATH = 66; +const WRITE_ERROR_FILE_ACCESS_DENIED = 67; +const WRITE_ERROR_DIR_ACCESS_DENIED = 68; +const WRITE_ERROR_DELETE_BACKUP = 69; +const WRITE_ERROR_EXTRACT = 70; + +// Error codes 80 through 99 are reserved for UpdateService.jsm and are not +// defined in common/updatererrors.h +const ERR_UPDATER_CRASHED = 89; +const ERR_OLDER_VERSION_OR_SAME_BUILD = 90; +const ERR_UPDATE_STATE_NONE = 91; +const ERR_CHANNEL_CHANGE = 92; +const INVALID_UPDATER_STATE_CODE = 98; +const INVALID_UPDATER_STATUS_CODE = 99; + +const SILENT_UPDATE_NEEDED_ELEVATION_ERROR = 105; +const WRITE_ERROR_BACKGROUND_TASK_SHARING_VIOLATION = 106; + +// Array of write errors to simplify checks for write errors +const WRITE_ERRORS = [ + WRITE_ERROR, + WRITE_ERROR_ACCESS_DENIED, + WRITE_ERROR_CALLBACK_APP, + WRITE_ERROR_FILE_COPY, + WRITE_ERROR_DELETE_FILE, + WRITE_ERROR_OPEN_PATCH_FILE, + WRITE_ERROR_PATCH_FILE, + WRITE_ERROR_APPLY_DIR_PATH, + WRITE_ERROR_CALLBACK_PATH, + WRITE_ERROR_FILE_ACCESS_DENIED, + WRITE_ERROR_DIR_ACCESS_DENIED, + WRITE_ERROR_DELETE_BACKUP, + WRITE_ERROR_EXTRACT, + WRITE_ERROR_BACKGROUND_TASK_SHARING_VIOLATION, +]; + +// Array of write errors to simplify checks for service errors +const SERVICE_ERRORS = [ + SERVICE_UPDATER_COULD_NOT_BE_STARTED, + SERVICE_NOT_ENOUGH_COMMAND_LINE_ARGS, + SERVICE_UPDATER_SIGN_ERROR, + SERVICE_UPDATER_COMPARE_ERROR, + SERVICE_UPDATER_IDENTITY_ERROR, + SERVICE_STILL_APPLYING_ON_SUCCESS, + SERVICE_STILL_APPLYING_ON_FAILURE, + SERVICE_UPDATER_NOT_FIXED_DRIVE, + SERVICE_COULD_NOT_LOCK_UPDATER, + SERVICE_INSTALLDIR_ERROR, + SERVICE_COULD_NOT_COPY_UPDATER, + SERVICE_STILL_APPLYING_TERMINATED, + SERVICE_STILL_APPLYING_NO_EXIT_CODE, + SERVICE_COULD_NOT_IMPERSONATE, +]; + +// Custom update error codes +const BACKGROUNDCHECK_MULTIPLE_FAILURES = 110; +const NETWORK_ERROR_OFFLINE = 111; + +// Error codes should be < 1000. Errors above 1000 represent http status codes +const HTTP_ERROR_OFFSET = 1000; + +// The is an HRESULT error that may be returned from the BITS interface +// indicating that access was denied. Often, this error code is returned when +// attempting to access a job created by a different user. +const HRESULT_E_ACCESSDENIED = -2147024891; + +const DOWNLOAD_CHUNK_SIZE = 300000; // bytes + +// The number of consecutive failures when updating using the service before +// setting the app.update.service.enabled preference to false. +const DEFAULT_SERVICE_MAX_ERRORS = 10; + +// The number of consecutive socket errors to allow before falling back to +// downloading a different MAR file or failing if already downloading the full. +const DEFAULT_SOCKET_MAX_ERRORS = 10; + +// The number of milliseconds to wait before retrying a connection error. +const DEFAULT_SOCKET_RETRYTIMEOUT = 2000; + +// Default maximum number of elevation cancelations per update version before +// giving up. +const DEFAULT_CANCELATIONS_OSX_MAX = 3; + +// This maps app IDs to their respective notification topic which signals when +// the application's user interface has been displayed. +const APPID_TO_TOPIC = { + // Firefox + "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}": "sessionstore-windows-restored", + // SeaMonkey + "{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}": "sessionstore-windows-restored", + // Thunderbird + "{3550f703-e582-4d05-9a08-453d09bdfdc6}": "mail-startup-done", +}; + +// The interval for the update xml write deferred task. +const XML_SAVER_INTERVAL_MS = 200; + +// How long after a patch has downloaded should we wait for language packs to +// update before proceeding anyway. +const LANGPACK_UPDATE_DEFAULT_TIMEOUT = 300000; + +// Interval between rechecks for other instances after the initial check finds +// at least one other instance. +const ONLY_INSTANCE_CHECK_DEFAULT_POLL_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes + +// Wait this long after detecting that another instance is running (having been +// polling that entire time) before giving up and applying the update anyway. +const ONLY_INSTANCE_CHECK_DEFAULT_TIMEOUT_MS = 6 * 60 * 60 * 1000; // 6 hours + +// The other instance check timeout can be overridden via a pref, but we limit +// that value to this so that the pref can't effectively disable the feature. +const ONLY_INSTANCE_CHECK_MAX_TIMEOUT_MS = 2 * 24 * 60 * 60 * 1000; // 2 days + +// Values to use when polling for staging. See `pollForStagingEnd` for more +// details. +const STAGING_POLLING_MIN_INTERVAL_MS = 15 * 1000; // 15 seconds +const STAGING_POLLING_MAX_INTERVAL_MS = 5 * 60 * 1000; // 5 minutes +const STAGING_POLLING_ATTEMPTS_PER_INTERVAL = 5; +const STAGING_POLLING_MAX_DURATION_MS = 1 * 60 * 60 * 1000; // 1 hour + +var gUpdateMutexHandle = null; +// This is the file stream used for the log file. +var gLogfileOutputStream; +// This value will be set to true if it appears that BITS is being used by +// another user to download updates. We don't really want two users using BITS +// at once. Computers with many users (ex: a school computer), should not end +// up with dozens of BITS jobs. +var gBITSInUseByAnotherUser = false; +// The update service can be invoked as part of a standalone headless background +// task. In this context, when the background task kicks off an update +// download, we don't want it to move on to staging. As soon as the download has +// kicked off, the task begins shutting down and, even if the the download +// completes incredibly quickly, we don't want staging to begin while we are +// shutting down. That isn't a well tested scenario and it's possible that it +// could leave us in a bad state. +let gOnlyDownloadUpdatesThisSession = false; +// This will be the backing for `nsIApplicationUpdateService.currentState` +var gUpdateState = Ci.nsIApplicationUpdateService.STATE_IDLE; + +/** + * Simple container and constructor for a Promise and its resolve function. + */ +class SelfContainedPromise { + constructor() { + this.promise = new Promise(resolve => { + this.resolve = resolve; + }); + } +} + +// This will contain a `SelfContainedPromise` that will be used to back +// `nsIApplicationUpdateService.stateTransition`. +var gStateTransitionPromise = new SelfContainedPromise(); + +XPCOMUtils.defineLazyGetter(lazy, "gLogEnabled", function aus_gLogEnabled() { + return ( + Services.prefs.getBoolPref(PREF_APP_UPDATE_LOG, false) || + Services.prefs.getBoolPref(PREF_APP_UPDATE_LOG_FILE, false) + ); +}); + +XPCOMUtils.defineLazyGetter( + lazy, + "gLogfileEnabled", + function aus_gLogfileEnabled() { + return Services.prefs.getBoolPref(PREF_APP_UPDATE_LOG_FILE, false); + } +); + +XPCOMUtils.defineLazyGetter( + lazy, + "gUpdateBundle", + function aus_gUpdateBundle() { + return Services.strings.createBundle(URI_UPDATES_PROPERTIES); + } +); + +/** + * gIsBackgroundTaskMode will be true if Firefox is currently running as a + * background task. Otherwise it will be false. + */ +XPCOMUtils.defineLazyGetter( + lazy, + "gIsBackgroundTaskMode", + function aus_gCurrentlyRunningAsBackgroundTask() { + if (!("@mozilla.org/backgroundtasks;1" in Cc)) { + return false; + } + const bts = Cc["@mozilla.org/backgroundtasks;1"].getService( + Ci.nsIBackgroundTasks + ); + if (!bts) { + return false; + } + return bts.isBackgroundTaskMode; + } +); + +/** + * Changes `nsIApplicationUpdateService.currentState` and causes + * `nsIApplicationUpdateService.stateTransition` to resolve. + */ +function transitionState(newState) { + if (newState == gUpdateState) { + LOG("transitionState - Not transitioning state because it isn't changing."); + return; + } + LOG( + `transitionState - "${lazy.AUS.getStateName(gUpdateState)}" -> ` + + `"${lazy.AUS.getStateName(newState)}".` + ); + gUpdateState = newState; + // Assign the new Promise before we resolve the old one just to make sure that + // anything that runs as a result of `resolve` doesn't end up waiting on the + // Promise that already resolved. + let oldStateTransitionPromise = gStateTransitionPromise; + gStateTransitionPromise = new SelfContainedPromise(); + oldStateTransitionPromise.resolve(); +} + +/** + * When a plain JS object is passed through xpconnect the other side sees a + * wrapped version of the object instead of the real object. Since these two + * objects are different they act as different keys for Map and WeakMap. However + * xpconnect gives us a way to get the underlying JS object from the wrapper so + * this function returns the JS object regardless of whether passed the JS + * object or its wrapper for use in places where it is unclear which one you + * have. + */ +function unwrap(obj) { + return obj.wrappedJSObject ?? obj; +} + +/** + * When an update starts to download (and if the feature is enabled) the add-ons + * manager starts downloading updated language packs for the new application + * version. A promise is used to track whether those updates are complete so the + * front-end is only notified that an application update is ready once the + * language pack updates have been staged. + * + * In order to be able to access that promise from various places in the update + * service they are cached in this map using the nsIUpdate object as a weak + * owner. Note that the key should always be the result of calling the above + * unwrap function on the nsIUpdate to ensure a consistent object is used as the + * key. + * + * When the language packs finish staging the nsIUpdate entriy is removed from + * this map so if the entry is still there then language pack updates are in + * progress. + */ +const LangPackUpdates = new WeakMap(); + +/** + * When we're polling to see if other running instances of the application have + * exited, there's no need to ever start polling again in parallel. To prevent + * doing that, we keep track of the promise that resolves when polling completes + * and return that if a second simultaneous poll is requested, so that the + * multiple callers end up waiting for the same promise to resolve. + */ +let gOtherInstancePollPromise; + +/** + * Query the update sync manager to see if another instance of this same + * installation of this application is currently running, under the context of + * any operating system user (not just the current one). + * This function immediately returns the current, instantaneous status of any + * other instances. + * + * @return true if at least one other instance is running, false if not + */ +function isOtherInstanceRunning(callback) { + const checkEnabled = Services.prefs.getBoolPref( + PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_ENABLED, + true + ); + if (!checkEnabled) { + LOG("isOtherInstanceRunning - disabled by pref, skipping check"); + return false; + } + + try { + let syncManager = Cc[ + "@mozilla.org/updates/update-sync-manager;1" + ].getService(Ci.nsIUpdateSyncManager); + return syncManager.isOtherInstanceRunning(); + } catch (ex) { + LOG(`isOtherInstanceRunning - sync manager failed with exception: ${ex}`); + return false; + } +} + +/** + * Query the update sync manager to see if another instance of this same + * installation of this application is currently running, under the context of + * any operating system user (not just the one running this instance). + * This function polls for the status of other instances continually + * (asynchronously) until either none exist or a timeout expires. + * + * @return a Promise that resolves with false if at any point during polling no + * other instances can be found, or resolves with true if the timeout + * expires when other instances are still running + */ +function waitForOtherInstances() { + // If we're already in the middle of a poll, reuse it rather than start again. + if (gOtherInstancePollPromise) { + return gOtherInstancePollPromise; + } + + let timeout = Services.prefs.getIntPref( + PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_TIMEOUT, + ONLY_INSTANCE_CHECK_DEFAULT_TIMEOUT_MS + ); + // Don't allow the pref to set a super high timeout and break this feature. + if (timeout > ONLY_INSTANCE_CHECK_MAX_TIMEOUT_MS) { + timeout = ONLY_INSTANCE_CHECK_MAX_TIMEOUT_MS; + } + + let interval = Services.prefs.getIntPref( + PREF_APP_UPDATE_CHECK_ONLY_INSTANCE_INTERVAL, + ONLY_INSTANCE_CHECK_DEFAULT_POLL_INTERVAL_MS + ); + // Don't allow an interval longer than the timeout. + interval = Math.min(interval, timeout); + + let iterations = 0; + const maxIterations = Math.ceil(timeout / interval); + + gOtherInstancePollPromise = new Promise(function (resolve, reject) { + let poll = function () { + iterations++; + if (!isOtherInstanceRunning()) { + LOG("waitForOtherInstances - no other instances found, exiting"); + resolve(false); + gOtherInstancePollPromise = undefined; + } else if (iterations >= maxIterations) { + LOG( + "waitForOtherInstances - timeout expired while other instances " + + "are still running" + ); + resolve(true); + gOtherInstancePollPromise = undefined; + } else if (iterations + 1 == maxIterations && timeout % interval != 0) { + // In case timeout isn't a multiple of interval, set the next timeout + // for the remainder of the time rather than for the usual interval. + lazy.setTimeout(poll, timeout % interval); + } else { + lazy.setTimeout(poll, interval); + } + }; + + LOG("waitForOtherInstances - beginning polling"); + poll(); + }); + + return gOtherInstancePollPromise; +} + +/** + * Tests to make sure that we can write to a given directory. + * + * @param updateTestFile a test file in the directory that needs to be tested. + * @param createDirectory whether a test directory should be created. + * @throws if we don't have right access to the directory. + */ +function testWriteAccess(updateTestFile, createDirectory) { + const NORMAL_FILE_TYPE = Ci.nsIFile.NORMAL_FILE_TYPE; + const DIRECTORY_TYPE = Ci.nsIFile.DIRECTORY_TYPE; + if (updateTestFile.exists()) { + updateTestFile.remove(false); + } + updateTestFile.create( + createDirectory ? DIRECTORY_TYPE : NORMAL_FILE_TYPE, + createDirectory ? FileUtils.PERMS_DIRECTORY : FileUtils.PERMS_FILE + ); + updateTestFile.remove(false); +} + +/** + * Windows only function that closes a Win32 handle. + * + * @param handle The handle to close + */ +function closeHandle(handle) { + if (handle) { + let lib = lazy.ctypes.open("kernel32.dll"); + let CloseHandle = lib.declare( + "CloseHandle", + lazy.ctypes.winapi_abi, + lazy.ctypes.int32_t /* success */, + lazy.ctypes.void_t.ptr + ); /* handle */ + CloseHandle(handle); + lib.close(); + } +} + +/** + * Windows only function that creates a mutex. + * + * @param aName + * The name for the mutex. + * @param aAllowExisting + * If false the function will close the handle and return null. + * @return The Win32 handle to the mutex. + */ +function createMutex(aName, aAllowExisting = true) { + if (AppConstants.platform != "win") { + throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); + } + + const INITIAL_OWN = 1; + const ERROR_ALREADY_EXISTS = 0xb7; + let lib = lazy.ctypes.open("kernel32.dll"); + let CreateMutexW = lib.declare( + "CreateMutexW", + lazy.ctypes.winapi_abi, + lazy.ctypes.void_t.ptr /* return handle */, + lazy.ctypes.void_t.ptr /* security attributes */, + lazy.ctypes.int32_t /* initial owner */, + lazy.ctypes.char16_t.ptr + ); /* name */ + + let handle = CreateMutexW(null, INITIAL_OWN, aName); + let alreadyExists = lazy.ctypes.winLastError == ERROR_ALREADY_EXISTS; + if (handle && !handle.isNull() && !aAllowExisting && alreadyExists) { + closeHandle(handle); + handle = null; + } + lib.close(); + + if (handle && handle.isNull()) { + handle = null; + } + + return handle; +} + +/** + * Windows only function that determines a unique mutex name for the + * installation. + * + * @param aGlobal + * true if the function should return a global mutex. A global mutex is + * valid across different sessions. + * @return Global mutex path + */ +function getPerInstallationMutexName(aGlobal = true) { + if (AppConstants.platform != "win") { + throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); + } + + let hasher = Cc["@mozilla.org/security/hash;1"].createInstance( + Ci.nsICryptoHash + ); + hasher.init(hasher.SHA1); + + let exeFile = Services.dirsvc.get(KEY_EXECUTABLE, Ci.nsIFile); + + let converter = Cc[ + "@mozilla.org/intl/scriptableunicodeconverter" + ].createInstance(Ci.nsIScriptableUnicodeConverter); + converter.charset = "UTF-8"; + var data = converter.convertToByteArray(exeFile.path.toLowerCase()); + + hasher.update(data, data.length); + return ( + (aGlobal ? "Global\\" : "") + "MozillaUpdateMutex-" + hasher.finish(true) + ); +} + +/** + * Whether or not the current instance has the update mutex. The update mutex + * gives protection against 2 applications from the same installation updating: + * 1) Running multiple profiles from the same installation path + * 2) Two applications running in 2 different user sessions from the same path + * + * @return true if this instance holds the update mutex + */ +function hasUpdateMutex() { + if (AppConstants.platform != "win") { + return true; + } + if (!gUpdateMutexHandle) { + gUpdateMutexHandle = createMutex(getPerInstallationMutexName(true), false); + } + return !!gUpdateMutexHandle; +} + +/** + * Determines whether or not all descendants of a directory are writeable. + * Note: Does not check the root directory itself for writeability. + * + * @return true if all descendants are writeable, false otherwise + */ +function areDirectoryEntriesWriteable(aDir) { + let items = aDir.directoryEntries; + while (items.hasMoreElements()) { + let item = items.nextFile; + if (!item.isWritable()) { + LOG("areDirectoryEntriesWriteable - unable to write to " + item.path); + return false; + } + if (item.isDirectory() && !areDirectoryEntriesWriteable(item)) { + return false; + } + } + return true; +} + +/** + * OSX only function to determine if the user requires elevation to be able to + * write to the application bundle. + * + * @return true if elevation is required, false otherwise + */ +function getElevationRequired() { + if (AppConstants.platform != "macosx") { + return false; + } + + try { + // Recursively check that the application bundle (and its descendants) can + // be written to. + LOG( + "getElevationRequired - recursively testing write access on " + + getInstallDirRoot().path + ); + if ( + !getInstallDirRoot().isWritable() || + !areDirectoryEntriesWriteable(getInstallDirRoot()) + ) { + LOG( + "getElevationRequired - unable to write to application bundle, " + + "elevation required" + ); + return true; + } + } catch (ex) { + LOG( + "getElevationRequired - unable to write to application bundle, " + + "elevation required. Exception: " + + ex + ); + return true; + } + LOG( + "getElevationRequired - able to write to application bundle, elevation " + + "not required" + ); + return false; +} + +/** + * A promise that resolves when language packs are downloading or if no language + * packs are being downloaded. + */ +function promiseLangPacksUpdated(update) { + let promise = LangPackUpdates.get(unwrap(update)); + if (promise) { + LOG( + "promiseLangPacksUpdated - waiting for language pack updates to stage." + ); + return promise; + } + + // In case callers rely on a promise just return an already resolved promise. + return Promise.resolve(); +} + +/** + * Determines whether or not an update can be applied. This is always true on + * Windows when the service is used. On Mac OS X and Linux, if the user has + * write access to the update directory this will return true because on OSX we + * offer users the option to perform an elevated update when necessary and on + * Linux the update directory is located in the application directory. + * + * @return true if an update can be applied, false otherwise + */ +function getCanApplyUpdates() { + try { + // Check if it is possible to write to the update directory so clients won't + // repeatedly try to apply an update without the ability to complete the + // update process which requires write access to the update directory. + let updateTestFile = getUpdateFile([FILE_UPDATE_TEST]); + LOG("getCanApplyUpdates - testing write access " + updateTestFile.path); + testWriteAccess(updateTestFile, false); + } catch (e) { + LOG( + "getCanApplyUpdates - unable to apply updates without write " + + "access to the update directory. Exception: " + + e + ); + return false; + } + + if (AppConstants.platform == "macosx") { + LOG( + "getCanApplyUpdates - bypass the write since elevation can be used " + + "on Mac OS X" + ); + return true; + } + + if (shouldUseService()) { + LOG( + "getCanApplyUpdates - bypass the write checks because the Windows " + + "Maintenance Service can be used" + ); + return true; + } + + try { + if (AppConstants.platform == "win") { + // On Windows when the maintenance service isn't used updates can still be + // performed in a location requiring admin privileges by the client + // accepting a UAC prompt from an elevation request made by the updater. + // Whether the client can elevate (e.g. has a split token) is determined + // in nsXULAppInfo::GetUserCanElevate which is located in nsAppRunner.cpp. + let userCanElevate = Services.appinfo.QueryInterface( + Ci.nsIWinAppHelper + ).userCanElevate; + if (lazy.gIsBackgroundTaskMode) { + LOG( + "getCanApplyUpdates - in background task mode, assuming user can't elevate" + ); + userCanElevate = false; + } + if (!userCanElevate) { + // if we're unable to create the test file this will throw an exception. + let appDirTestFile = getAppBaseDir(); + appDirTestFile.append(FILE_UPDATE_TEST); + LOG("getCanApplyUpdates - testing write access " + appDirTestFile.path); + if (appDirTestFile.exists()) { + appDirTestFile.remove(false); + } + appDirTestFile.create( + Ci.nsIFile.NORMAL_FILE_TYPE, + FileUtils.PERMS_FILE + ); + appDirTestFile.remove(false); + } + } + } catch (e) { + LOG("getCanApplyUpdates - unable to apply updates. Exception: " + e); + // No write access to the installation directory + return false; + } + + LOG("getCanApplyUpdates - able to apply updates"); + return true; +} + +/** + * Whether or not the application can stage an update for the current session. + * These checks are only performed once per session due to using a lazy getter. + * + * @return true if updates can be staged for this session. + */ +XPCOMUtils.defineLazyGetter( + lazy, + "gCanStageUpdatesSession", + function aus_gCSUS() { + if (getElevationRequired()) { + LOG( + "gCanStageUpdatesSession - unable to stage updates because elevation " + + "is required." + ); + return false; + } + + try { + let updateTestFile; + if (AppConstants.platform == "macosx") { + updateTestFile = getUpdateFile([FILE_UPDATE_TEST]); + } else { + updateTestFile = getInstallDirRoot(); + updateTestFile.append(FILE_UPDATE_TEST); + } + LOG( + "gCanStageUpdatesSession - testing write access " + updateTestFile.path + ); + testWriteAccess(updateTestFile, true); + if (AppConstants.platform != "macosx") { + // On all platforms except Mac, we need to test the parent directory as + // well, as we need to be able to move files in that directory during the + // replacing step. + updateTestFile = getInstallDirRoot().parent; + updateTestFile.append(FILE_UPDATE_TEST); + LOG( + "gCanStageUpdatesSession - testing write access " + + updateTestFile.path + ); + updateTestFile.createUnique( + Ci.nsIFile.DIRECTORY_TYPE, + FileUtils.PERMS_DIRECTORY + ); + updateTestFile.remove(false); + } + } catch (e) { + LOG("gCanStageUpdatesSession - unable to stage updates. Exception: " + e); + // No write privileges + return false; + } + + LOG("gCanStageUpdatesSession - able to stage updates"); + return true; + } +); + +/** + * Whether or not the application can stage an update. + * + * @param {boolean} [transient] Whether transient factors such as the update + * mutex should be considered. + * @return true if updates can be staged. + */ +function getCanStageUpdates(transient = true) { + // If staging updates are disabled, then just bail out! + if (!Services.prefs.getBoolPref(PREF_APP_UPDATE_STAGING_ENABLED, false)) { + LOG( + "getCanStageUpdates - staging updates is disabled by preference " + + PREF_APP_UPDATE_STAGING_ENABLED + ); + return false; + } + + if (AppConstants.platform == "win" && shouldUseService()) { + // No need to perform directory write checks, the maintenance service will + // be able to write to all directories. + LOG("getCanStageUpdates - able to stage updates using the service"); + return true; + } + + if (transient && !hasUpdateMutex()) { + LOG( + "getCanStageUpdates - unable to apply updates because another " + + "instance of the application is already handling updates for this " + + "installation." + ); + return false; + } + + return lazy.gCanStageUpdatesSession; +} + +/* + * Whether or not the application can use BITS to download updates. + * + * @param {boolean} [transient] Whether transient factors such as the update + * mutex should be considered. + * @return A string with one of these values: + * CanUseBits + * NoBits_NotWindows + * NoBits_FeatureOff + * NoBits_Pref + * NoBits_Proxy + * NoBits_OtherUser + * These strings are directly compatible with the categories for + * UPDATE_CAN_USE_BITS_EXTERNAL and UPDATE_CAN_USE_BITS_NOTIFY telemetry + * probes. If this function is made to return other values, they should + * also be added to the labels lists for those probes in Histograms.json + */ +function getCanUseBits(transient = true) { + if (AppConstants.platform != "win") { + LOG("getCanUseBits - Not using BITS because this is not Windows"); + return "NoBits_NotWindows"; + } + if (!AppConstants.MOZ_BITS_DOWNLOAD) { + LOG("getCanUseBits - Not using BITS because the feature is disabled"); + return "NoBits_FeatureOff"; + } + + if (!Services.prefs.getBoolPref(PREF_APP_UPDATE_BITS_ENABLED, true)) { + LOG("getCanUseBits - Not using BITS. Disabled by pref."); + return "NoBits_Pref"; + } + // Firefox support for passing proxies to BITS is still rudimentary. + // For now, disable BITS support on configurations that are not using the + // standard system proxy. + let defaultProxy = Ci.nsIProtocolProxyService.PROXYCONFIG_SYSTEM; + if ( + Services.prefs.getIntPref(PREF_NETWORK_PROXY_TYPE, defaultProxy) != + defaultProxy && + !Cu.isInAutomation + ) { + LOG("getCanUseBits - Not using BITS because of proxy usage"); + return "NoBits_Proxy"; + } + if (transient && gBITSInUseByAnotherUser) { + LOG("getCanUseBits - Not using BITS. Already in use by another user"); + return "NoBits_OtherUser"; + } + LOG("getCanUseBits - BITS can be used to download updates"); + return "CanUseBits"; +} + +/** + * Logs a string to the error console. If enabled, also logs to the update + * messages file. + * @param string + * The string to write to the error console. + */ +function LOG(string) { + if (lazy.gLogEnabled) { + dump("*** AUS:SVC " + string + "\n"); + if (!Cu.isInAutomation) { + Services.console.logStringMessage("AUS:SVC " + string); + } + + if (lazy.gLogfileEnabled) { + if (!gLogfileOutputStream) { + let logfile = Services.dirsvc.get(KEY_PROFILE_DIR, Ci.nsIFile); + logfile.append(FILE_UPDATE_MESSAGES); + gLogfileOutputStream = FileUtils.openAtomicFileOutputStream(logfile); + } + + try { + let encoded = new TextEncoder().encode(string + "\n"); + gLogfileOutputStream.write(encoded, encoded.length); + gLogfileOutputStream.flush(); + } catch (e) { + dump("*** AUS:SVC Unable to write to messages file: " + e + "\n"); + Services.console.logStringMessage( + "AUS:SVC Unable to write to messages file: " + e + ); + } + } + } +} + +/** + * Gets the specified directory at the specified hierarchy under the + * update root directory and creates it if it doesn't exist. + * @param pathArray + * An array of path components to locate beneath the directory + * specified by |key| + * @return nsIFile object for the location specified. + */ +function getUpdateDirCreate(pathArray) { + if (Cu.isInAutomation) { + // This allows tests to use an alternate updates directory so they can test + // startup behavior. + const MAGIC_TEST_ROOT_PREFIX = "<test-root>"; + const PREF_TEST_ROOT = "mochitest.testRoot"; + let alternatePath = Services.prefs.getCharPref( + PREF_APP_UPDATE_ALTUPDATEDIRPATH, + null + ); + if (alternatePath && alternatePath.startsWith(MAGIC_TEST_ROOT_PREFIX)) { + let testRoot = Services.prefs.getCharPref(PREF_TEST_ROOT); + let relativePath = alternatePath.substring(MAGIC_TEST_ROOT_PREFIX.length); + if (AppConstants.platform == "win") { + relativePath = relativePath.replace(/\//g, "\\"); + } + alternatePath = testRoot + relativePath; + let updateDir = Cc["@mozilla.org/file/local;1"].createInstance( + Ci.nsIFile + ); + updateDir.initWithPath(alternatePath); + for (let i = 0; i < pathArray.length; ++i) { + updateDir.append(pathArray[i]); + } + return updateDir; + } + } + + return FileUtils.getDir(KEY_UPDROOT, pathArray, true); +} + +/** + * Gets the application base directory. + * + * @return nsIFile object for the application base directory. + */ +function getAppBaseDir() { + return Services.dirsvc.get(KEY_EXECUTABLE, Ci.nsIFile).parent; +} + +/** + * Gets the root of the installation directory which is the application + * bundle directory on Mac OS X and the location of the application binary + * on all other platforms. + * + * @return nsIFile object for the directory + */ +function getInstallDirRoot() { + let dir = getAppBaseDir(); + if (AppConstants.platform == "macosx") { + // On macOS, the executable is stored under Contents/MacOS. + dir = dir.parent.parent; + } + return dir; +} + +/** + * Gets the file at the specified hierarchy under the update root directory. + * @param pathArray + * An array of path components to locate beneath the directory + * specified by |key|. The last item in this array must be the + * leaf name of a file. + * @return nsIFile object for the file specified. The file is NOT created + * if it does not exist, however all required directories along + * the way are. + */ +function getUpdateFile(pathArray) { + let file = getUpdateDirCreate(pathArray.slice(0, -1)); + file.append(pathArray[pathArray.length - 1]); + return file; +} + +/** + * This function is designed to let us slightly clean up the mapping between + * strings and error codes. So that instead of having: + * check_error-2147500036=Connection aborted + * check_error-2152398850=Connection aborted + * We can have: + * check_error-connection_aborted=Connection aborted + * And map both of those error codes to it. + */ +function maybeMapErrorCode(code) { + switch (code) { + case Cr.NS_BINDING_ABORTED: + case Cr.NS_ERROR_ABORT: + return "connection_aborted"; + } + return code; +} + +/** + * Returns human readable status text from the updates.properties bundle + * based on an error code + * @param code + * The error code to look up human readable status text for + * @param defaultCode + * The default code to look up should human readable status text + * not exist for |code| + * @return A human readable status text string + */ +function getStatusTextFromCode(code, defaultCode) { + code = maybeMapErrorCode(code); + + let reason; + try { + reason = lazy.gUpdateBundle.GetStringFromName("check_error-" + code); + LOG( + "getStatusTextFromCode - transfer error: " + reason + ", code: " + code + ); + } catch (e) { + defaultCode = maybeMapErrorCode(defaultCode); + + // Use the default reason + reason = lazy.gUpdateBundle.GetStringFromName("check_error-" + defaultCode); + LOG( + "getStatusTextFromCode - transfer error: " + + reason + + ", default code: " + + defaultCode + ); + } + return reason; +} + +/** + * Get the Ready Update directory. This is the directory that an update + * should reside in after download has completed but before it has been + * installed and cleaned up. + * @return The ready updates directory, as a nsIFile object + */ +function getReadyUpdateDir() { + return getUpdateDirCreate([DIR_UPDATES, DIR_UPDATE_READY]); +} + +/** + * Get the Downloading Update directory. This is the directory that an update + * should reside in during download. Once download is completed, it will be + * moved to the Ready Update directory. + * @return The downloading update directory, as a nsIFile object + */ +function getDownloadingUpdateDir() { + return getUpdateDirCreate([DIR_UPDATES, DIR_UPDATE_DOWNLOADING]); +} + +/** + * Reads the update state from the update.status file in the specified + * directory. + * @param dir + * The dir to look for an update.status file in + * @return The status value of the update. + */ +function readStatusFile(dir) { + let statusFile = dir.clone(); + statusFile.append(FILE_UPDATE_STATUS); + let status = readStringFromFile(statusFile) || STATE_NONE; + LOG("readStatusFile - status: " + status + ", path: " + statusFile.path); + return status; +} + +/** + * Reads the binary transparency result file from the given directory. + * Removes the file if it is present (so don't call this twice and expect a + * result the second time). + * @param dir + * The dir to look for an update.bt file in + * @return A error code from verifying binary transparency information or null + * if the file was not present (indicating there was no error). + */ +function readBinaryTransparencyResult(dir) { + let binaryTransparencyResultFile = dir.clone(); + binaryTransparencyResultFile.append(FILE_BT_RESULT); + let result = readStringFromFile(binaryTransparencyResultFile); + LOG( + "readBinaryTransparencyResult - result: " + + result + + ", path: " + + binaryTransparencyResultFile.path + ); + // If result is non-null, the file exists. We should remove it to avoid + // double-reporting this result. + if (result) { + binaryTransparencyResultFile.remove(false); + } + return result; +} + +/** + * Writes the current update operation/state to a file in the patch + * directory, indicating to the patching system that operations need + * to be performed. + * @param dir + * The patch directory where the update.status file should be + * written. + * @param state + * The state value to write. + */ +function writeStatusFile(dir, state) { + let statusFile = dir.clone(); + statusFile.append(FILE_UPDATE_STATUS); + writeStringToFile(statusFile, state); +} + +/** + * Writes the update's application version to a file in the patch directory. If + * the update doesn't provide application version information via the + * appVersion attribute the string "null" will be written to the file. + * This value is compared during startup (in nsUpdateDriver.cpp) to determine if + * the update should be applied. Note that this won't provide protection from + * downgrade of the application for the nightly user case where the application + * version doesn't change. + * @param dir + * The patch directory where the update.version file should be + * written. + * @param version + * The version value to write. Will be the string "null" when the + * update doesn't provide the appVersion attribute in the update xml. + */ +function writeVersionFile(dir, version) { + let versionFile = dir.clone(); + versionFile.append(FILE_UPDATE_VERSION); + writeStringToFile(versionFile, version); +} + +/** + * Determines if the service should be used to attempt an update + * or not. + * + * @return true if the service should be used for updates. + */ +function shouldUseService() { + // This function will return true if the mantenance service should be used if + // all of the following conditions are met: + // 1) This build was done with the maintenance service enabled + // 2) The maintenance service is installed + // 3) The pref for using the service is enabled + if ( + !AppConstants.MOZ_MAINTENANCE_SERVICE || + !isServiceInstalled() || + !Services.prefs.getBoolPref(PREF_APP_UPDATE_SERVICE_ENABLED, false) + ) { + LOG("shouldUseService - returning false"); + return false; + } + + LOG("shouldUseService - returning true"); + return true; +} + +/** + * Determines if the service is is installed. + * + * @return true if the service is installed. + */ +function isServiceInstalled() { + if (!AppConstants.MOZ_MAINTENANCE_SERVICE || AppConstants.platform != "win") { + LOG("isServiceInstalled - returning false"); + return false; + } + + let installed = 0; + try { + let wrk = Cc["@mozilla.org/windows-registry-key;1"].createInstance( + Ci.nsIWindowsRegKey + ); + wrk.open( + wrk.ROOT_KEY_LOCAL_MACHINE, + "SOFTWARE\\Mozilla\\MaintenanceService", + wrk.ACCESS_READ | wrk.WOW64_64 + ); + installed = wrk.readIntValue("Installed"); + wrk.close(); + } catch (e) {} + installed = installed == 1; // convert to bool + LOG("isServiceInstalled - returning " + installed); + return installed; +} + +/** + * Gets the appropriate pending update state. Returns STATE_PENDING_SERVICE, + * STATE_PENDING_ELEVATE, or STATE_PENDING. + */ +function getBestPendingState() { + if (shouldUseService()) { + return STATE_PENDING_SERVICE; + } else if (getElevationRequired()) { + return STATE_PENDING_ELEVATE; + } + return STATE_PENDING; +} + +/** + * Removes the contents of the ready update directory and rotates the update + * logs when present. If the update.log exists in the patch directory this will + * move the last-update.log if it exists to backup-update.log in the parent + * directory of the patch directory and then move the update.log in the patch + * directory to last-update.log in the parent directory of the patch directory. + * + * @param aRemovePatchFiles (optional, defaults to true) + * When true the update's patch directory contents are removed. + */ +function cleanUpReadyUpdateDir(aRemovePatchFiles = true) { + let updateDir; + try { + updateDir = getReadyUpdateDir(); + } catch (e) { + LOG( + "cleanUpReadyUpdateDir - unable to get the updates patch directory. " + + "Exception: " + + e + ); + return; + } + + // Preserve the last update log file for debugging purposes. + let updateLogFile = updateDir.clone(); + updateLogFile.append(FILE_UPDATE_LOG); + if (updateLogFile.exists()) { + let dir = updateDir.parent; + let logFile = dir.clone(); + logFile.append(FILE_LAST_UPDATE_LOG); + if (logFile.exists()) { + try { + logFile.moveTo(dir, FILE_BACKUP_UPDATE_LOG); + } catch (e) { + LOG( + "cleanUpReadyUpdateDir - failed to rename file " + + logFile.path + + " to " + + FILE_BACKUP_UPDATE_LOG + ); + } + } + + try { + updateLogFile.moveTo(dir, FILE_LAST_UPDATE_LOG); + } catch (e) { + LOG( + "cleanUpReadyUpdateDir - failed to rename file " + + updateLogFile.path + + " to " + + FILE_LAST_UPDATE_LOG + ); + } + } + + if (aRemovePatchFiles) { + let dirEntries = updateDir.directoryEntries; + while (dirEntries.hasMoreElements()) { + let file = dirEntries.nextFile; + // Now, recursively remove this file. The recursive removal is needed for + // Mac OSX because this directory will contain a copy of updater.app, + // which is itself a directory and the MozUpdater directory on platforms + // other than Windows. + try { + file.remove(true); + } catch (e) { + LOG("cleanUpReadyUpdateDir - failed to remove file " + file.path); + } + } + } +} + +/** + * Removes the contents of the update download directory. + * + */ +function cleanUpDownloadingUpdateDir() { + let updateDir; + try { + updateDir = getDownloadingUpdateDir(); + } catch (e) { + LOG( + "cleanUpDownloadUpdatesDir - unable to get the updates patch " + + "directory. Exception: " + + e + ); + return; + } + + let dirEntries = updateDir.directoryEntries; + while (dirEntries.hasMoreElements()) { + let file = dirEntries.nextFile; + // Now, recursively remove this file. + try { + file.remove(true); + } catch (e) { + LOG("cleanUpDownloadUpdatesDir - failed to remove file " + file.path); + } + } +} + +/** + * Clean up the updates list and the directory that contains the update that + * is ready to be installed. + * + * Note - This function causes a state transition to either STATE_DOWNLOADING + * or STATE_NONE, depending on whether an update download is in progress. + */ +function cleanupReadyUpdate() { + // Move the update from the Active Update list into the Past Updates list. + if (lazy.UM.readyUpdate) { + LOG("cleanupReadyUpdate - Clearing readyUpdate"); + lazy.UM.addUpdateToHistory(lazy.UM.readyUpdate); + lazy.UM.readyUpdate = null; + } + lazy.UM.saveUpdates(); + + let readyUpdateDir = getReadyUpdateDir(); + let shouldSetDownloadingStatus = + lazy.UM.downloadingUpdate || + readStatusFile(readyUpdateDir) == STATE_DOWNLOADING; + + // Now trash the ready update directory, since we're done with it + cleanUpReadyUpdateDir(); + + // We need to handle two similar cases here. + // The first is where we clean up the ready updates directory while we are in + // the downloading state. In this case, we remove the update.status file that + // says we are downloading, even though we should remain in that state. + // The second case is when we clean up a ready update, but there is also a + // downloading update (in which case the update status file's state will + // reflect the state of the ready update, not the downloading one). In that + // case, instead of reverting to STATE_NONE (which is what we do by removing + // the status file), we should set our state to downloading. + if (shouldSetDownloadingStatus) { + LOG("cleanupReadyUpdate - Transitioning back to downloading state."); + transitionState(Ci.nsIApplicationUpdateService.STATE_DOWNLOADING); + writeStatusFile(readyUpdateDir, STATE_DOWNLOADING); + } +} + +/** + * Clean up updates list and the directory that the currently downloading update + * is downloaded to. + * + * Note - This function may cause a state transition. If the current state is + * STATE_DOWNLOADING, this will cause it to change to STATE_NONE. + */ +function cleanupDownloadingUpdate() { + // Move the update from the Active Update list into the Past Updates list. + if (lazy.UM.downloadingUpdate) { + LOG("cleanupDownloadingUpdate - Clearing downloadingUpdate."); + lazy.UM.addUpdateToHistory(lazy.UM.downloadingUpdate); + lazy.UM.downloadingUpdate = null; + } + lazy.UM.saveUpdates(); + + // Now trash the update download directory, since we're done with it + cleanUpDownloadingUpdateDir(); + + // If the update status file says we are downloading, we should remove that + // too, since we aren't doing that anymore. + let readyUpdateDir = getReadyUpdateDir(); + let status = readStatusFile(readyUpdateDir); + if (status == STATE_DOWNLOADING) { + let statusFile = readyUpdateDir.clone(); + statusFile.append(FILE_UPDATE_STATUS); + statusFile.remove(); + } +} + +/** + * Clean up updates list, the ready update directory, and the downloading update + * directory. + * + * This is more efficient than calling + * cleanupReadyUpdate(); + * cleanupDownloadingUpdate(); + * because those need some special handling of the update status file to make + * sure that, for example, cleaning up a ready update doesn't make us forget + * that we are downloading an update. When we cleanup both updates, we don't + * need to worry about things like that. + * + * Note - This function causes a state transition to STATE_NONE. + */ +function cleanupActiveUpdates() { + // Move the update from the Active Update list into the Past Updates list. + if (lazy.UM.readyUpdate) { + LOG("cleanupActiveUpdates - Clearing readyUpdate"); + lazy.UM.addUpdateToHistory(lazy.UM.readyUpdate); + lazy.UM.readyUpdate = null; + } + if (lazy.UM.downloadingUpdate) { + LOG("cleanupActiveUpdates - Clearing downloadingUpdate."); + lazy.UM.addUpdateToHistory(lazy.UM.downloadingUpdate); + lazy.UM.downloadingUpdate = null; + } + lazy.UM.saveUpdates(); + + // Now trash both active update directories, since we're done with them + cleanUpReadyUpdateDir(); + cleanUpDownloadingUpdateDir(); +} + +/** + * Writes a string of text to a file. A newline will be appended to the data + * written to the file. This function only works with ASCII text. + * @param file An nsIFile indicating what file to write to. + * @param text A string containing the text to write to the file. + * @return true on success, false on failure. + */ +function writeStringToFile(file, text) { + try { + let fos = FileUtils.openSafeFileOutputStream(file); + text += "\n"; + fos.write(text, text.length); + FileUtils.closeSafeFileOutputStream(fos); + } catch (e) { + LOG(`writeStringToFile - Failed to write to file: "${file}". Error: ${e}"`); + return false; + } + return true; +} + +function readStringFromInputStream(inputStream) { + var sis = Cc["@mozilla.org/scriptableinputstream;1"].createInstance( + Ci.nsIScriptableInputStream + ); + sis.init(inputStream); + var text = sis.read(sis.available()); + sis.close(); + if (text && text[text.length - 1] == "\n") { + text = text.slice(0, -1); + } + return text; +} + +/** + * Reads a string of text from a file. A trailing newline will be removed + * before the result is returned. This function only works with ASCII text. + */ +function readStringFromFile(file) { + if (!file.exists()) { + LOG("readStringFromFile - file doesn't exist: " + file.path); + return null; + } + var fis = Cc["@mozilla.org/network/file-input-stream;1"].createInstance( + Ci.nsIFileInputStream + ); + fis.init(file, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0); + return readStringFromInputStream(fis); +} + +/** + * Attempts to recover from an update error. If successful, `true` will be + * returned and AUS.currentState will be transitioned. + */ +function handleUpdateFailure(update) { + if (WRITE_ERRORS.includes(update.errorCode)) { + LOG( + "handleUpdateFailure - Failure is a write error. Setting state to pending" + ); + writeStatusFile(getReadyUpdateDir(), (update.state = STATE_PENDING)); + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + return true; + } + + if (update.errorCode == SILENT_UPDATE_NEEDED_ELEVATION_ERROR) { + // There's no need to count attempts and escalate: it's expected that the + // background update task will try to update and fail due to required + // elevation repeatedly if, for example, the maintenance service is not + // available (or not functioning) and the installation requires privileges + // to update. + + let bestState = getBestPendingState(); + LOG( + "handleUpdateFailure - witnessed SILENT_UPDATE_NEEDED_ELEVATION_ERROR, " + + "returning to " + + bestState + ); + writeStatusFile(getReadyUpdateDir(), (update.state = bestState)); + + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + // Return true to indicate a recoverable error. + return true; + } + + if (update.errorCode == ELEVATION_CANCELED) { + let elevationAttempts = Services.prefs.getIntPref( + PREF_APP_UPDATE_ELEVATE_ATTEMPTS, + 0 + ); + elevationAttempts++; + Services.prefs.setIntPref( + PREF_APP_UPDATE_ELEVATE_ATTEMPTS, + elevationAttempts + ); + let maxAttempts = Math.min( + Services.prefs.getIntPref(PREF_APP_UPDATE_ELEVATE_MAXATTEMPTS, 2), + 10 + ); + + if (elevationAttempts > maxAttempts) { + LOG( + "handleUpdateFailure - notifying observers of error. " + + "topic: update-error, status: elevation-attempts-exceeded" + ); + Services.obs.notifyObservers( + update, + "update-error", + "elevation-attempts-exceeded" + ); + } else { + LOG( + "handleUpdateFailure - notifying observers of error. " + + "topic: update-error, status: elevation-attempt-failed" + ); + Services.obs.notifyObservers( + update, + "update-error", + "elevation-attempt-failed" + ); + } + + let cancelations = Services.prefs.getIntPref( + PREF_APP_UPDATE_CANCELATIONS, + 0 + ); + cancelations++; + Services.prefs.setIntPref(PREF_APP_UPDATE_CANCELATIONS, cancelations); + if (AppConstants.platform == "macosx") { + let osxCancelations = Services.prefs.getIntPref( + PREF_APP_UPDATE_CANCELATIONS_OSX, + 0 + ); + osxCancelations++; + Services.prefs.setIntPref( + PREF_APP_UPDATE_CANCELATIONS_OSX, + osxCancelations + ); + let maxCancels = Services.prefs.getIntPref( + PREF_APP_UPDATE_CANCELATIONS_OSX_MAX, + DEFAULT_CANCELATIONS_OSX_MAX + ); + // Prevent the preference from setting a value greater than 5. + maxCancels = Math.min(maxCancels, 5); + if (osxCancelations >= maxCancels) { + LOG( + "handleUpdateFailure - Too many OSX cancellations. Cleaning up " + + "ready update." + ); + cleanupReadyUpdate(); + return false; + } + LOG( + `handleUpdateFailure - OSX cancellation. Trying again by setting ` + + `status to "${STATE_PENDING_ELEVATE}".` + ); + writeStatusFile( + getReadyUpdateDir(), + (update.state = STATE_PENDING_ELEVATE) + ); + update.statusText = + lazy.gUpdateBundle.GetStringFromName("elevationFailure"); + } else { + LOG( + "handleUpdateFailure - Failure because elevation was cancelled. " + + "again by setting status to pending." + ); + writeStatusFile(getReadyUpdateDir(), (update.state = STATE_PENDING)); + } + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + return true; + } + + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_CANCELATIONS)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_CANCELATIONS); + } + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_CANCELATIONS_OSX)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_CANCELATIONS_OSX); + } + + if (SERVICE_ERRORS.includes(update.errorCode)) { + var failCount = Services.prefs.getIntPref( + PREF_APP_UPDATE_SERVICE_ERRORS, + 0 + ); + var maxFail = Services.prefs.getIntPref( + PREF_APP_UPDATE_SERVICE_MAXERRORS, + DEFAULT_SERVICE_MAX_ERRORS + ); + // Prevent the preference from setting a value greater than 10. + maxFail = Math.min(maxFail, 10); + // As a safety, when the service reaches maximum failures, it will + // disable itself and fallback to using the normal update mechanism + // without the service. + if (failCount >= maxFail) { + Services.prefs.setBoolPref(PREF_APP_UPDATE_SERVICE_ENABLED, false); + Services.prefs.clearUserPref(PREF_APP_UPDATE_SERVICE_ERRORS); + } else { + failCount++; + Services.prefs.setIntPref(PREF_APP_UPDATE_SERVICE_ERRORS, failCount); + } + + LOG( + "handleUpdateFailure - Got a service error. Try to update without the " + + "service by setting the state to pending." + ); + writeStatusFile(getReadyUpdateDir(), (update.state = STATE_PENDING)); + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + return true; + } + + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_SERVICE_ERRORS)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_SERVICE_ERRORS); + } + + return false; +} + +/** + * Return the first UpdatePatch with the given type. + * @param update + * A nsIUpdate object to search through for a patch of the desired + * type. + * @param patch_type + * The type of the patch ("complete" or "partial") + * @return A nsIUpdatePatch object matching the type specified + */ +function getPatchOfType(update, patch_type) { + for (var i = 0; i < update.patchCount; ++i) { + var patch = update.getPatchAt(i); + if (patch && patch.type == patch_type) { + return patch; + } + } + return null; +} + +/** + * Fall back to downloading a complete update in case an update has failed. + * + * This will transition `AUS.currentState` to `STATE_DOWNLOADING` if there is + * another patch to download, or `STATE_IDLE` if there is not. + */ +async function handleFallbackToCompleteUpdate() { + // If we failed to install an update, we need to fall back to a complete + // update. If the install directory has been modified, more partial updates + // will fail for the same reason. Since we only download partial updates + // while there is already an update downloaded, we don't have to check the + // downloading update, we can be confident that we are not downloading the + // right thing at the moment. + + // The downloading update will be newer than the ready update, so use that + // update, if it exists. + let update = lazy.UM.downloadingUpdate || lazy.UM.readyUpdate; + if (!update) { + LOG( + "handleFallbackToCompleteUpdate - Unable to find an update to fall " + + "back to." + ); + return; + } + + LOG( + "handleFallbackToCompleteUpdate - Cleaning up active updates in " + + "preparation of falling back to complete update." + ); + await lazy.AUS.stopDownload(); + cleanupActiveUpdates(); + + if (!update.selectedPatch) { + // If we don't have a partial patch selected but a partial is available, + // _selectPatch() will download that instead of the complete patch. + let patch = getPatchOfType(update, "partial"); + if (patch) { + patch.selected = true; + } + } + + update.statusText = lazy.gUpdateBundle.GetStringFromName("patchApplyFailure"); + var oldType = update.selectedPatch ? update.selectedPatch.type : "complete"; + if (update.selectedPatch && oldType == "partial" && update.patchCount == 2) { + // Partial patch application failed, try downloading the complete + // update in the background instead. + LOG( + "handleFallbackToCompleteUpdate - install of partial patch " + + "failed, downloading complete patch" + ); + var success = await lazy.AUS.downloadUpdate(update); + if (!success) { + LOG( + "handleFallbackToCompleteUpdate - Starting complete patch download " + + "failed. Cleaning up downloading patch." + ); + cleanupDownloadingUpdate(); + } + } else { + LOG( + "handleFallbackToCompleteUpdate - install of complete or " + + "only one patch offered failed. Notifying observers. topic: " + + "update-error, status: unknown, " + + "update.patchCount: " + + update.patchCount + + ", " + + "oldType: " + + oldType + ); + transitionState(Ci.nsIApplicationUpdateService.STATE_IDLE); + Services.obs.notifyObservers(update, "update-error", "unknown"); + } +} + +function pingStateAndStatusCodes(aUpdate, aStartup, aStatus) { + let patchType = AUSTLMY.PATCH_UNKNOWN; + if (aUpdate && aUpdate.selectedPatch && aUpdate.selectedPatch.type) { + if (aUpdate.selectedPatch.type == "complete") { + patchType = AUSTLMY.PATCH_COMPLETE; + } else if (aUpdate.selectedPatch.type == "partial") { + patchType = AUSTLMY.PATCH_PARTIAL; + } + } + + let suffix = patchType + "_" + (aStartup ? AUSTLMY.STARTUP : AUSTLMY.STAGE); + let stateCode = 0; + let parts = aStatus.split(":"); + if (parts.length) { + switch (parts[0]) { + case STATE_NONE: + stateCode = 2; + break; + case STATE_DOWNLOADING: + stateCode = 3; + break; + case STATE_PENDING: + stateCode = 4; + break; + case STATE_PENDING_SERVICE: + stateCode = 5; + break; + case STATE_APPLYING: + stateCode = 6; + break; + case STATE_APPLIED: + stateCode = 7; + break; + case STATE_APPLIED_SERVICE: + stateCode = 9; + break; + case STATE_SUCCEEDED: + stateCode = 10; + break; + case STATE_DOWNLOAD_FAILED: + stateCode = 11; + break; + case STATE_FAILED: + stateCode = 12; + break; + case STATE_PENDING_ELEVATE: + stateCode = 13; + break; + // Note: Do not use stateCode 14 here. It is defined in + // UpdateTelemetry.jsm + default: + stateCode = 1; + } + + if (parts.length > 1) { + let statusErrorCode = INVALID_UPDATER_STATE_CODE; + if (parts[0] == STATE_FAILED) { + statusErrorCode = parseInt(parts[1]) || INVALID_UPDATER_STATUS_CODE; + } + AUSTLMY.pingStatusErrorCode(suffix, statusErrorCode); + } + } + let binaryTransparencyResult = readBinaryTransparencyResult( + getReadyUpdateDir() + ); + if (binaryTransparencyResult) { + AUSTLMY.pingBinaryTransparencyResult( + suffix, + parseInt(binaryTransparencyResult) + ); + } + AUSTLMY.pingStateCode(suffix, stateCode); +} + +/** + * This returns true if the passed update is the same version or older than the + * version and build ID values passed. Otherwise it returns false. + */ +function updateIsAtLeastAsOldAs(update, version, buildID) { + if (!update || !update.appVersion || !update.buildID) { + return false; + } + let versionComparison = Services.vc.compare(update.appVersion, version); + return ( + versionComparison < 0 || + (versionComparison == 0 && update.buildID == buildID) + ); +} + +/** + * This returns true if the passed update is the same version or older than + * currently installed Firefox version. + */ +function updateIsAtLeastAsOldAsCurrentVersion(update) { + return updateIsAtLeastAsOldAs( + update, + Services.appinfo.version, + Services.appinfo.appBuildID + ); +} + +/** + * This returns true if the passed update is the same version or older than + * the update that we have already downloaded (UpdateManager.readyUpdate). + * Returns false if no update has already been downloaded. + */ +function updateIsAtLeastAsOldAsReadyUpdate(update) { + if ( + !lazy.UM.readyUpdate || + !lazy.UM.readyUpdate.appVersion || + !lazy.UM.readyUpdate.buildID + ) { + return false; + } + return updateIsAtLeastAsOldAs( + update, + lazy.UM.readyUpdate.appVersion, + lazy.UM.readyUpdate.buildID + ); +} + +/** + * This function determines whether the error represented by the passed error + * code could potentially be recovered from or bypassed by updating without + * using the Maintenance Service (i.e. by showing a UAC prompt). + * We don't really want to show a UAC prompt, but it's preferable over the + * manual update doorhanger. So this function effectively distinguishes between + * which of those we should do if update staging failed. (The updater + * automatically falls back if the Maintenance Services fails, so this function + * doesn't handle that case) + * + * @param An integer error code from the update.status file. Should be one of + * the codes enumerated in updatererrors.h. + * @returns true if the code represents a Maintenance Service specific error. + * Otherwise, false. + */ +function isServiceSpecificErrorCode(errorCode) { + return ( + (errorCode >= 24 && errorCode <= 33) || (errorCode >= 49 && errorCode <= 58) + ); +} + +/** + * This function determines whether the error represented by the passed error + * code is the result of the updater failing to allocate memory. This is + * relevant when staging because, since Firefox is also running, we may not be + * able to allocate much memory. Thus, if we fail to stage an update, we may + * succeed at updating without staging. + * + * @param An integer error code from the update.status file. Should be one of + * the codes enumerated in updatererrors.h. + * @returns true if the code represents a memory allocation error. + * Otherwise, false. + */ +function isMemoryAllocationErrorCode(errorCode) { + return errorCode >= 10 && errorCode <= 14; +} + +/** + * Normally when staging, `nsUpdateProcessor::WaitForProcess` waits for the + * staging process to complete by watching for its PID to terminate. + * However, there are less ideal situations. Notably, we might start the browser + * and find that update staging appears to already be in-progress. If that + * happens, we really want to pick up the update process from STATE_STAGING, + * but we don't really have any way of keeping an eye on the staging process + * other than to just poll the status file. + * + * Like `nsUpdateProcessor`, this calls `nsIUpdateManager.refreshUpdateStatus` + * after polling completes (regardless of result). + * + * It is also important to keep in mind that the updater might have crashed + * during staging, meaning that the status file will never change, no matter how + * long we keep polling. So we need to set an upper bound on how long we are + * willing to poll for. + * + * There are three situations that we want to avoid. + * (1) We don't want to set the poll interval too long. A user might be watching + * the user interface and waiting to restart to install the update. A long poll + * interval will cause them to have to wait longer than necessary. Especially + * since the expected total staging time is not that long. + * (2) We don't want to give up polling too early and give up on an update that + * will ultimately succeed. + * (3) We don't want to use a rapid polling interval over a long duration. + * + * To avoid these situations, we will start with a short polling interval, but + * will increase it the longer that we have to wait. Then if we hit the upper + * bound of polling, we will give up. + */ +function pollForStagingEnd() { + let pollingIntervalMs = STAGING_POLLING_MIN_INTERVAL_MS; + // Number of times to poll before increasing the polling interval. + let pollAttemptsAtIntervalRemaining = STAGING_POLLING_ATTEMPTS_PER_INTERVAL; + let timeElapsedMs = 0; + + let pollingFn = () => { + pollAttemptsAtIntervalRemaining -= 1; + // This isn't a perfectly accurate way of keeping time, but it does nicely + // sidestep dealing with issues of (non)monotonic time. + timeElapsedMs += pollingIntervalMs; + + if (timeElapsedMs >= STAGING_POLLING_MAX_DURATION_MS) { + lazy.UM.refreshUpdateStatus(); + return; + } + + if (readStatusFile(getReadyUpdateDir()) != STATE_APPLYING) { + lazy.UM.refreshUpdateStatus(); + return; + } + + if (pollAttemptsAtIntervalRemaining <= 0) { + pollingIntervalMs = Math.min( + pollingIntervalMs * 2, + STAGING_POLLING_MAX_INTERVAL_MS + ); + pollAttemptsAtIntervalRemaining = STAGING_POLLING_ATTEMPTS_PER_INTERVAL; + } + + lazy.setTimeout(pollingFn, pollingIntervalMs); + }; + + lazy.setTimeout(pollingFn, pollingIntervalMs); +} + +/** + * Update Patch + * @param patch + * A <patch> element to initialize this object with + * @throws if patch has a size of 0 + * @constructor + */ +function UpdatePatch(patch) { + this._properties = {}; + this.errorCode = 0; + this.finalURL = null; + this.state = STATE_NONE; + + for (let i = 0; i < patch.attributes.length; ++i) { + var attr = patch.attributes.item(i); + // If an undefined value is saved to the xml file it will be a string when + // it is read from the xml file. + if (attr.value == "undefined") { + continue; + } + switch (attr.name) { + case "xmlns": + // Don't save the XML namespace. + break; + case "selected": + this.selected = attr.value == "true"; + break; + case "size": + if (0 == parseInt(attr.value)) { + LOG("UpdatePatch:init - 0-sized patch!"); + throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE); + } + this[attr.name] = attr.value; + break; + case "errorCode": + if (attr.value) { + let val = parseInt(attr.value); + // This will evaluate to false if the value is 0 but that's ok since + // this.errorCode is set to the default of 0 above. + if (val) { + this.errorCode = val; + } + } + break; + case "finalURL": + case "state": + case "type": + case "URL": + this[attr.name] = attr.value; + break; + default: + if (!this._attrNames.includes(attr.name)) { + // Set nsIPropertyBag properties that were read from the xml file. + this.setProperty(attr.name, attr.value); + } + break; + } + } +} +UpdatePatch.prototype = { + // nsIUpdatePatch attribute names used to prevent nsIWritablePropertyBag from + // over writing nsIUpdatePatch attributes. + _attrNames: [ + "errorCode", + "finalURL", + "selected", + "size", + "state", + "type", + "URL", + ], + + /** + * See nsIUpdateService.idl + */ + serialize: function UpdatePatch_serialize(updates) { + var patch = updates.createElementNS(URI_UPDATE_NS, "patch"); + patch.setAttribute("size", this.size); + patch.setAttribute("type", this.type); + patch.setAttribute("URL", this.URL); + // Don't write an errorCode if it evaluates to false since 0 is the same as + // no error code. + if (this.errorCode) { + patch.setAttribute("errorCode", this.errorCode); + } + // finalURL is not available until after the download has started + if (this.finalURL) { + patch.setAttribute("finalURL", this.finalURL); + } + // The selected patch is the only patch that should have this attribute. + if (this.selected) { + patch.setAttribute("selected", this.selected); + } + if (this.state != STATE_NONE) { + patch.setAttribute("state", this.state); + } + + for (let [name, value] of Object.entries(this._properties)) { + if (value.present && !this._attrNames.includes(name)) { + patch.setAttribute(name, value.data); + } + } + return patch; + }, + + /** + * See nsIWritablePropertyBag.idl + */ + setProperty: function UpdatePatch_setProperty(name, value) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdatePatch) " + + "when calling method: [nsIWritablePropertyBag::setProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + this._properties[name] = { data: value, present: true }; + }, + + /** + * See nsIWritablePropertyBag.idl + */ + deleteProperty: function UpdatePatch_deleteProperty(name) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdatePatch) " + + "when calling method: [nsIWritablePropertyBag::deleteProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + if (name in this._properties) { + this._properties[name].present = false; + } else { + throw Components.Exception("", Cr.NS_ERROR_FAILURE); + } + }, + + /** + * See nsIPropertyBag.idl + * + * Note: this only contains the nsIPropertyBag name / value pairs and not the + * nsIUpdatePatch name / value pairs. + */ + get enumerator() { + return this.enumerate(); + }, + + *enumerate() { + // An nsISupportsInterfacePointer is used so creating an array using + // Array.from will retain the QueryInterface for nsIProperty. + let ip = Cc["@mozilla.org/supports-interface-pointer;1"].createInstance( + Ci.nsISupportsInterfacePointer + ); + let qi = ChromeUtils.generateQI(["nsIProperty"]); + for (let [name, value] of Object.entries(this._properties)) { + if (value.present && !this._attrNames.includes(name)) { + // The nsIPropertyBag enumerator returns a nsISimpleEnumerator whose + // elements are nsIProperty objects. Calling QueryInterface for + // nsIProperty on the object doesn't return to the caller an object that + // is already queried to nsIProperty but do it just in case it is fixed + // at some point. + ip.data = { name, value: value.data, QueryInterface: qi }; + yield ip.data.QueryInterface(Ci.nsIProperty); + } + } + }, + + /** + * See nsIPropertyBag.idl + * + * Note: returns null instead of throwing when the property doesn't exist to + * simplify code and to silence warnings in debug builds. + */ + getProperty: function UpdatePatch_getProperty(name) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdatePatch) " + + "when calling method: [nsIWritablePropertyBag::getProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + if (name in this._properties && this._properties[name].present) { + return this._properties[name].data; + } + return null; + }, + + QueryInterface: ChromeUtils.generateQI([ + "nsIUpdatePatch", + "nsIPropertyBag", + "nsIWritablePropertyBag", + ]), +}; + +/** + * Update + * Implements nsIUpdate + * @param update + * An <update> element to initialize this object with + * @throws if the update contains no patches + * @constructor + */ +function Update(update) { + this._patches = []; + this._properties = {}; + this.isCompleteUpdate = false; + this.channel = "default"; + this.promptWaitTime = Services.prefs.getIntPref( + PREF_APP_UPDATE_PROMPTWAITTIME, + 43200 + ); + this.unsupported = false; + + // Null <update>, assume this is a message container and do no + // further initialization + if (!update) { + return; + } + + for (let i = 0; i < update.childNodes.length; ++i) { + let patchElement = update.childNodes.item(i); + if ( + patchElement.nodeType != patchElement.ELEMENT_NODE || + patchElement.localName != "patch" + ) { + continue; + } + + let patch; + try { + patch = new UpdatePatch(patchElement); + } catch (e) { + continue; + } + this._patches.push(patch); + } + + if (!this._patches.length && !update.hasAttribute("unsupported")) { + throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE); + } + + // Set the installDate value with the current time. If the update has an + // installDate attribute this will be replaced with that value if it doesn't + // equal 0. + this.installDate = new Date().getTime(); + this.patchCount = this._patches.length; + + for (let i = 0; i < update.attributes.length; ++i) { + let attr = update.attributes.item(i); + if (attr.name == "xmlns" || attr.value == "undefined") { + // Don't save the XML namespace or undefined values. + // If an undefined value is saved to the xml file it will be a string when + // it is read from the xml file. + continue; + } else if (attr.name == "detailsURL") { + this.detailsURL = attr.value; + } else if (attr.name == "installDate" && attr.value) { + let val = parseInt(attr.value); + if (val) { + this.installDate = val; + } + } else if (attr.name == "errorCode" && attr.value) { + let val = parseInt(attr.value); + if (val) { + // Set the value of |_errorCode| instead of |errorCode| since + // selectedPatch won't be available at this point and normally the + // nsIUpdatePatch will provide the errorCode. + this._errorCode = val; + } + } else if (attr.name == "isCompleteUpdate") { + this.isCompleteUpdate = attr.value == "true"; + } else if (attr.name == "promptWaitTime") { + if (!isNaN(attr.value)) { + this.promptWaitTime = parseInt(attr.value); + } + } else if (attr.name == "unsupported") { + this.unsupported = attr.value == "true"; + } else { + switch (attr.name) { + case "appVersion": + case "buildID": + case "channel": + case "displayVersion": + case "elevationFailure": + case "name": + case "previousAppVersion": + case "serviceURL": + case "statusText": + case "type": + this[attr.name] = attr.value; + break; + default: + if (!this._attrNames.includes(attr.name)) { + // Set nsIPropertyBag properties that were read from the xml file. + this.setProperty(attr.name, attr.value); + } + break; + } + } + } + + if (!this.previousAppVersion) { + this.previousAppVersion = Services.appinfo.version; + } + + if (!this.elevationFailure) { + this.elevationFailure = false; + } + + if (!this.detailsURL) { + try { + // Try using a default details URL supplied by the distribution + // if the update XML does not supply one. + this.detailsURL = Services.urlFormatter.formatURLPref( + PREF_APP_UPDATE_URL_DETAILS + ); + } catch (e) { + this.detailsURL = ""; + } + } + + if (!this.displayVersion) { + this.displayVersion = this.appVersion; + } + + if (!this.name) { + // When the update doesn't provide a name fallback to using + // "<App Name> <Update App Version>" + let brandBundle = Services.strings.createBundle(URI_BRAND_PROPERTIES); + let appName = brandBundle.GetStringFromName("brandShortName"); + this.name = lazy.gUpdateBundle.formatStringFromName("updateName", [ + appName, + this.displayVersion, + ]); + } +} +Update.prototype = { + // nsIUpdate attribute names used to prevent nsIWritablePropertyBag from over + // writing nsIUpdate attributes. + _attrNames: [ + "appVersion", + "buildID", + "channel", + "detailsURL", + "displayVersion", + "elevationFailure", + "errorCode", + "installDate", + "isCompleteUpdate", + "name", + "previousAppVersion", + "promptWaitTime", + "serviceURL", + "state", + "statusText", + "type", + "unsupported", + ], + + /** + * See nsIUpdateService.idl + */ + getPatchAt: function Update_getPatchAt(index) { + return this._patches[index]; + }, + + /** + * See nsIUpdateService.idl + * + * We use a copy of the state cached on this object in |_state| only when + * there is no selected patch, i.e. in the case when we could not load + * active updates from the update manager for some reason but still have + * the update.status file to work with. + */ + _state: "", + get state() { + if (this.selectedPatch) { + return this.selectedPatch.state; + } + return this._state; + }, + set state(state) { + if (this.selectedPatch) { + this.selectedPatch.state = state; + } + this._state = state; + }, + + /** + * See nsIUpdateService.idl + * + * We use a copy of the errorCode cached on this object in |_errorCode| only + * when there is no selected patch, i.e. in the case when we could not load + * active updates from the update manager for some reason but still have + * the update.status file to work with. + */ + _errorCode: 0, + get errorCode() { + if (this.selectedPatch) { + return this.selectedPatch.errorCode; + } + return this._errorCode; + }, + set errorCode(errorCode) { + if (this.selectedPatch) { + this.selectedPatch.errorCode = errorCode; + } + this._errorCode = errorCode; + }, + + /** + * See nsIUpdateService.idl + */ + get selectedPatch() { + for (let i = 0; i < this.patchCount; ++i) { + if (this._patches[i].selected) { + return this._patches[i]; + } + } + return null; + }, + + /** + * See nsIUpdateService.idl + */ + serialize: function Update_serialize(updates) { + // If appVersion isn't defined just return null. This happens when cleaning + // up invalid updates (e.g. incorrect channel). + if (!this.appVersion) { + return null; + } + let update = updates.createElementNS(URI_UPDATE_NS, "update"); + update.setAttribute("appVersion", this.appVersion); + update.setAttribute("buildID", this.buildID); + update.setAttribute("channel", this.channel); + update.setAttribute("detailsURL", this.detailsURL); + update.setAttribute("displayVersion", this.displayVersion); + update.setAttribute("installDate", this.installDate); + update.setAttribute("isCompleteUpdate", this.isCompleteUpdate); + update.setAttribute("name", this.name); + update.setAttribute("previousAppVersion", this.previousAppVersion); + update.setAttribute("promptWaitTime", this.promptWaitTime); + update.setAttribute("serviceURL", this.serviceURL); + update.setAttribute("type", this.type); + + if (this.statusText) { + update.setAttribute("statusText", this.statusText); + } + if (this.unsupported) { + update.setAttribute("unsupported", this.unsupported); + } + if (this.elevationFailure) { + update.setAttribute("elevationFailure", this.elevationFailure); + } + + for (let [name, value] of Object.entries(this._properties)) { + if (value.present && !this._attrNames.includes(name)) { + update.setAttribute(name, value.data); + } + } + + for (let i = 0; i < this.patchCount; ++i) { + update.appendChild(this.getPatchAt(i).serialize(updates)); + } + + updates.documentElement.appendChild(update); + return update; + }, + + /** + * See nsIWritablePropertyBag.idl + */ + setProperty: function Update_setProperty(name, value) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdate) " + + "when calling method: [nsIWritablePropertyBag::setProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + this._properties[name] = { data: value, present: true }; + }, + + /** + * See nsIWritablePropertyBag.idl + */ + deleteProperty: function Update_deleteProperty(name) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdate) " + + "when calling method: [nsIWritablePropertyBag::deleteProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + if (name in this._properties) { + this._properties[name].present = false; + } else { + throw Components.Exception("", Cr.NS_ERROR_FAILURE); + } + }, + + /** + * See nsIPropertyBag.idl + * + * Note: this only contains the nsIPropertyBag name value / pairs and not the + * nsIUpdate name / value pairs. + */ + get enumerator() { + return this.enumerate(); + }, + + *enumerate() { + // An nsISupportsInterfacePointer is used so creating an array using + // Array.from will retain the QueryInterface for nsIProperty. + let ip = Cc["@mozilla.org/supports-interface-pointer;1"].createInstance( + Ci.nsISupportsInterfacePointer + ); + let qi = ChromeUtils.generateQI(["nsIProperty"]); + for (let [name, value] of Object.entries(this._properties)) { + if (value.present && !this._attrNames.includes(name)) { + // The nsIPropertyBag enumerator returns a nsISimpleEnumerator whose + // elements are nsIProperty objects. Calling QueryInterface for + // nsIProperty on the object doesn't return to the caller an object that + // is already queried to nsIProperty but do it just in case it is fixed + // at some point. + ip.data = { name, value: value.data, QueryInterface: qi }; + yield ip.data.QueryInterface(Ci.nsIProperty); + } + } + }, + + /** + * See nsIPropertyBag.idl + * Note: returns null instead of throwing when the property doesn't exist to + * simplify code and to silence warnings in debug builds. + */ + getProperty: function Update_getProperty(name) { + if (this._attrNames.includes(name)) { + throw Components.Exception( + "Illegal value '" + + name + + "' (attribute exists on nsIUpdate) " + + "when calling method: [nsIWritablePropertyBag::getProperty]", + Cr.NS_ERROR_ILLEGAL_VALUE + ); + } + if (name in this._properties && this._properties[name].present) { + return this._properties[name].data; + } + return null; + }, + + QueryInterface: ChromeUtils.generateQI([ + "nsIUpdate", + "nsIPropertyBag", + "nsIWritablePropertyBag", + ]), +}; + +/** + * UpdateService + * A Service for managing the discovery and installation of software updates. + * @constructor + */ +export function UpdateService() { + LOG("Creating UpdateService"); + // The observor notification to shut down the service must be before + // profile-before-change since nsIUpdateManager uses profile-before-change + // to shutdown and write the update xml files. + Services.obs.addObserver(this, "quit-application"); + // This one call observes PREF_APP_UPDATE_LOG and PREF_APP_UPDATE_LOG_FILE + Services.prefs.addObserver(PREF_APP_UPDATE_LOG, this); + + this._logStatus(); +} + +UpdateService.prototype = { + /** + * The downloader we are using to download updates. There is only ever one of + * these. + */ + _downloader: null, + + /** + * Whether or not the service registered the "online" observer. + */ + _registeredOnlineObserver: false, + + /** + * The current number of consecutive socket errors + */ + _consecutiveSocketErrors: 0, + + /** + * A timer used to retry socket errors + */ + _retryTimer: null, + + /** + * Whether or not a background update check was initiated by the + * application update timer notification. + */ + _isNotify: true, + + /** + * Handle Observer Service notifications + * @param subject + * The subject of the notification + * @param topic + * The notification name + * @param data + * Additional data + */ + observe: async function AUS_observe(subject, topic, data) { + switch (topic) { + case "post-update-processing": + // This pref was not cleared out of profiles after it stopped being used + // (Bug 1420514), so clear it out on the next update to avoid confusion + // regarding its use. + Services.prefs.clearUserPref("app.update.enabled"); + Services.prefs.clearUserPref("app.update.BITS.inTrialGroup"); + + // Background tasks do not notify any delayed startup notifications. + if ( + !lazy.gIsBackgroundTaskMode && + Services.appinfo.ID in APPID_TO_TOPIC + ) { + // Delay post-update processing to ensure that possible update + // dialogs are shown in front of the app window, if possible. + // See bug 311614. + Services.obs.addObserver(this, APPID_TO_TOPIC[Services.appinfo.ID]); + break; + } + // intentional fallthrough + case "sessionstore-windows-restored": + case "mail-startup-done": + // Background tasks do not notify any delayed startup notifications. + if ( + !lazy.gIsBackgroundTaskMode && + Services.appinfo.ID in APPID_TO_TOPIC + ) { + Services.obs.removeObserver( + this, + APPID_TO_TOPIC[Services.appinfo.ID] + ); + } + // intentional fallthrough + case "test-post-update-processing": + // Clean up any extant updates + await this._postUpdateProcessing(); + break; + case "network:offline-status-changed": + await this._offlineStatusChanged(data); + break; + case "nsPref:changed": + if (data == PREF_APP_UPDATE_LOG || data == PREF_APP_UPDATE_LOG_FILE) { + lazy.gLogEnabled; // Assigning this before it is lazy-loaded is an error. + lazy.gLogEnabled = + Services.prefs.getBoolPref(PREF_APP_UPDATE_LOG, false) || + Services.prefs.getBoolPref(PREF_APP_UPDATE_LOG_FILE, false); + } + if (data == PREF_APP_UPDATE_LOG_FILE) { + lazy.gLogfileEnabled; // Assigning this before it is lazy-loaded is an + // error. + lazy.gLogfileEnabled = Services.prefs.getBoolPref( + PREF_APP_UPDATE_LOG_FILE, + false + ); + if (lazy.gLogfileEnabled) { + this._logStatus(); + } + } + break; + case "quit-application": + Services.obs.removeObserver(this, topic); + Services.prefs.removeObserver(PREF_APP_UPDATE_LOG, this); + + if (AppConstants.platform == "win" && gUpdateMutexHandle) { + // If we hold the update mutex, let it go! + // The OS would clean this up sometime after shutdown, + // but that would have no guarantee on timing. + closeHandle(gUpdateMutexHandle); + gUpdateMutexHandle = null; + } + if (this._retryTimer) { + this._retryTimer.cancel(); + } + + // When downloading an update with nsIIncrementalDownload the download + // is stopped when the quit-application observer notification is + // received and networking hasn't started to shutdown. The download will + // be resumed the next time the application starts. Downloads using + // Windows BITS are not stopped since they don't require Firefox to be + // running to perform the download. + if (this._downloader) { + if (this._downloader.usingBits) { + await this._downloader.cleanup(); + } else { + // stopDownload() calls _downloader.cleanup() + await this.stopDownload(); + } + } + // Prevent leaking the downloader (bug 454964) + this._downloader = null; + // In case any update checks are in progress. + lazy.CheckSvc.stopAllChecks(); + + if (gLogfileOutputStream) { + gLogfileOutputStream.close(); + } + break; + case "test-close-handle-update-mutex": + if (Cu.isInAutomation) { + if (AppConstants.platform == "win" && gUpdateMutexHandle) { + LOG("UpdateService:observe - closing mutex handle for testing"); + closeHandle(gUpdateMutexHandle); + gUpdateMutexHandle = null; + } + } + break; + } + }, + + /** + * The following needs to happen during the post-update-processing + * notification from nsUpdateServiceStub.js: + * 1. post update processing + * 2. resume of a download that was in progress during a previous session + * 3. start of a complete update download after the failure to apply a partial + * update + */ + + /** + * Perform post-processing on updates lingering in the updates directory + * from a previous application session - either report install failures (and + * optionally attempt to fetch a different version if appropriate) or + * notify the user of install success. + */ + /* eslint-disable-next-line complexity */ + _postUpdateProcessing: async function AUS__postUpdateProcessing() { + if (this.disabled) { + // This function is a point when we can potentially enter the update + // system, even with update disabled. Make sure that we do not continue + // because update code can have side effects that are visible to the user + // and give the impression that updates are enabled. For example, if we + // can't write to the update directory, we might complain to the user that + // update is broken and they should reinstall. + return; + } + if (!this.canCheckForUpdates) { + LOG( + "UpdateService:_postUpdateProcessing - unable to check for " + + "updates... returning early" + ); + return; + } + let status = readStatusFile(getReadyUpdateDir()); + LOG(`UpdateService:_postUpdateProcessing - status = "${status}"`); + + if (!this.canApplyUpdates) { + LOG( + "UpdateService:_postUpdateProcessing - unable to apply " + + "updates... returning early" + ); + if (hasUpdateMutex()) { + // If the update is present in the update directory somehow, + // it would prevent us from notifying the user of further updates. + LOG( + "UpdateService:_postUpdateProcessing - Cleaning up active updates." + ); + cleanupActiveUpdates(); + } + return; + } + + let updates = []; + if (lazy.UM.readyUpdate) { + updates.push(lazy.UM.readyUpdate); + } + if (lazy.UM.downloadingUpdate) { + updates.push(lazy.UM.downloadingUpdate); + } + + if (status == STATE_NONE) { + // A status of STATE_NONE in _postUpdateProcessing means that the + // update.status file is present but there isn't an update in progress. + // This isn't an expected state, so if we find ourselves in it, we want + // to just clean things up to go back to a good state. + LOG( + "UpdateService:_postUpdateProcessing - Cleaning up unexpected state." + ); + if (!updates.length) { + updates.push(new Update(null)); + } + for (let update of updates) { + update.state = STATE_FAILED; + update.errorCode = ERR_UPDATE_STATE_NONE; + update.statusText = + lazy.gUpdateBundle.GetStringFromName("statusFailed"); + } + let newStatus = STATE_FAILED + ": " + ERR_UPDATE_STATE_NONE; + pingStateAndStatusCodes(updates[0], true, newStatus); + cleanupActiveUpdates(); + return; + } + + let channelChanged = updates => { + for (let update of updates) { + if (update.channel != lazy.UpdateUtils.UpdateChannel) { + return true; + } + } + return false; + }; + if (channelChanged(updates)) { + let channel = lazy.UM.readyUpdate + ? lazy.UM.readyUpdate.channel + : lazy.UM.downloadingUpdate.channel; + LOG( + "UpdateService:_postUpdateProcessing - update channel is " + + "different than application's channel, removing update. update " + + "channel: " + + channel + + ", expected channel: " + + lazy.UpdateUtils.UpdateChannel + ); + // User switched channels, clear out the old active updates and remove + // partial downloads + for (let update of updates) { + update.state = STATE_FAILED; + update.errorCode = ERR_CHANNEL_CHANGE; + update.statusText = + lazy.gUpdateBundle.GetStringFromName("statusFailed"); + } + let newStatus = STATE_FAILED + ": " + ERR_CHANNEL_CHANGE; + pingStateAndStatusCodes(updates[0], true, newStatus); + cleanupActiveUpdates(); + return; + } + + // Handle the case when the update is the same or older than the current + // version and nsUpdateDriver.cpp skipped updating due to the version being + // older than the current version. This also handles the general case when + // an update is for an older version or the same version and same build ID. + if ( + status == STATE_PENDING || + status == STATE_PENDING_SERVICE || + status == STATE_APPLIED || + status == STATE_APPLIED_SERVICE || + status == STATE_PENDING_ELEVATE || + status == STATE_DOWNLOADING + ) { + let tooOldUpdate; + if ( + updateIsAtLeastAsOldAs( + lazy.UM.readyUpdate, + Services.appinfo.version, + Services.appinfo.appBuildID + ) + ) { + tooOldUpdate = lazy.UM.readyUpdate; + } else if ( + updateIsAtLeastAsOldAs( + lazy.UM.downloadingUpdate, + Services.appinfo.version, + Services.appinfo.appBuildID + ) + ) { + tooOldUpdate = lazy.UM.downloadingUpdate; + } + if (tooOldUpdate) { + LOG( + "UpdateService:_postUpdateProcessing - removing update for older " + + "application version or same application version with same build " + + "ID. update application version: " + + tooOldUpdate.appVersion + + ", " + + "application version: " + + Services.appinfo.version + + ", update " + + "build ID: " + + tooOldUpdate.buildID + + ", application build ID: " + + Services.appinfo.appBuildID + ); + tooOldUpdate.state = STATE_FAILED; + tooOldUpdate.statusText = + lazy.gUpdateBundle.GetStringFromName("statusFailed"); + tooOldUpdate.errorCode = ERR_OLDER_VERSION_OR_SAME_BUILD; + // This could be split out to report telemetry for each case. + let newStatus = STATE_FAILED + ": " + ERR_OLDER_VERSION_OR_SAME_BUILD; + pingStateAndStatusCodes(tooOldUpdate, true, newStatus); + // Cleanup both updates regardless of which one is too old. It's + // exceedingly unlikely that a user could end up in a state where one + // update is acceptable and the other isn't. And it makes this function + // considerably more complex to try to deal with that possibility. + cleanupActiveUpdates(); + return; + } + } + + pingStateAndStatusCodes( + status == STATE_DOWNLOADING + ? lazy.UM.downloadingUpdate + : lazy.UM.readyUpdate, + true, + status + ); + if (lazy.UM.downloadingUpdate || status == STATE_DOWNLOADING) { + if (status == STATE_SUCCEEDED) { + // If we successfully installed an update while we were downloading + // another update, the downloading update is now a partial MAR for + // a version that is no longer installed. We know that it's a partial + // MAR without checking because we currently only download partial MARs + // when an update has already been downloaded. + LOG( + "UpdateService:_postUpdateProcessing - removing downloading patch " + + "because we installed a different patch before it finished" + + "downloading." + ); + cleanupDownloadingUpdate(); + } else { + // Attempt to resume download + if (lazy.UM.downloadingUpdate) { + LOG( + "UpdateService:_postUpdateProcessing - resuming patch found in " + + "downloading state" + ); + let success = await this.downloadUpdate(lazy.UM.downloadingUpdate); + if (!success) { + LOG( + "UpdateService:_postUpdateProcessing - Failed to resume patch. " + + "Cleaning up downloading update." + ); + cleanupDownloadingUpdate(); + } + } else { + LOG( + "UpdateService:_postUpdateProcessing - Warning: found " + + "downloading state, but no downloading patch. Cleaning up " + + "active updates." + ); + // Put ourselves back in a good state. + cleanupActiveUpdates(); + } + if (status == STATE_DOWNLOADING) { + // Done dealing with the downloading update, and there is no ready + // update, so return early. + return; + } + } + } + + let update = lazy.UM.readyUpdate; + + if (status == STATE_APPLYING) { + // This indicates that the background updater service is in either of the + // following two states: + // 1. It is in the process of applying an update in the background, and + // we just happen to be racing against that. + // 2. It has failed to apply an update for some reason, and we hit this + // case because the updater process has set the update status to + // applying, but has never finished. + // In order to differentiate between these two states, we look at the + // state field of the update object. If it's "pending", then we know + // that this is the first time we're hitting this case, so we switch + // that state to "applying" and we just wait and hope for the best. + // If it's "applying", we know that we've already been here once, so + // we really want to start from a clean state. + if ( + update && + (update.state == STATE_PENDING || update.state == STATE_PENDING_SERVICE) + ) { + LOG( + "UpdateService:_postUpdateProcessing - patch found in applying " + + "state for the first time" + ); + update.state = STATE_APPLYING; + lazy.UM.saveUpdates(); + transitionState(Ci.nsIApplicationUpdateService.STATE_STAGING); + pollForStagingEnd(); + } else { + // We get here even if we don't have an update object + LOG( + "UpdateService:_postUpdateProcessing - patch found in applying " + + "state for the second time. Cleaning up ready update." + ); + cleanupReadyUpdate(); + } + return; + } + + if (!update) { + if (status != STATE_SUCCEEDED) { + LOG( + "UpdateService:_postUpdateProcessing - previous patch failed " + + "and no patch available. Cleaning up ready update." + ); + cleanupReadyUpdate(); + return; + } + LOG( + "UpdateService:_postUpdateProcessing - Update data missing. Creating " + + "an empty update object." + ); + update = new Update(null); + } + + let parts = status.split(":"); + update.state = parts[0]; + LOG( + `UpdateService:_postUpdateProcessing - Setting update's state from ` + + `the status file (="${update.state}")` + ); + if (update.state == STATE_FAILED && parts[1]) { + update.errorCode = parseInt(parts[1]); + LOG( + `UpdateService:_postUpdateProcessing - Setting update's errorCode ` + + `from the status file (="${update.errorCode}")` + ); + } + + if (status != STATE_SUCCEEDED) { + // Rotate the update logs so the update log isn't removed. By passing + // false the patch directory won't be removed. + cleanUpReadyUpdateDir(false); + } + + if (status == STATE_SUCCEEDED) { + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_CANCELATIONS)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_CANCELATIONS); + } + update.statusText = + lazy.gUpdateBundle.GetStringFromName("installSuccess"); + + // The only time that update is not a reference to readyUpdate is when + // readyUpdate is null. + if (!lazy.UM.readyUpdate) { + LOG( + "UpdateService:_postUpdateProcessing - Assigning successful update " + + "readyUpdate before cleaning it up." + ); + lazy.UM.readyUpdate = update; + } + + // Done with this update. Clean it up. + LOG( + "UpdateService:_postUpdateProcessing - Cleaning up successful ready " + + "update." + ); + cleanupReadyUpdate(); + + Services.prefs.setIntPref(PREF_APP_UPDATE_ELEVATE_ATTEMPTS, 0); + } else if (status == STATE_PENDING_ELEVATE) { + // In case the active-update.xml file is deleted. + if (!update) { + LOG( + "UpdateService:_postUpdateProcessing - status is pending-elevate " + + "but there isn't a ready update, removing update" + ); + cleanupReadyUpdate(); + } else { + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + if (Services.startup.wasSilentlyStarted) { + // This check _should_ be unnecessary since we should not silently + // restart if state == pending-elevate. But the update elevation + // dialog is a way that we could potentially show UI on startup, even + // with no windows open. Which we really do not want to do on a silent + // restart. + // So this is defense in depth. + LOG( + "UpdateService:_postUpdateProcessing - status is " + + "pending-elevate, but this is a silent startup, so the " + + "elevation window has been suppressed." + ); + } else { + LOG( + "UpdateService:_postUpdateProcessing - status is " + + "pending-elevate. Showing Update elevation dialog." + ); + let uri = "chrome://mozapps/content/update/updateElevation.xhtml"; + let features = + "chrome,centerscreen,resizable=no,titlebar,toolbar=no,dialog=no"; + Services.ww.openWindow(null, uri, "Update:Elevation", features, null); + } + } + } else { + // If there was an I/O error it is assumed that the patch is not invalid + // and it is set to pending so an attempt to apply it again will happen + // when the application is restarted. + if (update.state == STATE_FAILED && update.errorCode) { + LOG( + "UpdateService:_postUpdateProcessing - Attempting handleUpdateFailure" + ); + if (handleUpdateFailure(update)) { + LOG( + "UpdateService:_postUpdateProcessing - handleUpdateFailure success." + ); + return; + } + } + + LOG( + "UpdateService:_postUpdateProcessing - Attempting to fall back to a " + + "complete update." + ); + // Something went wrong with the patch application process. + await handleFallbackToCompleteUpdate(); + } + }, + + /** + * Register an observer when the network comes online, so we can short-circuit + * the app.update.interval when there isn't connectivity + */ + _registerOnlineObserver: function AUS__registerOnlineObserver() { + if (this._registeredOnlineObserver) { + LOG( + "UpdateService:_registerOnlineObserver - observer already registered" + ); + return; + } + + LOG( + "UpdateService:_registerOnlineObserver - waiting for the network to " + + "be online, then forcing another check" + ); + + Services.obs.addObserver(this, "network:offline-status-changed"); + this._registeredOnlineObserver = true; + }, + + /** + * Called from the network:offline-status-changed observer. + */ + _offlineStatusChanged: async function AUS__offlineStatusChanged(status) { + if (status !== "online") { + return; + } + + Services.obs.removeObserver(this, "network:offline-status-changed"); + this._registeredOnlineObserver = false; + + LOG( + "UpdateService:_offlineStatusChanged - network is online, forcing " + + "another background check" + ); + + // the background checker is contained in notify + await this._attemptResume(); + }, + + /** + * See nsIUpdateService.idl + */ + onCheckComplete: async function AUS_onCheckComplete(result) { + if (result.succeeded) { + await this._selectAndInstallUpdate(result.updates); + return; + } + + if (!result.checksAllowed) { + LOG("UpdateService:onCheckComplete - checks not allowed"); + return; + } + + // On failure, result.updates is guaranteed to have exactly one update + // containing error information. + let update = result.updates[0]; + + LOG( + "UpdateService:onCheckComplete - error during background update. error " + + "code: " + + update.errorCode + + ", status text: " + + update.statusText + ); + + if (update.errorCode == NETWORK_ERROR_OFFLINE) { + // Register an online observer to try again + this._registerOnlineObserver(); + if (this._pingSuffix) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_OFFLINE); + } + return; + } + + // Send the error code to telemetry + AUSTLMY.pingCheckExError(this._pingSuffix, update.errorCode); + update.errorCode = BACKGROUNDCHECK_MULTIPLE_FAILURES; + let errCount = Services.prefs.getIntPref( + PREF_APP_UPDATE_BACKGROUNDERRORS, + 0 + ); + + // If we already have an update ready, we don't want to worry the user over + // update check failures. As far as the user knows, the update status is + // the status of the ready update. We don't want to confuse them by saying + // that an update check failed. + if (lazy.UM.readyUpdate) { + LOG( + "UpdateService:onCheckComplete - Ignoring error because another " + + "update is ready." + ); + return; + } + + errCount++; + Services.prefs.setIntPref(PREF_APP_UPDATE_BACKGROUNDERRORS, errCount); + // Don't allow the preference to set a value greater than 20 for max errors. + let maxErrors = Math.min( + Services.prefs.getIntPref(PREF_APP_UPDATE_BACKGROUNDMAXERRORS, 10), + 20 + ); + + if (errCount >= maxErrors) { + LOG( + "UpdateService:onCheckComplete - notifying observers of error. " + + "topic: update-error, status: check-attempts-exceeded" + ); + Services.obs.notifyObservers( + update, + "update-error", + "check-attempts-exceeded" + ); + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_GENERAL_ERROR_PROMPT); + } else { + LOG( + "UpdateService:onCheckComplete - notifying observers of error. " + + "topic: update-error, status: check-attempt-failed" + ); + Services.obs.notifyObservers( + update, + "update-error", + "check-attempt-failed" + ); + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_GENERAL_ERROR_SILENT); + } + }, + + /** + * Called when a connection should be resumed + */ + _attemptResume: async function AUS_attemptResume() { + LOG("UpdateService:_attemptResume"); + // If a download is in progress and we aren't already downloading it, then + // resume it. + if (this.isDownloading) { + // There is nothing to resume. We are already downloading. + LOG("UpdateService:_attemptResume - already downloading."); + return; + } + if ( + this._downloader && + this._downloader._patch && + this._downloader._patch.state == STATE_DOWNLOADING && + this._downloader._update + ) { + LOG( + "UpdateService:_attemptResume - _patch.state: " + + this._downloader._patch.state + ); + let success = await this.downloadUpdate(this._downloader._update); + LOG("UpdateService:_attemptResume - downloadUpdate success: " + success); + if (!success) { + LOG( + "UpdateService:_attemptResume - Resuming download failed. Cleaning " + + "up downloading update." + ); + cleanupDownloadingUpdate(); + } + return; + } + + // Kick off an update check + (async () => { + let check = lazy.CheckSvc.checkForUpdates(lazy.CheckSvc.BACKGROUND_CHECK); + await this.onCheckComplete(await check.result); + })(); + }, + + /** + * Notified when a timer fires + * @param timer + * The timer that fired + */ + notify: function AUS_notify(timer) { + this._checkForBackgroundUpdates(true); + }, + + /** + * See nsIUpdateService.idl + */ + checkForBackgroundUpdates: function AUS_checkForBackgroundUpdates() { + return this._checkForBackgroundUpdates(false); + }, + + // The suffix used for background update check telemetry histogram ID's. + get _pingSuffix() { + if (lazy.UM.readyUpdate) { + // Once an update has been downloaded, all later updates will be reported + // to telemetry as subsequent updates. We move the first update into + // readyUpdate as soon as the download is complete, so any update checks + // after readyUpdate is no longer null are subsequent update checks. + return AUSTLMY.SUBSEQUENT; + } + return this._isNotify ? AUSTLMY.NOTIFY : AUSTLMY.EXTERNAL; + }, + + /** + * Checks for updates in the background. + * @param isNotify + * Whether or not a background update check was initiated by the + * application update timer notification. + */ + _checkForBackgroundUpdates: function AUS__checkForBackgroundUpdates( + isNotify + ) { + if (!this.disabled && AppConstants.NIGHTLY_BUILD) { + // Scalar ID: update.suppress_prompts + AUSTLMY.pingSuppressPrompts(); + } + if (this.disabled || this.manualUpdateOnly) { + // Return immediately if we are disabled by policy. Otherwise, just the + // telemetry we try to collect below can potentially trigger a restart + // prompt if the update directory isn't writable. And we shouldn't be + // telling the user about update failures if update is disabled. + // See Bug 1599590. + // Note that we exit unconditionally here if we are only doing manual + // update checks, because manual update checking uses a completely + // different code path (AppUpdater.jsm creates its own nsIUpdateChecker), + // bypassing this function completely. + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_DISABLED_BY_POLICY); + return false; + } + + this._isNotify = isNotify; + + // Histogram IDs: + // UPDATE_PING_COUNT_EXTERNAL + // UPDATE_PING_COUNT_NOTIFY + // UPDATE_PING_COUNT_SUBSEQUENT + AUSTLMY.pingGeneric("UPDATE_PING_COUNT_" + this._pingSuffix, true, false); + + // Histogram IDs: + // UPDATE_UNABLE_TO_APPLY_EXTERNAL + // UPDATE_UNABLE_TO_APPLY_NOTIFY + // UPDATE_UNABLE_TO_APPLY_SUBSEQUENT + AUSTLMY.pingGeneric( + "UPDATE_UNABLE_TO_APPLY_" + this._pingSuffix, + getCanApplyUpdates(), + true + ); + // Histogram IDs: + // UPDATE_CANNOT_STAGE_EXTERNAL + // UPDATE_CANNOT_STAGE_NOTIFY + // UPDATE_CANNOT_STAGE_SUBSEQUENT + AUSTLMY.pingGeneric( + "UPDATE_CANNOT_STAGE_" + this._pingSuffix, + getCanStageUpdates(), + true + ); + if (AppConstants.platform == "win") { + // Histogram IDs: + // UPDATE_CAN_USE_BITS_EXTERNAL + // UPDATE_CAN_USE_BITS_NOTIFY + // UPDATE_CAN_USE_BITS_SUBSEQUENT + AUSTLMY.pingGeneric( + "UPDATE_CAN_USE_BITS_" + this._pingSuffix, + getCanUseBits() + ); + } + // Histogram IDs: + // UPDATE_INVALID_LASTUPDATETIME_EXTERNAL + // UPDATE_INVALID_LASTUPDATETIME_NOTIFY + // UPDATE_INVALID_LASTUPDATETIME_SUBSEQUENT + // UPDATE_LAST_NOTIFY_INTERVAL_DAYS_EXTERNAL + // UPDATE_LAST_NOTIFY_INTERVAL_DAYS_NOTIFY + // UPDATE_LAST_NOTIFY_INTERVAL_DAYS_SUBSEQUENT + AUSTLMY.pingLastUpdateTime(this._pingSuffix); + // Histogram IDs: + // UPDATE_NOT_PREF_UPDATE_AUTO_EXTERNAL + // UPDATE_NOT_PREF_UPDATE_AUTO_NOTIFY + // UPDATE_NOT_PREF_UPDATE_AUTO_SUBSEQUENT + lazy.UpdateUtils.getAppUpdateAutoEnabled().then(enabled => { + AUSTLMY.pingGeneric( + "UPDATE_NOT_PREF_UPDATE_AUTO_" + this._pingSuffix, + enabled, + true + ); + }); + // Histogram IDs: + // UPDATE_NOT_PREF_UPDATE_STAGING_ENABLED_EXTERNAL + // UPDATE_NOT_PREF_UPDATE_STAGING_ENABLED_NOTIFY + // UPDATE_NOT_PREF_UPDATE_STAGING_ENABLED_SUBSEQUENT + AUSTLMY.pingBoolPref( + "UPDATE_NOT_PREF_UPDATE_STAGING_ENABLED_" + this._pingSuffix, + PREF_APP_UPDATE_STAGING_ENABLED, + true, + true + ); + if (AppConstants.platform == "win" || AppConstants.platform == "macosx") { + // Histogram IDs: + // UPDATE_PREF_UPDATE_CANCELATIONS_EXTERNAL + // UPDATE_PREF_UPDATE_CANCELATIONS_NOTIFY + // UPDATE_PREF_UPDATE_CANCELATIONS_SUBSEQUENT + AUSTLMY.pingIntPref( + "UPDATE_PREF_UPDATE_CANCELATIONS_" + this._pingSuffix, + PREF_APP_UPDATE_CANCELATIONS, + 0, + 0 + ); + } + if (AppConstants.MOZ_MAINTENANCE_SERVICE) { + // Histogram IDs: + // UPDATE_NOT_PREF_UPDATE_SERVICE_ENABLED_EXTERNAL + // UPDATE_NOT_PREF_UPDATE_SERVICE_ENABLED_NOTIFY + // UPDATE_NOT_PREF_UPDATE_SERVICE_ENABLED_SUBSEQUENT + AUSTLMY.pingBoolPref( + "UPDATE_NOT_PREF_UPDATE_SERVICE_ENABLED_" + this._pingSuffix, + PREF_APP_UPDATE_SERVICE_ENABLED, + true + ); + // Histogram IDs: + // UPDATE_PREF_SERVICE_ERRORS_EXTERNAL + // UPDATE_PREF_SERVICE_ERRORS_NOTIFY + // UPDATE_PREF_SERVICE_ERRORS_SUBSEQUENT + AUSTLMY.pingIntPref( + "UPDATE_PREF_SERVICE_ERRORS_" + this._pingSuffix, + PREF_APP_UPDATE_SERVICE_ERRORS, + 0, + 0 + ); + if (AppConstants.platform == "win") { + // Histogram IDs: + // UPDATE_SERVICE_INSTALLED_EXTERNAL + // UPDATE_SERVICE_INSTALLED_NOTIFY + // UPDATE_SERVICE_INSTALLED_SUBSEQUENT + // UPDATE_SERVICE_MANUALLY_UNINSTALLED_EXTERNAL + // UPDATE_SERVICE_MANUALLY_UNINSTALLED_NOTIFY + // UPDATE_SERVICE_MANUALLY_UNINSTALLED_SUBSEQUENT + AUSTLMY.pingServiceInstallStatus( + this._pingSuffix, + isServiceInstalled() + ); + } + } + + // If a download is in progress or the patch has been staged do nothing. + if (this.isDownloading) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_IS_DOWNLOADING); + return false; + } + + // Once we have downloaded a complete update, do not download further + // updates until the complete update is installed. This is important, + // because if we fall back from a partial update to a complete update, + // it might be because of changes to the patch directory (which would cause + // a failure to apply any partial MAR). So we really don't want to replace + // a downloaded complete update with a downloaded partial update. And we + // do not currently download complete updates if there is already a + // readyUpdate available. + if ( + lazy.UM.readyUpdate && + lazy.UM.readyUpdate.selectedPatch && + lazy.UM.readyUpdate.selectedPatch.type == "complete" + ) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_IS_DOWNLOADED); + return false; + } + + // If we start downloading an update while the readyUpdate is staging, we + // run the risk of eventually wanting to overwrite readyUpdate with the + // downloadingUpdate while the readyUpdate is still staging. Then we would + // have to have a weird intermediate state where the downloadingUpdate has + // finished downloading, but can't be moved yet. It's simpler to just not + // start a new update if the old one is still staging. + if (this.currentState == Ci.nsIApplicationUpdateService.STATE_STAGING) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_IS_DOWNLOADED); + return false; + } + + // Asynchronously kick off update checking + (async () => { + let validUpdateURL = true; + try { + await lazy.CheckSvc.getUpdateURL(lazy.CheckSvc.BACKGROUND_CHECK); + } catch (e) { + validUpdateURL = false; + } + + // The following checks are done here so they can be differentiated from + // foreground checks. + if (!lazy.UpdateUtils.OSVersion) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_NO_OS_VERSION); + } else if (!lazy.UpdateUtils.ABI) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_NO_OS_ABI); + } else if (!validUpdateURL) { + AUSTLMY.pingCheckCode( + this._pingSuffix, + AUSTLMY.CHK_INVALID_DEFAULT_URL + ); + } else if (!hasUpdateMutex()) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_NO_MUTEX); + } else if (isOtherInstanceRunning()) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_OTHER_INSTANCE); + } else if (!this.canCheckForUpdates) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_UNABLE_TO_CHECK); + } + + let check = lazy.CheckSvc.checkForUpdates(lazy.CheckSvc.BACKGROUND_CHECK); + await this.onCheckComplete(await check.result); + })(); + + return true; + }, + + /** + * Determine the update from the specified updates that should be offered. + * If both valid major and minor updates are available the minor update will + * be offered. + * @param updates + * An array of available nsIUpdate items + * @return The nsIUpdate to offer. + */ + selectUpdate: function AUS_selectUpdate(updates) { + if (!updates.length) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_NO_UPDATE_FOUND); + return null; + } + + // The ping for unsupported is sent after the call to showPrompt. + if (updates.length == 1 && updates[0].unsupported) { + return updates[0]; + } + + // Choose the newest of the available minor and major updates. + var majorUpdate = null; + var minorUpdate = null; + var vc = Services.vc; + let lastCheckCode = AUSTLMY.CHK_NO_COMPAT_UPDATE_FOUND; + + updates.forEach(function (aUpdate) { + // Ignore updates for older versions of the application and updates for + // the same version of the application with the same build ID. + if (updateIsAtLeastAsOldAsCurrentVersion(aUpdate)) { + LOG( + "UpdateService:selectUpdate - skipping update because the " + + "update's application version is not greater than the current " + + "application version" + ); + lastCheckCode = AUSTLMY.CHK_UPDATE_PREVIOUS_VERSION; + return; + } + + if (updateIsAtLeastAsOldAsReadyUpdate(aUpdate)) { + LOG( + "UpdateService:selectUpdate - skipping update because the " + + "update's application version is not greater than that of the " + + "currently downloaded update" + ); + lastCheckCode = AUSTLMY.CHK_UPDATE_PREVIOUS_VERSION; + return; + } + + if (lazy.UM.readyUpdate && !getPatchOfType(aUpdate, "partial")) { + LOG( + "UpdateService:selectUpdate - skipping update because no partial " + + "patch is available and an update has already been downloaded." + ); + lastCheckCode = AUSTLMY.CHK_NO_PARTIAL_PATCH; + return; + } + + switch (aUpdate.type) { + case "major": + if (!majorUpdate) { + majorUpdate = aUpdate; + } else if ( + vc.compare(majorUpdate.appVersion, aUpdate.appVersion) <= 0 + ) { + majorUpdate = aUpdate; + } + break; + case "minor": + if (!minorUpdate) { + minorUpdate = aUpdate; + } else if ( + vc.compare(minorUpdate.appVersion, aUpdate.appVersion) <= 0 + ) { + minorUpdate = aUpdate; + } + break; + default: + LOG( + "UpdateService:selectUpdate - skipping unknown update type: " + + aUpdate.type + ); + lastCheckCode = AUSTLMY.CHK_UPDATE_INVALID_TYPE; + break; + } + }); + + let update = minorUpdate || majorUpdate; + if (AppConstants.platform == "macosx" && update) { + if (getElevationRequired()) { + let installAttemptVersion = Services.prefs.getCharPref( + PREF_APP_UPDATE_ELEVATE_VERSION, + null + ); + if (vc.compare(installAttemptVersion, update.appVersion) != 0) { + Services.prefs.setCharPref( + PREF_APP_UPDATE_ELEVATE_VERSION, + update.appVersion + ); + if ( + Services.prefs.prefHasUserValue(PREF_APP_UPDATE_CANCELATIONS_OSX) + ) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_CANCELATIONS_OSX); + } + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_ELEVATE_NEVER)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_ELEVATE_NEVER); + } + } else { + let numCancels = Services.prefs.getIntPref( + PREF_APP_UPDATE_CANCELATIONS_OSX, + 0 + ); + let rejectedVersion = Services.prefs.getCharPref( + PREF_APP_UPDATE_ELEVATE_NEVER, + "" + ); + let maxCancels = Services.prefs.getIntPref( + PREF_APP_UPDATE_CANCELATIONS_OSX_MAX, + DEFAULT_CANCELATIONS_OSX_MAX + ); + if (numCancels >= maxCancels) { + LOG( + "UpdateService:selectUpdate - the user requires elevation to " + + "install this update, but the user has exceeded the max " + + "number of elevation attempts." + ); + update.elevationFailure = true; + AUSTLMY.pingCheckCode( + this._pingSuffix, + AUSTLMY.CHK_ELEVATION_DISABLED_FOR_VERSION + ); + } else if (vc.compare(rejectedVersion, update.appVersion) == 0) { + LOG( + "UpdateService:selectUpdate - the user requires elevation to " + + "install this update, but elevation is disabled for this " + + "version." + ); + update.elevationFailure = true; + AUSTLMY.pingCheckCode( + this._pingSuffix, + AUSTLMY.CHK_ELEVATION_OPTOUT_FOR_VERSION + ); + } else { + LOG( + "UpdateService:selectUpdate - the user requires elevation to " + + "install the update." + ); + } + } + } else { + // Clear elevation-related prefs since they no longer apply (the user + // may have gained write access to the Firefox directory or an update + // was executed with a different profile). + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_ELEVATE_VERSION)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_ELEVATE_VERSION); + } + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_CANCELATIONS_OSX)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_CANCELATIONS_OSX); + } + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_ELEVATE_NEVER)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_ELEVATE_NEVER); + } + } + } else if (!update) { + AUSTLMY.pingCheckCode(this._pingSuffix, lastCheckCode); + } + + return update; + }, + + /** + * Determine which of the specified updates should be installed and begin the + * download/installation process or notify the user about the update. + * @param updates + * An array of available updates + */ + _selectAndInstallUpdate: async function AUS__selectAndInstallUpdate(updates) { + // Return early if there's an active update. The user is already aware and + // is downloading or performed some user action to prevent notification. + if (lazy.UM.downloadingUpdate) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_HAS_ACTIVEUPDATE); + return; + } + + if (this.disabled) { + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_DISABLED_BY_POLICY); + LOG( + "UpdateService:_selectAndInstallUpdate - not prompting because " + + "update is disabled" + ); + return; + } + + var update = this.selectUpdate(updates); + if (!update || update.elevationFailure) { + return; + } + + if (update.unsupported) { + LOG( + "UpdateService:_selectAndInstallUpdate - update not supported for " + + "this system. Notifying observers. topic: update-available, " + + "status: unsupported" + ); + Services.obs.notifyObservers(update, "update-available", "unsupported"); + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_UNSUPPORTED); + return; + } + + if (!getCanApplyUpdates()) { + LOG( + "UpdateService:_selectAndInstallUpdate - the user is unable to " + + "apply updates... prompting. Notifying observers. " + + "topic: update-available, status: cant-apply" + ); + Services.obs.notifyObservers(null, "update-available", "cant-apply"); + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_UNABLE_TO_APPLY); + return; + } + + /** + * From this point on there are two possible outcomes: + * 1. download and install the update automatically + * 2. notify the user about the availability of an update + * + * Notes: + * a) if the app.update.auto preference is false then automatic download and + * install is disabled and the user will be notified. + * + * If the update when it is first read does not have an appVersion attribute + * the following deprecated behavior will occur: + * Update Type Outcome + * Major Notify + * Minor Auto Install + */ + let updateAuto = await lazy.UpdateUtils.getAppUpdateAutoEnabled(); + if (!updateAuto) { + LOG( + "UpdateService:_selectAndInstallUpdate - prompting because silent " + + "install is disabled. Notifying observers. topic: update-available, " + + "status: show-prompt" + ); + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_SHOWPROMPT_PREF); + Services.obs.notifyObservers(update, "update-available", "show-prompt"); + return; + } + + LOG("UpdateService:_selectAndInstallUpdate - download the update"); + let success = await this.downloadUpdate(update); + if (!success && !this.isDownloading) { + LOG( + "UpdateService:_selectAndInstallUpdate - Failed to start downloading " + + "update. Cleaning up downloading update." + ); + cleanupDownloadingUpdate(); + } + AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_DOWNLOAD_UPDATE); + }, + + get disabledForTesting() { + return ( + (Cu.isInAutomation || + lazy.Marionette.running || + lazy.RemoteAgent.running) && + Services.prefs.getBoolPref(PREF_APP_UPDATE_DISABLEDFORTESTING, false) + ); + }, + + /** + * See nsIUpdateService.idl + */ + get disabled() { + return ( + (Services.policies && !Services.policies.isAllowed("appUpdate")) || + this.disabledForTesting || + Services.sysinfo.getProperty("isPackagedApp") + ); + }, + + /** + * See nsIUpdateService.idl + */ + get manualUpdateOnly() { + return ( + Services.policies && !Services.policies.isAllowed("autoAppUpdateChecking") + ); + }, + + /** + * See nsIUpdateService.idl + */ + get canUsuallyCheckForUpdates() { + if (this.disabled) { + LOG( + "UpdateService.canUsuallyCheckForUpdates - unable to automatically check " + + "for updates, the option has been disabled by the administrator." + ); + return false; + } + + // If we don't know the binary platform we're updating, we can't update. + if (!lazy.UpdateUtils.ABI) { + LOG( + "UpdateService.canUsuallyCheckForUpdates - unable to check for updates, " + + "unknown ABI" + ); + return false; + } + + // If we don't know the OS version we're updating, we can't update. + if (!lazy.UpdateUtils.OSVersion) { + LOG( + "UpdateService.canUsuallyCheckForUpdates - unable to check for updates, " + + "unknown OS version" + ); + return false; + } + + LOG("UpdateService.canUsuallyCheckForUpdates - able to check for updates"); + return true; + }, + + /** + * See nsIUpdateService.idl + */ + get canCheckForUpdates() { + if (!this.canUsuallyCheckForUpdates) { + return false; + } + + if (!hasUpdateMutex()) { + LOG( + "UpdateService.canCheckForUpdates - unable to check for updates, " + + "unable to acquire update mutex" + ); + return false; + } + + if (isOtherInstanceRunning()) { + // This doesn't block update checks, but we will have to wait until either + // the other instance is gone or we time out waiting for it. + LOG( + "UpdateService.canCheckForUpdates - another instance is holding the " + + "lock, will need to wait for it prior to checking for updates" + ); + } + + LOG("UpdateService.canCheckForUpdates - able to check for updates"); + return true; + }, + + /** + * See nsIUpdateService.idl + */ + get elevationRequired() { + return getElevationRequired(); + }, + + /** + * See nsIUpdateService.idl + */ + get canUsuallyApplyUpdates() { + return getCanApplyUpdates(); + }, + + /** + * See nsIUpdateService.idl + */ + get canApplyUpdates() { + return ( + this.canUsuallyApplyUpdates && + hasUpdateMutex() && + !isOtherInstanceRunning() + ); + }, + + /** + * See nsIUpdateService.idl + */ + get canUsuallyStageUpdates() { + return getCanStageUpdates(false); + }, + + /** + * See nsIUpdateService.idl + */ + get canStageUpdates() { + return getCanStageUpdates(); + }, + + /** + * See nsIUpdateService.idl + */ + get canUsuallyUseBits() { + return getCanUseBits(false) == "CanUseBits"; + }, + + /** + * See nsIUpdateService.idl + */ + get canUseBits() { + return getCanUseBits() == "CanUseBits"; + }, + + /** + * See nsIUpdateService.idl + */ + get isOtherInstanceHandlingUpdates() { + return !hasUpdateMutex() || isOtherInstanceRunning(); + }, + + /** + * A set of download listeners to be notified by this._downloader when it + * receives nsIRequestObserver or nsIProgressEventSink method calls. + * + * These are stored on the UpdateService rather than on the Downloader, + * because they ought to persist across multiple Downloader instances. + */ + _downloadListeners: new Set(), + + /** + * See nsIUpdateService.idl + */ + addDownloadListener: function AUS_addDownloadListener(listener) { + let oldSize = this._downloadListeners.size; + this._downloadListeners.add(listener); + + if (this._downloadListeners.size == oldSize) { + LOG( + "UpdateService:addDownloadListener - Warning: Didn't add duplicate " + + "listener" + ); + return; + } + + if (this._downloader) { + this._downloader.onDownloadListenerAdded(); + } + }, + + /** + * See nsIUpdateService.idl + */ + removeDownloadListener: function AUS_removeDownloadListener(listener) { + let elementRemoved = this._downloadListeners.delete(listener); + + if (!elementRemoved) { + LOG( + "UpdateService:removeDownloadListener - Warning: Didn't remove " + + "non-existent listener" + ); + return; + } + + if (this._downloader) { + this._downloader.onDownloadListenerRemoved(); + } + }, + + /** + * Returns a boolean indicating whether there are any download listeners + */ + get hasDownloadListeners() { + return !!this._downloadListeners.length; + }, + + /* + * Calls the provided function once with each download listener that is + * currently registered. + */ + forEachDownloadListener: function AUS_forEachDownloadListener(fn) { + // Make a shallow copy in case listeners remove themselves. + let listeners = new Set(this._downloadListeners); + listeners.forEach(fn); + }, + + /** + * See nsIUpdateService.idl + */ + downloadUpdate: async function AUS_downloadUpdate(update) { + if (!update) { + throw Components.Exception("", Cr.NS_ERROR_NULL_POINTER); + } + + // Don't download the update if the update's version is less than the + // current application's version or the update's version is the same as the + // application's version and the build ID is the same as the application's + // build ID. If we already have an update ready, we want to apply those + // same checks against the version of the ready update, so that we don't + // download an update that isn't newer than the one we already have. + if (updateIsAtLeastAsOldAsCurrentVersion(update)) { + LOG( + "UpdateService:downloadUpdate - Skipping download of update since " + + "it is for an earlier or same application version and build ID.\n" + + "current application version: " + + Services.appinfo.version + + "\n" + + "update application version : " + + update.appVersion + + "\n" + + "current build ID: " + + Services.appinfo.appBuildID + + "\n" + + "update build ID : " + + update.buildID + ); + return false; + } + if (updateIsAtLeastAsOldAsReadyUpdate(update)) { + LOG( + "UpdateService:downloadUpdate - not downloading update because the " + + "update that's already been downloaded is the same version or " + + "newer.\n" + + "currently downloaded update application version: " + + lazy.UM.readyUpdate.appVersion + + "\n" + + "available update application version : " + + update.appVersion + + "\n" + + "currently downloaded update build ID: " + + lazy.UM.readyUpdate.buildID + + "\n" + + "available update build ID : " + + update.buildID + ); + return false; + } + + // If a download request is in progress vs. a download ready to resume + if (this.isDownloading) { + if (update.isCompleteUpdate == this._downloader.isCompleteUpdate) { + LOG( + "UpdateService:downloadUpdate - no support for downloading more " + + "than one update at a time" + ); + return true; + } + this._downloader.cancel(); + } + this._downloader = new Downloader(this); + return this._downloader.downloadUpdate(update); + }, + + /** + * See nsIUpdateService.idl + */ + stopDownload: async function AUS_stopDownload() { + if (this.isDownloading) { + await this._downloader.cancel(); + } else if (this._retryTimer) { + // Download status is still considered as 'downloading' during retry. + // We need to cancel both retry and download at this stage. + this._retryTimer.cancel(); + this._retryTimer = null; + if (this._downloader) { + await this._downloader.cancel(); + } + } + if (this._downloader) { + await this._downloader.cleanup(); + } + this._downloader = null; + }, + + /** + * Note that this is different from checking if `currentState` is + * `STATE_DOWNLOADING` because if we are downloading a second update, this + * will be `true` while `currentState` will be `STATE_PENDING`. + */ + get isDownloading() { + return this._downloader && this._downloader.isBusy; + }, + + _logStatus: function AUS__logStatus() { + if (!lazy.gLogEnabled) { + return; + } + if (this.disabled) { + LOG("Current UpdateService status: disabled"); + // Return early if UpdateService is disabled by policy. Otherwise some of + // the getters we call to display status information may discover that the + // update directory is not writable, which automatically results in the + // permissions being fixed. Which we shouldn't really be doing if update + // is disabled by policy. + return; + } + LOG("Logging current UpdateService status:"); + // These getters print their own logging + this.canCheckForUpdates; + this.canApplyUpdates; + this.canStageUpdates; + LOG("Elevation required: " + this.elevationRequired); + LOG( + "Other instance of the application currently running: " + + this.isOtherInstanceHandlingUpdates + ); + LOG("Downloading: " + !!this.isDownloading); + if (this._downloader && this._downloader.isBusy) { + LOG("Downloading complete update: " + this._downloader.isCompleteUpdate); + LOG("Downloader using BITS: " + this._downloader.usingBits); + if (this._downloader._patch) { + // This will print its own logging + this._downloader._canUseBits(this._downloader._patch); + + // Downloader calls QueryInterface(Ci.nsIWritablePropertyBag) on + // its _patch member as soon as it is assigned, so no need to do so + // again here. + let bitsResult = this._downloader._patch.getProperty("bitsResult"); + if (bitsResult != null) { + LOG("Patch BITS result: " + bitsResult); + } + let internalResult = + this._downloader._patch.getProperty("internalResult"); + if (internalResult != null) { + LOG("Patch nsIIncrementalDownload result: " + internalResult); + } + } + } + LOG("End of UpdateService status"); + }, + + /** + * See nsIUpdateService.idl + */ + get onlyDownloadUpdatesThisSession() { + return gOnlyDownloadUpdatesThisSession; + }, + + /** + * See nsIUpdateService.idl + */ + set onlyDownloadUpdatesThisSession(newValue) { + gOnlyDownloadUpdatesThisSession = newValue; + }, + + /** + * See nsIUpdateService.idl + */ + getStateName(state) { + switch (state) { + case Ci.nsIApplicationUpdateService.STATE_IDLE: + return "STATE_IDLE"; + case Ci.nsIApplicationUpdateService.STATE_DOWNLOADING: + return "STATE_DOWNLOADING"; + case Ci.nsIApplicationUpdateService.STATE_STAGING: + return "STATE_STAGING"; + case Ci.nsIApplicationUpdateService.STATE_PENDING: + return "STATE_PENDING"; + case Ci.nsIApplicationUpdateService.STATE_SWAP: + return "STATE_SWAP"; + } + return `[unknown update state: ${state}]`; + }, + + /** + * See nsIUpdateService.idl + */ + get currentState() { + return gUpdateState; + }, + + /** + * See nsIUpdateService.idl + */ + get stateTransition() { + return gStateTransitionPromise.promise; + }, + + classID: UPDATESERVICE_CID, + + QueryInterface: ChromeUtils.generateQI([ + "nsIApplicationUpdateService", + "nsITimerCallback", + "nsIObserver", + ]), +}; + +/** + * A service to manage active and past updates. + * @constructor + */ +export function UpdateManager() { + // Load the active-update.xml file to see if there is an active update. + let activeUpdates = this._loadXMLFileIntoArray(FILE_ACTIVE_UPDATE_XML); + if (activeUpdates.length) { + // Set the active update directly on the var used to cache the value. + this._readyUpdate = activeUpdates[0]; + if (activeUpdates.length >= 2) { + this._downloadingUpdate = activeUpdates[1]; + } + let status = readStatusFile(getReadyUpdateDir()); + LOG(`UpdateManager:UpdateManager - status = "${status}"`); + // This check is performed here since UpdateService:_postUpdateProcessing + // won't be called when there isn't an update.status file. + if (status == STATE_NONE) { + // Under some edgecases such as Windows system restore the + // active-update.xml will contain a pending update without the status + // file. To recover from this situation clean the updates dir and move + // the active update to the update history. + LOG( + "UpdateManager:UpdateManager - Found update data with no status " + + "file. Cleaning up..." + ); + this._readyUpdate.state = STATE_FAILED; + this._readyUpdate.errorCode = ERR_UPDATE_STATE_NONE; + this._readyUpdate.statusText = + lazy.gUpdateBundle.GetStringFromName("statusFailed"); + let newStatus = STATE_FAILED + ": " + ERR_UPDATE_STATE_NONE; + pingStateAndStatusCodes(this._readyUpdate, true, newStatus); + this.addUpdateToHistory(this._readyUpdate); + this._readyUpdate = null; + this.saveUpdates(); + cleanUpReadyUpdateDir(); + cleanUpDownloadingUpdateDir(); + } else if (status == STATE_DOWNLOADING) { + // The first update we read out of activeUpdates may not be the ready + // update, it may be the downloading update. + if (this._downloadingUpdate) { + // If the first update we read is a downloading update, it's + // unexpected to have read another active update. That would seem to + // indicate that we were downloading two updates at once, which we don't + // do. + LOG( + "UpdateManager:UpdateManager - Warning: Found and discarded a " + + "second downloading update." + ); + } + this._downloadingUpdate = this._readyUpdate; + this._readyUpdate = null; + } + } + + LOG( + "UpdateManager:UpdateManager - Initialized downloadingUpdate to " + + this._downloadingUpdate + ); + if (this._downloadingUpdate) { + LOG( + "UpdateManager:UpdateManager - Initialized downloadingUpdate state to " + + this._downloadingUpdate.state + ); + } + LOG( + "UpdateManager:UpdateManager - Initialized readyUpdate to " + + this._readyUpdate + ); + if (this._readyUpdate) { + LOG( + "UpdateManager:UpdateManager - Initialized readyUpdate state to " + + this._readyUpdate.state + ); + } +} + +UpdateManager.prototype = { + /** + * The nsIUpdate object for the update that has been downloaded. + */ + _readyUpdate: null, + + /** + * The nsIUpdate object for the update currently being downloaded. + */ + _downloadingUpdate: null, + + /** + * Whether the update history stored in _updates has changed since it was + * loaded. + */ + _updatesDirty: false, + + /** + * See nsIObserver.idl + */ + observe: function UM_observe(subject, topic, data) { + // Hack to be able to run and cleanup tests by reloading the update data. + if (topic == "um-reload-update-data") { + if (!Cu.isInAutomation) { + return; + } + LOG("UpdateManager:observe - Reloading update data."); + if (this._updatesXMLSaver) { + this._updatesXMLSaver.disarm(); + } + + let updates = []; + this._updatesDirty = true; + this._readyUpdate = null; + this._downloadingUpdate = null; + transitionState(Ci.nsIApplicationUpdateService.STATE_IDLE); + if (data != "skip-files") { + let activeUpdates = this._loadXMLFileIntoArray(FILE_ACTIVE_UPDATE_XML); + if (activeUpdates.length) { + this._readyUpdate = activeUpdates[0]; + if (activeUpdates.length >= 2) { + this._downloadingUpdate = activeUpdates[1]; + } + let status = readStatusFile(getReadyUpdateDir()); + LOG(`UpdateManager:observe - Got status = ${status}`); + if (status == STATE_DOWNLOADING) { + this._downloadingUpdate = this._readyUpdate; + this._readyUpdate = null; + transitionState(Ci.nsIApplicationUpdateService.STATE_DOWNLOADING); + } else if ( + [ + STATE_PENDING, + STATE_PENDING_SERVICE, + STATE_PENDING_ELEVATE, + STATE_APPLIED, + STATE_APPLIED_SERVICE, + ].includes(status) + ) { + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + } + } + updates = this._loadXMLFileIntoArray(FILE_UPDATES_XML); + } + this._updatesCache = updates; + + LOG( + "UpdateManager:observe - Reloaded downloadingUpdate as " + + this._downloadingUpdate + ); + if (this._downloadingUpdate) { + LOG( + "UpdateManager:observe - Reloaded downloadingUpdate state as " + + this._downloadingUpdate.state + ); + } + LOG( + "UpdateManager:observe - Reloaded readyUpdate as " + this._readyUpdate + ); + if (this._readyUpdate) { + LOG( + "UpdateManager:observe - Reloaded readyUpdate state as " + + this._readyUpdate.state + ); + } + } + }, + + /** + * Loads an updates.xml formatted file into an array of nsIUpdate items. + * @param fileName + * The file name in the updates directory to load. + * @return The array of nsIUpdate items held in the file. + */ + _loadXMLFileIntoArray: function UM__loadXMLFileIntoArray(fileName) { + let updates = []; + let file = getUpdateFile([fileName]); + if (!file.exists()) { + LOG( + "UpdateManager:_loadXMLFileIntoArray - XML file does not exist. " + + "path: " + + file.path + ); + return updates; + } + + // Open the active-update.xml file with both read and write access so + // opening it will fail if it isn't possible to also write to the file. When + // opening it fails it means that it isn't possible to update and the code + // below will return early without loading the active-update.xml. This will + // also make it so notifications to update manually will still be shown. + let mode = + fileName == FILE_ACTIVE_UPDATE_XML + ? FileUtils.MODE_RDWR + : FileUtils.MODE_RDONLY; + let fileStream = Cc[ + "@mozilla.org/network/file-input-stream;1" + ].createInstance(Ci.nsIFileInputStream); + try { + fileStream.init(file, mode, FileUtils.PERMS_FILE, 0); + } catch (e) { + LOG( + "UpdateManager:_loadXMLFileIntoArray - error initializing file " + + "stream. Exception: " + + e + ); + return updates; + } + try { + var parser = new DOMParser(); + var doc = parser.parseFromStream( + fileStream, + "UTF-8", + fileStream.available(), + "text/xml" + ); + + var updateCount = doc.documentElement.childNodes.length; + for (var i = 0; i < updateCount; ++i) { + var updateElement = doc.documentElement.childNodes.item(i); + if ( + updateElement.nodeType != updateElement.ELEMENT_NODE || + updateElement.localName != "update" + ) { + continue; + } + + let update; + try { + update = new Update(updateElement); + } catch (e) { + LOG("UpdateManager:_loadXMLFileIntoArray - invalid update"); + continue; + } + updates.push(update); + } + } catch (ex) { + LOG( + "UpdateManager:_loadXMLFileIntoArray - error constructing update " + + "list. Exception: " + + ex + ); + } + fileStream.close(); + if (!updates.length) { + LOG( + "UpdateManager:_loadXMLFileIntoArray - update xml file " + + fileName + + " exists but doesn't contain any updates" + ); + // The file exists but doesn't contain any updates so remove it. + try { + file.remove(false); + } catch (e) { + LOG( + "UpdateManager:_loadXMLFileIntoArray - error removing " + + fileName + + " file. Exception: " + + e + ); + } + } + return updates; + }, + + /** + * Loads the update history from the updates.xml file into a cache. + */ + _getUpdates() { + if (!this._updatesCache) { + this._updatesCache = this._loadXMLFileIntoArray(FILE_UPDATES_XML); + } + return this._updatesCache; + }, + + /** + * See nsIUpdateService.idl + */ + getUpdateAt: function UM_getUpdateAt(aIndex) { + return this._getUpdates()[aIndex]; + }, + + /** + * See nsIUpdateService.idl + */ + getUpdateCount() { + return this._getUpdates().length; + }, + + /** + * See nsIUpdateService.idl + */ + get readyUpdate() { + return this._readyUpdate; + }, + set readyUpdate(aUpdate) { + this._readyUpdate = aUpdate; + }, + + /** + * See nsIUpdateService.idl + */ + get downloadingUpdate() { + return this._downloadingUpdate; + }, + set downloadingUpdate(aUpdate) { + this._downloadingUpdate = aUpdate; + }, + + /** + * See nsIUpdateService.idl + */ + addUpdateToHistory(aUpdate) { + this._updatesDirty = true; + let updates = this._getUpdates(); + updates.unshift(aUpdate); + // Limit the update history to 10 updates. + updates.splice(10); + }, + + /** + * Serializes an array of updates to an XML file or removes the file if the + * array length is 0. + * @param updates + * An array of nsIUpdate objects + * @param fileName + * The file name in the updates directory to write to. + * @return true on success, false on error + */ + _writeUpdatesToXMLFile: async function UM__writeUpdatesToXMLFile( + updates, + fileName + ) { + let file; + try { + file = getUpdateFile([fileName]); + } catch (e) { + LOG( + "UpdateManager:_writeUpdatesToXMLFile - Unable to get XML file - " + + "Exception: " + + e + ); + return false; + } + if (!updates.length) { + LOG( + "UpdateManager:_writeUpdatesToXMLFile - no updates to write. " + + "removing file: " + + file.path + ); + try { + await IOUtils.remove(file.path); + } catch (e) { + LOG( + "UpdateManager:_writeUpdatesToXMLFile - Delete file exception: " + e + ); + return false; + } + return true; + } + + const EMPTY_UPDATES_DOCUMENT_OPEN = + '<?xml version="1.0"?><updates xmlns="' + URI_UPDATE_NS + '">'; + const EMPTY_UPDATES_DOCUMENT_CLOSE = "</updates>"; + try { + var parser = new DOMParser(); + var doc = parser.parseFromString( + EMPTY_UPDATES_DOCUMENT_OPEN + EMPTY_UPDATES_DOCUMENT_CLOSE, + "text/xml" + ); + + for (var i = 0; i < updates.length; ++i) { + doc.documentElement.appendChild(updates[i].serialize(doc)); + } + + var xml = + EMPTY_UPDATES_DOCUMENT_OPEN + + doc.documentElement.innerHTML + + EMPTY_UPDATES_DOCUMENT_CLOSE; + // If the destination file existed and is removed while the following is + // being performed the copy of the tmp file to the destination file will + // fail. + await IOUtils.writeUTF8(file.path, xml, { + tmpPath: file.path + ".tmp", + }); + await IOUtils.setPermissions(file.path, FileUtils.PERMS_FILE); + } catch (e) { + LOG("UpdateManager:_writeUpdatesToXMLFile - Exception: " + e); + return false; + } + return true; + }, + + _updatesXMLSaver: null, + _updatesXMLSaverCallback: null, + /** + * See nsIUpdateService.idl + */ + saveUpdates: function UM_saveUpdates() { + if (!this._updatesXMLSaver) { + this._updatesXMLSaverCallback = () => this._updatesXMLSaver.finalize(); + + this._updatesXMLSaver = new lazy.DeferredTask( + () => this._saveUpdatesXML(), + XML_SAVER_INTERVAL_MS + ); + lazy.AsyncShutdown.profileBeforeChange.addBlocker( + "UpdateManager: writing update xml data", + this._updatesXMLSaverCallback + ); + } else { + this._updatesXMLSaver.disarm(); + } + + this._updatesXMLSaver.arm(); + }, + + /** + * Saves the active-updates.xml and updates.xml when the updates history has + * been modified files. + */ + _saveUpdatesXML: function UM__saveUpdatesXML() { + // This mechanism for how we store the updates might seem a bit odd, since, + // if only one update is stored, we don't know if it's the ready update or + // the downloading update. However, we can determine which it is by reading + // update.status. If we read STATE_DOWNLOADING, it must be a downloading + // update and otherwise it's a ready update. This method has the additional + // advantage of requiring no migration from when we used to only store a + // single active update. + let updates = []; + if (this._readyUpdate) { + updates.push(this._readyUpdate); + } + if (this._downloadingUpdate) { + updates.push(this._downloadingUpdate); + } + + // The active update stored in the active-update.xml file will change during + // the lifetime of an active update and the file should always be updated + // when saveUpdates is called. + let promises = []; + promises[0] = this._writeUpdatesToXMLFile(updates, FILE_ACTIVE_UPDATE_XML); + // The update history stored in the updates.xml file should only need to be + // updated when an active update has been added to it in which case + // |_updatesDirty| will be true. + if (this._updatesDirty) { + this._updatesDirty = false; + promises[1] = this._writeUpdatesToXMLFile( + this._getUpdates(), + FILE_UPDATES_XML + ); + } + return Promise.all(promises); + }, + + /** + * See nsIUpdateService.idl + */ + refreshUpdateStatus: async function UM_refreshUpdateStatus() { + try { + LOG("UpdateManager:refreshUpdateStatus - Staging done."); + + var update = this._readyUpdate; + if (!update) { + LOG("UpdateManager:refreshUpdateStatus - Missing ready update?"); + return; + } + + var status = readStatusFile(getReadyUpdateDir()); + pingStateAndStatusCodes(update, false, status); + LOG(`UpdateManager:refreshUpdateStatus - status = ${status}`); + + let parts = status.split(":"); + update.state = parts[0]; + if (update.state == STATE_APPLYING) { + LOG( + "UpdateManager:refreshUpdateStatus - Staging appears to have crashed." + ); + update.state = STATE_FAILED; + update.errorCode = ERR_UPDATER_CRASHED; + } else if (update.state == STATE_FAILED) { + LOG("UpdateManager:refreshUpdateStatus - Staging failed."); + if (parts[1]) { + update.errorCode = parseInt(parts[1]) || INVALID_UPDATER_STATUS_CODE; + } else { + update.errorCode = INVALID_UPDATER_STATUS_CODE; + } + } + + // Rotate the update logs so the update log isn't removed if a complete + // update is downloaded. By passing false the patch directory won't be + // removed. + cleanUpReadyUpdateDir(false); + + if (update.state == STATE_FAILED) { + let isMemError = isMemoryAllocationErrorCode(update.errorCode); + if ( + update.errorCode == DELETE_ERROR_STAGING_LOCK_FILE || + update.errorCode == UNEXPECTED_STAGING_ERROR || + isMemError + ) { + update.state = getBestPendingState(); + writeStatusFile(getReadyUpdateDir(), update.state); + if (isMemError) { + LOG( + `UpdateManager:refreshUpdateStatus - Updater failed to ` + + `allocate enough memory to successfully stage. Setting ` + + `status to "${update.state}"` + ); + } else { + LOG( + `UpdateManager:refreshUpdateStatus - Unexpected staging error. ` + + `Setting status to "${update.state}"` + ); + } + } else if (isServiceSpecificErrorCode(update.errorCode)) { + // Sometimes when staging, we might encounter an error that is + // specific to the Maintenance Service. If this happens, we should try + // to update without the Service. + LOG( + `UpdateManager:refreshUpdateStatus - Encountered service ` + + `specific error code: ${update.errorCode}. Will try installing ` + + `update without the Maintenance Service. Setting state to pending` + ); + update.state = STATE_PENDING; + writeStatusFile(getReadyUpdateDir(), update.state); + } else { + LOG( + "UpdateManager:refreshUpdateStatus - Attempting handleUpdateFailure" + ); + if (!handleUpdateFailure(update)) { + LOG( + "UpdateManager:refreshUpdateStatus - handleUpdateFailure " + + "failed. Attempting to fall back to complete update." + ); + await handleFallbackToCompleteUpdate(); + } + } + } + if (update.state == STATE_APPLIED && shouldUseService()) { + LOG( + `UpdateManager:refreshUpdateStatus - Staging successful. ` + + `Setting status to "${STATE_APPLIED_SERVICE}"` + ); + writeStatusFile( + getReadyUpdateDir(), + (update.state = STATE_APPLIED_SERVICE) + ); + } + + // Now that the active update's properties have been updated write the + // active-update.xml to disk. Since there have been no changes to the + // update history the updates.xml will not be written to disk. + this.saveUpdates(); + + // Send an observer notification which the app update doorhanger uses to + // display a restart notification after any langpacks have staged. + await promiseLangPacksUpdated(update); + + if ( + update.state == STATE_APPLIED || + update.state == STATE_APPLIED_SERVICE || + update.state == STATE_PENDING || + update.state == STATE_PENDING_SERVICE || + update.state == STATE_PENDING_ELEVATE + ) { + LOG("UpdateManager:refreshUpdateStatus - Setting state STATE_PENDING"); + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + } + + LOG( + "UpdateManager:refreshUpdateStatus - Notifying observers that " + + "the update was staged. topic: update-staged, status: " + + update.state + ); + Services.obs.notifyObservers(update, "update-staged", update.state); + } finally { + // This function being called is the one thing that tells us that staging + // is done so be very sure that we don't exit it leaving the current + // state at STATE_STAGING. + // The only cases where we haven't already done a state transition are + // error cases, so if another state isn't set, assume that we hit an error + // and aborted the update. + if ( + lazy.AUS.currentState == Ci.nsIApplicationUpdateService.STATE_STAGING + ) { + LOG("UpdateManager:refreshUpdateStatus - Setting state STATE_IDLE"); + transitionState(Ci.nsIApplicationUpdateService.STATE_IDLE); + } + } + }, + + /** + * See nsIUpdateService.idl + */ + elevationOptedIn: function UM_elevationOptedIn() { + // The user has been been made aware that the update requires elevation. + let update = this._readyUpdate; + if (!update) { + return; + } + let status = readStatusFile(getReadyUpdateDir()); + let parts = status.split(":"); + update.state = parts[0]; + if (update.state == STATE_PENDING_ELEVATE) { + LOG("UpdateManager:elevationOptedIn - Setting state to pending."); + // Proceed with the pending update. + // Note: STATE_PENDING_ELEVATE stands for "pending user's approval to + // proceed with an elevated update". As long as we see this state, we will + // notify the user of the availability of an update that requires + // elevation. |elevationOptedIn| (this function) is called when the user + // gives us approval to proceed, so we want to switch to STATE_PENDING. + // The updater then detects whether or not elevation is required and + // displays the elevation prompt if necessary. This last step does not + // depend on the state in the status file. + writeStatusFile(getReadyUpdateDir(), STATE_PENDING); + } else { + LOG("UpdateManager:elevationOptedIn - Not in pending-elevate state."); + } + }, + + /** + * See nsIUpdateService.idl + */ + cleanupDownloadingUpdate: function UM_cleanupDownloadingUpdate() { + LOG( + "UpdateManager:cleanupDownloadingUpdate - cleaning up downloading update." + ); + cleanupDownloadingUpdate(); + }, + + /** + * See nsIUpdateService.idl + */ + cleanupReadyUpdate: function UM_cleanupReadyUpdate() { + LOG("UpdateManager:cleanupReadyUpdate - cleaning up ready update."); + cleanupReadyUpdate(); + }, + + /** + * See nsIUpdateService.idl + */ + doInstallCleanup: async function UM_doInstallCleanup(isUninstall) { + LOG("UpdateManager:doInstallCleanup - cleaning up"); + let completionPromises = []; + + const delete_or_log = path => + IOUtils.remove(path).catch(ex => + console.error(`Failed to delete ${path}`, ex) + ); + + for (const key of [KEY_OLD_UPDROOT, KEY_UPDROOT]) { + const root = Services.dirsvc.get(key, Ci.nsIFile); + + const activeUpdateXml = root.clone(); + activeUpdateXml.append(FILE_ACTIVE_UPDATE_XML); + completionPromises.push(delete_or_log(activeUpdateXml.path)); + + const downloadingMar = root.clone(); + downloadingMar.append(DIR_UPDATES); + downloadingMar.append(DIR_UPDATE_DOWNLOADING); + downloadingMar.append(FILE_UPDATE_MAR); + completionPromises.push(delete_or_log(downloadingMar.path)); + + const readyDir = root.clone(); + readyDir.append(DIR_UPDATES); + readyDir.append(DIR_UPDATE_READY); + const readyMar = readyDir.clone(); + readyMar.append(FILE_UPDATE_MAR); + completionPromises.push(delete_or_log(readyMar.path)); + const readyStatus = readyDir.clone(); + readyStatus.append(FILE_UPDATE_STATUS); + completionPromises.push(delete_or_log(readyStatus.path)); + const versionFile = readyDir.clone(); + versionFile.append(FILE_UPDATE_VERSION); + completionPromises.push(delete_or_log(versionFile.path)); + } + + return Promise.allSettled(completionPromises); + }, + + /** + * See nsIUpdateService.idl + */ + doUninstallCleanup: async function UM_doUninstallCleanup(isUninstall) { + LOG("UpdateManager:doUninstallCleanup - cleaning up."); + let completionPromises = []; + + completionPromises.push( + IOUtils.remove(Services.dirsvc.get(KEY_UPDROOT, Ci.nsIFile).path, { + recursive: true, + }).catch(ex => console.error("Failed to remove update directory", ex)) + ); + completionPromises.push( + IOUtils.remove(Services.dirsvc.get(KEY_OLD_UPDROOT, Ci.nsIFile).path, { + recursive: true, + }).catch(ex => console.error("Failed to remove old update directory", ex)) + ); + + return Promise.allSettled(completionPromises); + }, + + classID: Components.ID("{093C2356-4843-4C65-8709-D7DBCBBE7DFB}"), + QueryInterface: ChromeUtils.generateQI(["nsIUpdateManager", "nsIObserver"]), +}; + +/** + * CheckerService + * Provides an interface for checking for new updates. When more checks are + * made while an equivalent check is already in-progress, they will be coalesced + * into a single update check request. + */ +export class CheckerService { + #nextUpdateCheckId = 1; + + // Most of the update checking data is looked up via a "request key". This + // allows us to lookup the request key for a particular check id, since + // multiple checks can correspond to a single request. + // When a check is cancelled or completed, it will be removed from this + // object. + #requestKeyByCheckId = {}; + + // This object will relate request keys to update check data objects. The + // format of the update check data objects is defined by + // #makeUpdateCheckDataObject, below. + // When an update request is cancelled (by all of the corresponding update + // checks being cancelled) or completed, its key will be removed from this + // object. + #updateCheckData = {}; + + #makeUpdateCheckDataObject(type, promise) { + return { type, promise, request: null }; + } + + /** + * Indicates whether the passed parameter is one of the valid enumerated + * values that indicates a type of update check. + */ + #validUpdateCheckType(checkType) { + return [ + Ci.nsIUpdateChecker.BACKGROUND_CHECK, + Ci.nsIUpdateChecker.FOREGROUND_CHECK, + ].includes(checkType); + } + + #getCanMigrate() { + if (AppConstants.platform != "win") { + return false; + } + + // The first element of the array is whether the build target is 32 or 64 + // bit and the third element of the array is whether the client's Windows OS + // system processor is 32 or 64 bit. + let aryABI = lazy.UpdateUtils.ABI.split("-"); + if (aryABI[0] != "x86" || aryABI[2] != "x64") { + return false; + } + + let wrk = Cc["@mozilla.org/windows-registry-key;1"].createInstance( + Ci.nsIWindowsRegKey + ); + + let regPath = + "SOFTWARE\\Mozilla\\" + Services.appinfo.name + "\\32to64DidMigrate"; + let regValHKCU = lazy.WindowsRegistry.readRegKey( + wrk.ROOT_KEY_CURRENT_USER, + regPath, + "Never", + wrk.WOW64_32 + ); + let regValHKLM = lazy.WindowsRegistry.readRegKey( + wrk.ROOT_KEY_LOCAL_MACHINE, + regPath, + "Never", + wrk.WOW64_32 + ); + // The Never registry key value allows configuring a system to never migrate + // any of the installations. + if (regValHKCU === 1 || regValHKLM === 1) { + LOG( + "CheckerService:#getCanMigrate - all installations should not be " + + "migrated" + ); + return false; + } + + let appBaseDirPath = getAppBaseDir().path; + regValHKCU = lazy.WindowsRegistry.readRegKey( + wrk.ROOT_KEY_CURRENT_USER, + regPath, + appBaseDirPath, + wrk.WOW64_32 + ); + regValHKLM = lazy.WindowsRegistry.readRegKey( + wrk.ROOT_KEY_LOCAL_MACHINE, + regPath, + appBaseDirPath, + wrk.WOW64_32 + ); + // When the registry value is 1 for the installation directory path value + // name then the installation has already been migrated once or the system + // was configured to not migrate that installation. + if (regValHKCU === 1 || regValHKLM === 1) { + LOG( + "CheckerService:#getCanMigrate - this installation should not be " + + "migrated" + ); + return false; + } + + // When the registry value is 0 for the installation directory path value + // name then the installation has updated to Firefox 56 and can be migrated. + if (regValHKCU === 0 || regValHKLM === 0) { + LOG("CheckerService:#getCanMigrate - this installation can be migrated"); + return true; + } + + LOG( + "CheckerService:#getCanMigrate - no registry entries for this " + + "installation" + ); + return false; + } + + /** + * See nsIUpdateService.idl + */ + async getUpdateURL(checkType) { + LOG("CheckerService:getUpdateURL - checkType: " + checkType); + if (!this.#validUpdateCheckType(checkType)) { + LOG("CheckerService:getUpdateURL - Invalid checkType"); + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + let url = Services.appinfo.updateURL; + let updatePin; + + if (Services.policies) { + let policies = Services.policies.getActivePolicies(); + if (policies) { + if ("AppUpdateURL" in policies) { + url = policies.AppUpdateURL.toString(); + } + if ("AppUpdatePin" in policies) { + updatePin = policies.AppUpdatePin; + + // Scalar ID: update.version_pin + AUSTLMY.pingPinPolicy(updatePin); + } + } + } + + if (!url) { + LOG("CheckerService:getUpdateURL - update URL not defined"); + return null; + } + + url = await lazy.UpdateUtils.formatUpdateURL(url); + + if (checkType == Ci.nsIUpdateChecker.FOREGROUND_CHECK) { + url += (url.includes("?") ? "&" : "?") + "force=1"; + } + + if (this.#getCanMigrate()) { + url += (url.includes("?") ? "&" : "?") + "mig64=1"; + } + + if (updatePin) { + url += + (url.includes("?") ? "&" : "?") + + "pin=" + + encodeURIComponent(updatePin); + } + + LOG("CheckerService:getUpdateURL - update URL: " + url); + return url; + } + + /** + * See nsIUpdateService.idl + */ + + checkForUpdates(checkType) { + LOG("CheckerService:checkForUpdates - checkType: " + checkType); + if (!this.#validUpdateCheckType(checkType)) { + LOG("CheckerService:checkForUpdates - Invalid checkType"); + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + let checkId = this.#nextUpdateCheckId; + this.#nextUpdateCheckId += 1; + + // `checkType == FOREGROUND_CHECK`` can override `canCheckForUpdates`. But + // nothing should override enterprise policies. + if (lazy.AUS.disabled) { + LOG("CheckerService:checkForUpdates - disabled by policy"); + return this.#getChecksNotAllowedObject(checkId); + } + if ( + checkType == Ci.nsIUpdateChecker.BACKGROUND_CHECK && + !lazy.AUS.canCheckForUpdates + ) { + LOG("CheckerService:checkForUpdates - !canCheckForUpdates"); + return this.#getChecksNotAllowedObject(checkId); + } + + // We want to combine simultaneous requests, but only ones that are + // equivalent. If, say, one of them uses the force parameter and one + // doesn't, we want those two requests to remain separate. This key will + // allow us to map equivalent requests together. It is also the key that we + // use to lookup the update check data in this.#updateCheckData. + let requestKey = checkType; + + if (requestKey in this.#updateCheckData) { + LOG( + `CheckerService:checkForUpdates - Connecting check id ${checkId} to ` + + `existing check request.` + ); + } else { + LOG( + `CheckerService:checkForUpdates - Making new check request for check ` + + `id ${checkId}.` + ); + this.#updateCheckData[requestKey] = this.#makeUpdateCheckDataObject( + checkType, + this.#updateCheck(checkType, requestKey) + ); + } + + this.#requestKeyByCheckId[checkId] = requestKey; + + return { + id: checkId, + result: this.#updateCheckData[requestKey].promise, + QueryInterface: ChromeUtils.generateQI(["nsIUpdateCheck"]), + }; + } + + #getChecksNotAllowedObject(checkId) { + return { + id: checkId, + result: Promise.resolve( + Object.freeze({ + checksAllowed: false, + succeeded: false, + request: null, + updates: [], + QueryInterface: ChromeUtils.generateQI(["nsIUpdateCheckResult"]), + }) + ), + QueryInterface: ChromeUtils.generateQI(["nsIUpdateCheck"]), + }; + } + + async #updateCheck(checkType, requestKey) { + await waitForOtherInstances(); + + let url; + try { + url = await this.getUpdateURL(checkType); + } catch (ex) {} + + if (!url) { + LOG("CheckerService:#updateCheck - !url"); + return this.#getCheckFailedObject("update_url_not_available"); + } + + let request = new XMLHttpRequest(); + request.open("GET", url, true); + request.channel.notificationCallbacks = new lazy.CertUtils.BadCertHandler( + false + ); + // Prevent the request from reading from the cache. + request.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; + // Prevent the request from writing to the cache. + request.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING; + // Disable cutting edge features, like TLS 1.3, where middleboxes might + // brick us + request.channel.QueryInterface( + Ci.nsIHttpChannelInternal + ).beConservative = true; + + request.overrideMimeType("text/xml"); + // The Cache-Control header is only interpreted by proxies and the + // final destination. It does not help if a resource is already + // cached locally. + request.setRequestHeader("Cache-Control", "no-cache"); + // HTTP/1.0 servers might not implement Cache-Control and + // might only implement Pragma: no-cache + request.setRequestHeader("Pragma", "no-cache"); + + const UPDATE_CHECK_LOAD_SUCCESS = 1; + const UPDATE_CHECK_LOAD_ERROR = 2; + const UPDATE_CHECK_CANCELLED = 3; + + let result = await new Promise(resolve => { + // It's important that nothing potentially asynchronous happens between + // checking if the request has been cancelled and starting the request. + // If an update check cancellation happens before dispatching the request + // and we end up dispatching it anyways, we will never call cancel on the + // request later and the cancellation effectively won't happen. + if (!(requestKey in this.#updateCheckData)) { + LOG( + "CheckerService:#updateCheck - check was cancelled before request " + + "was able to start" + ); + resolve(UPDATE_CHECK_CANCELLED); + return; + } + + let onLoad = event => { + request.removeEventListener("load", onLoad); + LOG("CheckerService:#updateCheck - request got 'load' event"); + resolve(UPDATE_CHECK_LOAD_SUCCESS); + }; + request.addEventListener("load", onLoad); + let onError = event => { + request.removeEventListener("error", onLoad); + LOG("CheckerService:#updateCheck - request got 'error' event"); + resolve(UPDATE_CHECK_LOAD_ERROR); + }; + request.addEventListener("error", onError); + + LOG("CheckerService:#updateCheck - sending request to: " + url); + request.send(null); + this.#updateCheckData[requestKey].request = request; + }); + + // Remove all entries for this request key. This marks the request and the + // associated check ids as no longer in-progress. + delete this.#updateCheckData[requestKey]; + for (const checkId of Object.keys(this.#requestKeyByCheckId)) { + if (this.#requestKeyByCheckId[checkId] == requestKey) { + delete this.#requestKeyByCheckId[checkId]; + } + } + + if (result == UPDATE_CHECK_CANCELLED) { + return this.#getCheckFailedObject(Cr.NS_BINDING_ABORTED); + } + + if (result == UPDATE_CHECK_LOAD_ERROR) { + let status = this.#getChannelStatus(request); + LOG("CheckerService:#updateCheck - Failed. request.status: " + status); + + // Set MitM pref. + try { + let secInfo = request.channel.securityInfo; + if (secInfo.serverCert && secInfo.serverCert.issuerName) { + Services.prefs.setStringPref( + "security.pki.mitm_canary_issuer", + secInfo.serverCert.issuerName + ); + } + } catch (e) { + LOG("CheckerService:#updateCheck - Getting secInfo failed."); + } + + return this.#getCheckFailedObject(status, 404, request); + } + + LOG("CheckerService:#updateCheck - request completed downloading document"); + Services.prefs.clearUserPref("security.pki.mitm_canary_issuer"); + // Check whether there is a mitm, i.e. check whether the root cert is + // built-in or not. + try { + let sslStatus = request.channel.securityInfo; + if (sslStatus && sslStatus.succeededCertChain) { + let rootCert = null; + // The root cert is the last cert in the chain. + if (sslStatus.succeededCertChain.length) { + rootCert = + sslStatus.succeededCertChain[ + sslStatus.succeededCertChain.length - 1 + ]; + } + if (rootCert) { + Services.prefs.setBoolPref( + "security.pki.mitm_detected", + !rootCert.isBuiltInRoot + ); + } + } + } catch (e) { + LOG("CheckerService:#updateCheck - Getting sslStatus failed."); + } + + let updates; + try { + // Analyze the resulting DOM and determine the set of updates. + updates = this.#parseUpdates(request); + } catch (e) { + LOG( + "CheckerService:#updateCheck - there was a problem checking for " + + "updates. Exception: " + + e + ); + let status = this.#getChannelStatus(request); + // If we can't find an error string specific to this status code, + // just use the 200 message from above, which means everything + // "looks" fine but there was probably an XML error or a bogus file. + return this.#getCheckFailedObject(status, 200, request); + } + + LOG( + "CheckerService:#updateCheck - number of updates available: " + + updates.length + ); + + if (Services.prefs.prefHasUserValue(PREF_APP_UPDATE_BACKGROUNDERRORS)) { + Services.prefs.clearUserPref(PREF_APP_UPDATE_BACKGROUNDERRORS); + } + + return Object.freeze({ + checksAllowed: true, + succeeded: true, + request, + updates, + QueryInterface: ChromeUtils.generateQI(["nsIUpdateCheckResult"]), + }); + } + + /** + * @param errorCode + * The error code to include in the return value. If possible, we + * will get the update status text based on this error code. + * @param defaultCode + * Optional. The error code to use to get the status text if there + * isn't status text available for `errorCode`. + * @param request + * The XMLHttpRequest used to check for updates. Or null, if one was + * never constructed. + * @returns An nsIUpdateCheckResult object indicating an error, using the + * error data passed to this function. + */ + #getCheckFailedObject( + errorCode, + defaultCode = Cr.NS_BINDING_FAILED, + request = null + ) { + let update = new Update(null); + update.errorCode = errorCode; + update.statusText = getStatusTextFromCode(errorCode, defaultCode); + + if (errorCode == Cr.NS_ERROR_OFFLINE) { + // We use a separate constant here because nsIUpdate.errorCode is signed + update.errorCode = NETWORK_ERROR_OFFLINE; + } else if (this.#isHttpStatusCode(errorCode)) { + update.errorCode = HTTP_ERROR_OFFSET + errorCode; + } + + return Object.freeze({ + checksAllowed: true, + succeeded: false, + request, + updates: [update], + QueryInterface: ChromeUtils.generateQI(["nsIUpdateCheckResult"]), + }); + } + + /** + * Returns the status code for the XMLHttpRequest + */ + #getChannelStatus(request) { + var status = 0; + try { + status = request.status; + } catch (e) {} + + if (status == 0) { + status = request.channel.QueryInterface(Ci.nsIRequest).status; + } + return status; + } + + #isHttpStatusCode(status) { + return status >= 100 && status <= 599; + } + + /** + * @param request + * The XMLHttpRequest that successfully loaded the update XML. + * @returns An array of 0 or more nsIUpdate objects describing the available + * updates. + * @throws If the XML document element node name is not updates. + */ + #parseUpdates(request) { + let updatesElement = request.responseXML.documentElement; + if (!updatesElement) { + LOG("CheckerService:#parseUpdates - empty updates document?!"); + return []; + } + + if (updatesElement.nodeName != "updates") { + LOG("CheckerService:#parseUpdates - unexpected node name!"); + throw new Error( + "Unexpected node name, expected: updates, got: " + + updatesElement.nodeName + ); + } + + let updates = []; + for (const updateElement of updatesElement.childNodes) { + if ( + updateElement.nodeType != updateElement.ELEMENT_NODE || + updateElement.localName != "update" + ) { + continue; + } + + let update; + try { + update = new Update(updateElement); + } catch (e) { + LOG("CheckerService:#parseUpdates - invalid <update/>, ignoring..."); + continue; + } + update.serviceURL = request.responseURL; + update.channel = lazy.UpdateUtils.UpdateChannel; + updates.push(update); + } + + return updates; + } + + /** + * See nsIUpdateService.idl + */ + stopCheck(checkId) { + if (!(checkId in this.#requestKeyByCheckId)) { + LOG(`CheckerService:stopCheck - Non-existent check id ${checkId}`); + return; + } + LOG(`CheckerService:stopCheck - Cancelling check id ${checkId}`); + let requestKey = this.#requestKeyByCheckId[checkId]; + delete this.#requestKeyByCheckId[checkId]; + if (Object.values(this.#requestKeyByCheckId).includes(requestKey)) { + LOG( + `CheckerService:stopCheck - Not actually cancelling request because ` + + `other check id's depend on it.` + ); + } else { + LOG( + `CheckerService:stopCheck - This is the last check using this ` + + `request. Cancelling the request now.` + ); + let request = this.#updateCheckData[requestKey].request; + delete this.#updateCheckData[requestKey]; + if (request) { + LOG(`CheckerService:stopCheck - Aborting XMLHttpRequest`); + request.abort(); + } else { + LOG( + `CheckerService:stopCheck - Not aborting XMLHttpRequest. It ` + + `doesn't appear to have started yet.` + ); + } + } + } + + /** + * See nsIUpdateService.idl + */ + stopAllChecks() { + LOG("CheckerService:stopAllChecks - stopping all checks."); + for (const checkId of Object.keys(this.#requestKeyByCheckId)) { + this.stopCheck(checkId); + } + } + + classID = Components.ID("{898CDC9B-E43F-422F-9CC4-2F6291B415A3}"); + QueryInterface = ChromeUtils.generateQI(["nsIUpdateChecker"]); +} + +/** + * Manages the download of updates + * @param background + * Whether or not this downloader is operating in background + * update mode. + * @param updateService + * The update service that created this downloader. + * @constructor + */ +function Downloader(updateService) { + LOG("Creating Downloader"); + this.updateService = updateService; +} +Downloader.prototype = { + /** + * The nsIUpdatePatch that we are downloading + */ + _patch: null, + + /** + * The nsIUpdate that we are downloading + */ + _update: null, + + /** + * The nsIRequest object handling the download. + */ + _request: null, + + /** + * Whether or not the update being downloaded is a complete replacement of + * the user's existing installation or a patch representing the difference + * between the new version and the previous version. + */ + isCompleteUpdate: null, + + /** + * We get the nsIRequest from nsIBITS asynchronously. When downloadUpdate has + * been called, but this._request is not yet valid, _pendingRequest will be + * a promise that will resolve when this._request has been set. + */ + _pendingRequest: null, + + /** + * When using BITS, cancel actions happen asynchronously. This variable + * keeps track of any cancel action that is in-progress. + * If the cancel action fails, this will be set back to null so that the + * action can be attempted again. But if the cancel action succeeds, the + * resolved promise will remain stored in this variable to prevent cancel + * from being called twice (which, for BITS, is an error). + */ + _cancelPromise: null, + + /** + * BITS receives progress notifications slowly, unless a user is watching. + * This tracks what frequency notifications are happening at. + * + * This is needed because BITS downloads are started asynchronously. + * Specifically, this is needed to prevent a situation where the download is + * still starting (Downloader._pendingRequest has not resolved) when the first + * observer registers itself. Without this variable, there is no way of + * knowing whether the download was started as Active or Idle and, therefore, + * we don't know if we need to start Active mode when _pendingRequest + * resolves. + */ + _bitsActiveNotifications: false, + + /** + * This is a function that when called will stop the update process from + * waiting for language pack updates. This is for safety to ensure that a + * problem in the add-ons manager doesn't delay updates by much. + */ + _langPackTimeout: null, + + /** + * If gOnlyDownloadUpdatesThisSession is true, we prevent the update process + * from progressing past the downloading stage. If the download finishes, + * pretend that it hasn't in order to keep the current update in the + * "downloading" state. + */ + _pretendingDownloadIsNotDone: false, + + /** + * Cancels the active download. + * + * For a BITS download, this will cancel and remove the download job. For + * an nsIIncrementalDownload, this will stop the download, but leaves the + * data around to allow the transfer to be resumed later. + */ + cancel: async function Downloader_cancel(cancelError) { + LOG("Downloader: cancel"); + if (cancelError === undefined) { + cancelError = Cr.NS_BINDING_ABORTED; + } + if (this.usingBits) { + // If a cancel action is already in progress, just return when that + // promise resolved. Trying to cancel the same request twice is an error. + if (this._cancelPromise) { + await this._cancelPromise; + return; + } + + if (this._pendingRequest) { + await this._pendingRequest; + } + if (this._patch.getProperty("bitsId") != null) { + // Make sure that we don't try to resume this download after it was + // cancelled. + this._patch.deleteProperty("bitsId"); + } + try { + this._cancelPromise = this._request.cancelAsync(cancelError); + await this._cancelPromise; + } catch (e) { + // On success, we will not set the cancel promise to null because + // we want to prevent two cancellations of the same request. But + // retrying after a failed cancel is not an error, so we will set the + // cancel promise to null in the failure case. + this._cancelPromise = null; + throw e; + } + } else if (this._request && this._request instanceof Ci.nsIRequest) { + // Normally, cancelling an nsIIncrementalDownload results in it stopping + // the download but leaving the downloaded data so that we can resume the + // download later. If we've already finished the download, there is no + // transfer to stop. + // Note that this differs from the BITS case. Cancelling a BITS job, even + // when the transfer has completed, results in all data being deleted. + // Therefore, even if the transfer has completed, cancelling a BITS job + // has effects that we must not skip. + if (this._pretendingDownloadIsNotDone) { + LOG( + "Downloader: cancel - Ignoring cancel request of finished download" + ); + } else { + this._request.cancel(cancelError); + } + } + }, + + /** + * Verify the downloaded file. We assume that the download is complete at + * this point. + */ + _verifyDownload: function Downloader__verifyDownload() { + LOG("Downloader:_verifyDownload called"); + if (!this._request) { + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_ERR_VERIFY_NO_REQUEST + ); + return false; + } + + let destination = getDownloadingUpdateDir(); + destination.append(FILE_UPDATE_MAR); + + // Ensure that the file size matches the expected file size. + if (destination.fileSize != this._patch.size) { + LOG("Downloader:_verifyDownload downloaded size != expected size."); + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL + ); + return false; + } + + LOG("Downloader:_verifyDownload downloaded size == expected size."); + return true; + }, + + /** + * Select the patch to use given the current state of updateDir and the given + * set of update patches. + * @param update + * A nsIUpdate object to select a patch from + * @param updateDir + * A nsIFile representing the update directory + * @return A nsIUpdatePatch object to download + */ + _selectPatch: function Downloader__selectPatch(update, updateDir) { + // Given an update to download, we will always try to download the patch + // for a partial update over the patch for a full update. + + // Look to see if any of the patches in the Update object has been + // pre-selected for download, otherwise we must figure out which one + // to select ourselves. + var selectedPatch = update.selectedPatch; + + var state = selectedPatch ? selectedPatch.state : STATE_NONE; + + // If this is a patch that we know about, then select it. If it is a patch + // that we do not know about, then remove it and use our default logic. + var useComplete = false; + if (selectedPatch) { + LOG( + "Downloader:_selectPatch - found existing patch with state: " + state + ); + if (state == STATE_DOWNLOADING) { + LOG("Downloader:_selectPatch - resuming download"); + return selectedPatch; + } + if ( + state == STATE_PENDING || + state == STATE_PENDING_SERVICE || + state == STATE_PENDING_ELEVATE || + state == STATE_APPLIED || + state == STATE_APPLIED_SERVICE + ) { + LOG("Downloader:_selectPatch - already downloaded"); + return null; + } + + // When downloading the patch failed using BITS, there hasn't been an + // attempt to download the patch using the internal application download + // mechanism, and an attempt to stage or apply the patch hasn't failed + // which indicates that a different patch should be downloaded since + // re-downloading the same patch with the internal application download + // mechanism will likely also fail when trying to stage or apply it then + // try to download the same patch using the internal application download + // mechanism. + selectedPatch.QueryInterface(Ci.nsIWritablePropertyBag); + if ( + selectedPatch.getProperty("bitsResult") != null && + selectedPatch.getProperty("internalResult") == null && + !selectedPatch.errorCode + ) { + LOG( + "Downloader:_selectPatch - Falling back to non-BITS download " + + "mechanism for the same patch due to existing BITS result: " + + selectedPatch.getProperty("bitsResult") + ); + return selectedPatch; + } + + if (update && selectedPatch.type == "complete") { + // This is a pretty fatal error. Just bail. + LOG("Downloader:_selectPatch - failed to apply complete patch!"); + cleanupDownloadingUpdate(); + return null; + } + + // Something went wrong when we tried to apply the previous patch. + // Try the complete patch next time. + useComplete = true; + selectedPatch = null; + } + + // If we were not able to discover an update from a previous download, we + // select the best patch from the given set. + var partialPatch = getPatchOfType(update, "partial"); + if (!useComplete) { + selectedPatch = partialPatch; + } + if (!selectedPatch) { + if (lazy.UM.readyUpdate) { + // If we already have a ready update, we download partials only. + LOG( + "Downloader:_selectPatch - not selecting a complete patch because " + + "this is not the first download of the session" + ); + return null; + } + + if (partialPatch) { + partialPatch.selected = false; + } + selectedPatch = getPatchOfType(update, "complete"); + } + + // if update only contains a partial patch, selectedPatch == null here if + // the partial patch has been attempted and fails and we're trying to get a + // complete patch + if (selectedPatch) { + selectedPatch.selected = true; + update.isCompleteUpdate = selectedPatch.type == "complete"; + } + + LOG( + "Downloader:_selectPatch - Patch selected. Assigning update to " + + "downloadingUpdate." + ); + lazy.UM.downloadingUpdate = update; + + return selectedPatch; + }, + + /** + * Whether or not the user wants to be notified that an update is being + * downloaded. + */ + get _notifyDuringDownload() { + return Services.prefs.getBoolPref( + PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD, + false + ); + }, + + _notifyDownloadStatusObservers: + function Downloader_notifyDownloadStatusObservers() { + if (this._notifyDuringDownload) { + let status = this.updateService.isDownloading ? "downloading" : "idle"; + Services.obs.notifyObservers( + this._update, + "update-downloading", + status + ); + } + }, + + /** + * Whether or not we are currently downloading something. + */ + get isBusy() { + return this._request != null || this._pendingRequest != null; + }, + + get usingBits() { + return this._pendingRequest != null || this._request instanceof BitsRequest; + }, + + /** + * Returns true if the specified patch can be downloaded with BITS. + */ + _canUseBits: function Downloader__canUseBits(patch) { + if (getCanUseBits() != "CanUseBits") { + // This will have printed its own logging. No need to print more. + return false; + } + // Regardless of success or failure, don't download the same patch with BITS + // twice. + if (patch.getProperty("bitsResult") != null) { + LOG( + "Downloader:_canUseBits - Not using BITS because it was already tried" + ); + return false; + } + LOG("Downloader:_canUseBits - Patch is able to use BITS download"); + return true; + }, + + /** + * Instruct the add-ons manager to start downloading language pack updates in + * preparation for the current update. + */ + _startLangPackUpdates: function Downloader__startLangPackUpdates() { + if (!Services.prefs.getBoolPref(PREF_APP_UPDATE_LANGPACK_ENABLED, false)) { + return; + } + + // A promise that we can resolve at some point to time out the language pack + // update process. + let timeoutPromise = new Promise(resolve => { + this._langPackTimeout = resolve; + }); + + let update = unwrap(this._update); + + let existing = LangPackUpdates.get(update); + if (existing) { + // We have already started staging lang packs for this update, no need to + // do it again. + return; + } + + // Note that we don't care about success or failure here, either way we will + // continue with the update process. + let langPackPromise = lazy.AddonManager.stageLangpacksForAppUpdate( + update.appVersion, + update.appVersion + ) + .catch(error => { + LOG( + `Add-ons manager threw exception while updating language packs: ${error}` + ); + }) + .finally(() => { + this._langPackTimeout = null; + + if (TelemetryStopwatch.running("UPDATE_LANGPACK_OVERTIME", update)) { + TelemetryStopwatch.finish("UPDATE_LANGPACK_OVERTIME", update); + } + }); + + LangPackUpdates.set( + update, + Promise.race([langPackPromise, timeoutPromise]) + ); + }, + + /** + * Download and stage the given update. + * @param update + * A nsIUpdate object to download a patch for. Cannot be null. + */ + downloadUpdate: async function Downloader_downloadUpdate(update) { + LOG("UpdateService:downloadUpdate"); + if (!update) { + AUSTLMY.pingDownloadCode(undefined, AUSTLMY.DWNLD_ERR_NO_UPDATE); + throw Components.Exception("", Cr.NS_ERROR_NULL_POINTER); + } + + var updateDir = getDownloadingUpdateDir(); + + this._update = update; + + // This function may return null, which indicates that there are no patches + // to download. + this._patch = this._selectPatch(update, updateDir); + if (!this._patch) { + LOG("Downloader:downloadUpdate - no patch to download"); + AUSTLMY.pingDownloadCode(undefined, AUSTLMY.DWNLD_ERR_NO_UPDATE_PATCH); + return false; + } + // The update and the patch implement nsIWritablePropertyBag. Expose that + // interface immediately after a patch is assigned so that + // this.(_patch|_update).(get|set)Property can always safely be called. + this._update.QueryInterface(Ci.nsIWritablePropertyBag); + this._patch.QueryInterface(Ci.nsIWritablePropertyBag); + + if ( + this._update.getProperty("disableBackgroundUpdates") != null && + lazy.gIsBackgroundTaskMode + ) { + LOG( + "Downloader:downloadUpdate - Background update disabled by update " + + "advertisement" + ); + return false; + } + + this.isCompleteUpdate = this._patch.type == "complete"; + + let canUseBits = false; + // Allow the advertised update to disable BITS. + if (this._update.getProperty("disableBITS") != null) { + LOG( + "Downloader:downloadUpdate - BITS downloads disabled by update " + + "advertisement" + ); + } else { + canUseBits = this._canUseBits(this._patch); + } + + if (!canUseBits) { + this._pendingRequest = null; + + let patchFile = updateDir.clone(); + patchFile.append(FILE_UPDATE_MAR); + + if (lazy.gIsBackgroundTaskMode) { + // We don't normally run a background update if we can't use BITS, but + // this branch is possible because we do fall back from BITS failures by + // attempting an internal download. + // If this happens, we are just going to need to wait for interactive + // Firefox to download the update. We don't, however, want to be in the + // "downloading" state when interactive Firefox runs because we want to + // download the newest update available which, at that point, may not be + // the one that we are currently trying to download. + // However, we can't just unconditionally clobber the current update + // because interactive Firefox might already be part way through an + // internal update download, and we definitely don't want to interrupt + // that. + let readyUpdateDir = getReadyUpdateDir(); + let status = readStatusFile(readyUpdateDir); + // nsIIncrementalDownload doesn't use an intermediate download location + // for partially downloaded files. If we have started an update + // download with it, it will be available at its ultimate location. + if (!(status == STATE_DOWNLOADING && patchFile.exists())) { + LOG( + "Downloader:downloadUpdate - Can't download with internal " + + "downloader from a background task. Cleaning up downloading " + + "update." + ); + cleanupDownloadingUpdate(); + } + return false; + } + + // The interval is 0 since there is no need to throttle downloads. + let interval = 0; + + LOG( + "Downloader:downloadUpdate - Starting nsIIncrementalDownload with " + + "url: " + + this._patch.URL + + ", path: " + + patchFile.path + + ", interval: " + + interval + ); + let uri = Services.io.newURI(this._patch.URL); + + this._request = Cc[ + "@mozilla.org/network/incremental-download;1" + ].createInstance(Ci.nsIIncrementalDownload); + this._request.init(uri, patchFile, DOWNLOAD_CHUNK_SIZE, interval); + this._request.start(this, null); + } else { + let noProgressTimeout = BITS_IDLE_NO_PROGRESS_TIMEOUT_SECS; + let monitorInterval = BITS_IDLE_POLL_RATE_MS; + this._bitsActiveNotifications = false; + // The monitor's timeout should be much greater than the longest monitor + // poll interval. If the timeout is too short, delay in the pipe to the + // update agent might cause BITS to falsely report an error, causing an + // unnecessary fallback to nsIIncrementalDownload. + let monitorTimeout = Math.max(10 * monitorInterval, 10 * 60 * 1000); + if (this.hasDownloadListeners) { + noProgressTimeout = BITS_ACTIVE_NO_PROGRESS_TIMEOUT_SECS; + monitorInterval = BITS_ACTIVE_POLL_RATE_MS; + this._bitsActiveNotifications = true; + } + + let updateRootDir = FileUtils.getDir(KEY_UPDROOT, [], true); + let jobName = "MozillaUpdate " + updateRootDir.leafName; + let updatePath = updateDir.path; + if (!Bits.initialized) { + Bits.init(jobName, updatePath, monitorTimeout); + } + + this._cancelPromise = null; + + let bitsId = this._patch.getProperty("bitsId"); + if (bitsId) { + LOG( + "Downloader:downloadUpdate - Connecting to in-progress download. " + + "BITS ID: " + + bitsId + ); + + this._pendingRequest = Bits.monitorDownload( + bitsId, + monitorInterval, + this, + null + ); + } else { + LOG( + "Downloader:downloadUpdate - Starting BITS download with url: " + + this._patch.URL + + ", updateDir: " + + updatePath + + ", filename: " + + FILE_UPDATE_MAR + ); + + this._pendingRequest = Bits.startDownload( + this._patch.URL, + FILE_UPDATE_MAR, + Ci.nsIBits.PROXY_PRECONFIG, + noProgressTimeout, + monitorInterval, + this, + null + ); + } + let request; + try { + request = await this._pendingRequest; + } catch (error) { + if ( + (error.type == Ci.nsIBits.ERROR_TYPE_FAILED_TO_GET_BITS_JOB || + error.type == Ci.nsIBits.ERROR_TYPE_FAILED_TO_CONNECT_TO_BCM) && + error.action == Ci.nsIBits.ERROR_ACTION_MONITOR_DOWNLOAD && + error.stage == Ci.nsIBits.ERROR_STAGE_BITS_CLIENT && + error.codeType == Ci.nsIBits.ERROR_CODE_TYPE_HRESULT && + error.code == HRESULT_E_ACCESSDENIED + ) { + LOG( + "Downloader:downloadUpdate - Failed to connect to existing " + + "BITS job. It is likely owned by another user." + ); + // This isn't really a failure code since the BITS job may be working + // just fine on another account, so convert this to a code that + // indicates that. This will make it easier to identify in telemetry. + error.type = Ci.nsIBits.ERROR_TYPE_ACCESS_DENIED_EXPECTED; + error.codeType = Ci.nsIBits.ERROR_CODE_TYPE_NONE; + error.code = null; + // When we detect this situation, disable BITS until Firefox shuts + // down. There are a couple of reasons for this. First, without any + // kind of flag, we enter an infinite loop here where we keep trying + // BITS over and over again (normally setting bitsResult prevents + // this, but we don't know the result of the BITS job, so we don't + // want to set that). Second, since we are trying to update, this + // process must have the update mutex. We don't ever give up the + // update mutex, so even if the other user starts Firefox, they will + // not complete the BITS job while this Firefox instance is around. + gBITSInUseByAnotherUser = true; + } else { + this._patch.setProperty("bitsResult", Cr.NS_ERROR_FAILURE); + lazy.UM.saveUpdates(); + + LOG( + "Downloader:downloadUpdate - Failed to start to BITS job. " + + "Error: " + + error + ); + } + + this._pendingRequest = null; + + AUSTLMY.pingBitsError(this.isCompleteUpdate, error); + + // Try download again with nsIIncrementalDownload + return this.downloadUpdate(this._update); + } + + this._request = request; + this._patch.setProperty("bitsId", request.bitsId); + + LOG( + "Downloader:downloadUpdate - BITS download running. BITS ID: " + + request.bitsId + ); + + if (this.hasDownloadListeners) { + this._maybeStartActiveNotifications(); + } else { + this._maybeStopActiveNotifications(); + } + + lazy.UM.saveUpdates(); + this._pendingRequest = null; + } + + if (!lazy.UM.readyUpdate) { + LOG("Downloader:downloadUpdate - Setting status to downloading"); + writeStatusFile(getReadyUpdateDir(), STATE_DOWNLOADING); + } + if (this._patch.state != STATE_DOWNLOADING) { + LOG("Downloader:downloadUpdate - Setting state to downloading"); + this._patch.state = STATE_DOWNLOADING; + lazy.UM.saveUpdates(); + } + + // If we are downloading a second update, we don't change the state until + // STATE_SWAP. + if (lazy.AUS.currentState == Ci.nsIApplicationUpdateService.STATE_PENDING) { + LOG( + "Downloader:downloadUpdate - not setting state because download is " + + "already pending." + ); + } else { + LOG( + "Downloader:downloadUpdate - setting currentState to STATE_DOWNLOADING" + ); + transitionState(Ci.nsIApplicationUpdateService.STATE_DOWNLOADING); + } + + this._startLangPackUpdates(); + + this._notifyDownloadStatusObservers(); + + return true; + }, + + /** + * This is run when a download listener is added. + */ + onDownloadListenerAdded: function Downloader_onDownloadListenerAdded() { + // Increase the status update frequency when someone starts listening + this._maybeStartActiveNotifications(); + }, + + /** + * This is run when a download listener is removed. + */ + onDownloadListenerRemoved: function Downloader_onDownloadListenerRemoved() { + // Decrease the status update frequency when no one is listening + if (!this.hasDownloadListeners) { + this._maybeStopActiveNotifications(); + } + }, + + get hasDownloadListeners() { + return this.updateService.hasDownloadListeners; + }, + + /** + * This speeds up BITS progress notifications in response to a user watching + * the notifications. + */ + _maybeStartActiveNotifications: + async function Downloader__maybeStartActiveNotifications() { + if ( + this.usingBits && + !this._bitsActiveNotifications && + this.hasDownloadListeners && + this._request + ) { + LOG( + "Downloader:_maybeStartActiveNotifications - Starting active " + + "notifications" + ); + this._bitsActiveNotifications = true; + await Promise.all([ + this._request + .setNoProgressTimeout(BITS_ACTIVE_NO_PROGRESS_TIMEOUT_SECS) + .catch(error => { + LOG( + "Downloader:_maybeStartActiveNotifications - Failed to set " + + "no progress timeout. Error: " + + error + ); + }), + this._request + .changeMonitorInterval(BITS_ACTIVE_POLL_RATE_MS) + .catch(error => { + LOG( + "Downloader:_maybeStartActiveNotifications - Failed to increase " + + "status update frequency. Error: " + + error + ); + }), + ]); + } + }, + + /** + * This slows down BITS progress notifications in response to a user no longer + * watching the notifications. + */ + _maybeStopActiveNotifications: + async function Downloader__maybeStopActiveNotifications() { + if ( + this.usingBits && + this._bitsActiveNotifications && + !this.hasDownloadListeners && + this._request + ) { + LOG( + "Downloader:_maybeStopActiveNotifications - Stopping active " + + "notifications" + ); + this._bitsActiveNotifications = false; + await Promise.all([ + this._request + .setNoProgressTimeout(BITS_IDLE_NO_PROGRESS_TIMEOUT_SECS) + .catch(error => { + LOG( + "Downloader:_maybeStopActiveNotifications - Failed to set " + + "no progress timeout: " + + error + ); + }), + this._request + .changeMonitorInterval(BITS_IDLE_POLL_RATE_MS) + .catch(error => { + LOG( + "Downloader:_maybeStopActiveNotifications - Failed to decrease " + + "status update frequency: " + + error + ); + }), + ]); + } + }, + + /** + * When the async request begins + * @param request + * The nsIRequest object for the transfer + */ + onStartRequest: function Downloader_onStartRequest(request) { + if (this.usingBits) { + LOG("Downloader:onStartRequest"); + } else { + LOG( + "Downloader:onStartRequest - original URI spec: " + + request.URI.spec + + ", final URI spec: " + + request.finalURI.spec + ); + // Set finalURL in onStartRequest if it is different. + if (this._patch.finalURL != request.finalURI.spec) { + this._patch.finalURL = request.finalURI.spec; + lazy.UM.saveUpdates(); + } + } + + this.updateService.forEachDownloadListener(listener => { + listener.onStartRequest(request); + }); + }, + + /** + * When new data has been downloaded + * @param request + * The nsIRequest object for the transfer + * @param progress + * The current number of bytes transferred + * @param maxProgress + * The total number of bytes that must be transferred + */ + onProgress: function Downloader_onProgress(request, progress, maxProgress) { + LOG("Downloader:onProgress - progress: " + progress + "/" + maxProgress); + + if (progress > this._patch.size) { + LOG( + "Downloader:onProgress - progress: " + + progress + + " is higher than patch size: " + + this._patch.size + ); + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER + ); + this.cancel(Cr.NS_ERROR_UNEXPECTED); + return; + } + + // Wait until the transfer has started (progress > 0) to verify maxProgress + // so that we don't check it before it is available (in which case, -1 would + // have been passed). + if (progress > 0 && maxProgress != this._patch.size) { + LOG( + "Downloader:onProgress - maxProgress: " + + maxProgress + + " is not equal to expected patch size: " + + this._patch.size + ); + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL + ); + this.cancel(Cr.NS_ERROR_UNEXPECTED); + return; + } + + this.updateService.forEachDownloadListener(listener => { + if (listener instanceof Ci.nsIProgressEventSink) { + listener.onProgress(request, progress, maxProgress); + } + }); + this.updateService._consecutiveSocketErrors = 0; + }, + + /** + * When we have new status text + * @param request + * The nsIRequest object for the transfer + * @param status + * A status code + * @param statusText + * Human readable version of |status| + */ + onStatus: function Downloader_onStatus(request, status, statusText) { + LOG( + "Downloader:onStatus - status: " + status + ", statusText: " + statusText + ); + + this.updateService.forEachDownloadListener(listener => { + if (listener instanceof Ci.nsIProgressEventSink) { + listener.onStatus(request, status, statusText); + } + }); + }, + + /** + * When data transfer ceases + * @param request + * The nsIRequest object for the transfer + * @param status + * Status code containing the reason for the cessation. + */ + /* eslint-disable-next-line complexity */ + onStopRequest: async function Downloader_onStopRequest(request, status) { + if (gOnlyDownloadUpdatesThisSession) { + LOG( + "Downloader:onStopRequest - End of update download detected and " + + "ignored because we are restricted to update downloads this " + + "session. We will continue with this update next session." + ); + // In order to keep the update from progressing past the downloading + // stage, we will pretend that the download is still going. + // A lot of this work is done for us by just not setting this._request to + // null, which usually signals that the transfer has completed. + this._pretendingDownloadIsNotDone = true; + // This notification is currently used only for testing. + Services.obs.notifyObservers(null, "update-download-restriction-hit"); + return; + } + + if (!this.usingBits) { + LOG( + "Downloader:onStopRequest - downloader: nsIIncrementalDownload, " + + "original URI spec: " + + request.URI.spec + + ", final URI spec: " + + request.finalURI.spec + + ", status: " + + status + ); + } else { + LOG("Downloader:onStopRequest - downloader: BITS, status: " + status); + } + + let bitsCompletionError; + if (this.usingBits) { + if (Components.isSuccessCode(status)) { + try { + await request.complete(); + } catch (e) { + LOG( + "Downloader:onStopRequest - Unable to complete BITS download: " + e + ); + status = Cr.NS_ERROR_FAILURE; + bitsCompletionError = e; + } + } else { + // BITS jobs that failed to complete should still have cancel called on + // them to remove the job. + try { + await this.cancel(); + } catch (e) { + // This will fail if the job stopped because it was cancelled. + // Even if this is a "real" error, there isn't really anything to do + // about it, and it's not really a big problem. It just means that the + // BITS job will stay around until it is removed automatically + // (default of 90 days). + } + } + } + + var state = this._patch.state; + var shouldShowPrompt = false; + var shouldRegisterOnlineObserver = false; + var shouldRetrySoon = false; + var deleteActiveUpdate = false; + let migratedToReadyUpdate = false; + let nonDownloadFailure = false; + var retryTimeout = Services.prefs.getIntPref( + PREF_APP_UPDATE_SOCKET_RETRYTIMEOUT, + DEFAULT_SOCKET_RETRYTIMEOUT + ); + // Prevent the preference from setting a value greater than 10000. + retryTimeout = Math.min(retryTimeout, 10000); + var maxFail = Services.prefs.getIntPref( + PREF_APP_UPDATE_SOCKET_MAXERRORS, + DEFAULT_SOCKET_MAX_ERRORS + ); + // Prevent the preference from setting a value greater than 20. + maxFail = Math.min(maxFail, 20); + LOG( + "Downloader:onStopRequest - status: " + + status + + ", " + + "current fail: " + + this.updateService._consecutiveSocketErrors + + ", " + + "max fail: " + + maxFail + + ", " + + "retryTimeout: " + + retryTimeout + ); + if (Components.isSuccessCode(status)) { + if (this._verifyDownload()) { + AUSTLMY.pingDownloadCode(this.isCompleteUpdate, AUSTLMY.DWNLD_SUCCESS); + + LOG( + "Downloader:onStopRequest - Clearing readyUpdate in preparation of " + + "moving downloadingUpdate into readyUpdate." + ); + + // Clear out any old update before we notify anyone about the new one. + // It will be invalid in a moment anyways when we call + // `cleanUpReadyUpdateDir()`. + lazy.UM.readyUpdate = null; + + // We're about to clobber the ready update so we can replace it with the + // downloading update that just finished. We need to let observers know + // about this. + if ( + lazy.AUS.currentState == Ci.nsIApplicationUpdateService.STATE_PENDING + ) { + transitionState(Ci.nsIApplicationUpdateService.STATE_SWAP); + } + Services.obs.notifyObservers(this._update, "update-swap"); + + // Swap the downloading update into the ready update directory. + cleanUpReadyUpdateDir(); + let downloadedMar = getDownloadingUpdateDir(); + downloadedMar.append(FILE_UPDATE_MAR); + let readyDir = getReadyUpdateDir(); + try { + downloadedMar.moveTo(readyDir, FILE_UPDATE_MAR); + migratedToReadyUpdate = true; + } catch (e) { + migratedToReadyUpdate = false; + } + + if (migratedToReadyUpdate) { + AUSTLMY.pingMoveResult(AUSTLMY.MOVE_RESULT_SUCCESS); + state = getBestPendingState(); + shouldShowPrompt = !getCanStageUpdates(); + + // Tell the updater.exe we're ready to apply. + LOG( + `Downloader:onStopRequest - Ready to apply. Setting state to ` + + `"${state}".` + ); + writeStatusFile(getReadyUpdateDir(), state); + writeVersionFile(getReadyUpdateDir(), this._update.appVersion); + this._update.installDate = new Date().getTime(); + this._update.statusText = + lazy.gUpdateBundle.GetStringFromName("installPending"); + Services.prefs.setIntPref(PREF_APP_UPDATE_DOWNLOAD_ATTEMPTS, 0); + } else { + LOG( + "Downloader:onStopRequest - failed to move the downloading " + + "update to the ready update directory." + ); + AUSTLMY.pingMoveResult(AUSTLMY.MOVE_RESULT_UNKNOWN_FAILURE); + + state = STATE_DOWNLOAD_FAILED; + status = Cr.NS_ERROR_FILE_COPY_OR_MOVE_FAILED; + + const mfCode = "move_failed"; + let message = getStatusTextFromCode(mfCode, mfCode); + this._update.statusText = message; + + nonDownloadFailure = true; + deleteActiveUpdate = true; + + cleanUpDownloadingUpdateDir(); + } + } else { + LOG("Downloader:onStopRequest - download verification failed"); + state = STATE_DOWNLOAD_FAILED; + status = Cr.NS_ERROR_CORRUPTED_CONTENT; + + // Yes, this code is a string. + const vfCode = "verification_failed"; + var message = getStatusTextFromCode(vfCode, vfCode); + this._update.statusText = message; + + if (this._update.isCompleteUpdate || this._update.patchCount != 2) { + LOG("Downloader:onStopRequest - No alternative patch to try"); + deleteActiveUpdate = true; + } + + // Destroy the updates directory, since we're done with it. + cleanUpDownloadingUpdateDir(); + } + } else if (status == Cr.NS_ERROR_OFFLINE) { + // Register an online observer to try again. + // The online observer will continue the incremental download by + // calling downloadUpdate on the active update which continues + // downloading the file from where it was. + LOG("Downloader:onStopRequest - offline, register online observer: true"); + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_RETRY_OFFLINE + ); + shouldRegisterOnlineObserver = true; + deleteActiveUpdate = false; + + // Each of NS_ERROR_NET_TIMEOUT, ERROR_CONNECTION_REFUSED, + // NS_ERROR_NET_RESET and NS_ERROR_DOCUMENT_NOT_CACHED can be returned + // when disconnecting the internet while a download of a MAR is in + // progress. There may be others but I have not encountered them during + // testing. + } else if ( + (status == Cr.NS_ERROR_NET_TIMEOUT || + status == Cr.NS_ERROR_CONNECTION_REFUSED || + status == Cr.NS_ERROR_NET_RESET || + status == Cr.NS_ERROR_DOCUMENT_NOT_CACHED) && + this.updateService._consecutiveSocketErrors < maxFail + ) { + LOG("Downloader:onStopRequest - socket error, shouldRetrySoon: true"); + let dwnldCode = AUSTLMY.DWNLD_RETRY_CONNECTION_REFUSED; + if (status == Cr.NS_ERROR_NET_TIMEOUT) { + dwnldCode = AUSTLMY.DWNLD_RETRY_NET_TIMEOUT; + } else if (status == Cr.NS_ERROR_NET_RESET) { + dwnldCode = AUSTLMY.DWNLD_RETRY_NET_RESET; + } else if (status == Cr.NS_ERROR_DOCUMENT_NOT_CACHED) { + dwnldCode = AUSTLMY.DWNLD_ERR_DOCUMENT_NOT_CACHED; + } + AUSTLMY.pingDownloadCode(this.isCompleteUpdate, dwnldCode); + shouldRetrySoon = true; + deleteActiveUpdate = false; + } else if (status != Cr.NS_BINDING_ABORTED && status != Cr.NS_ERROR_ABORT) { + if ( + status == Cr.NS_ERROR_FILE_ACCESS_DENIED || + status == Cr.NS_ERROR_FILE_READ_ONLY + ) { + LOG("Downloader:onStopRequest - permission error"); + nonDownloadFailure = true; + } else { + LOG("Downloader:onStopRequest - non-verification failure"); + } + + let dwnldCode = AUSTLMY.DWNLD_ERR_BINDING_ABORTED; + if (status == Cr.NS_ERROR_ABORT) { + dwnldCode = AUSTLMY.DWNLD_ERR_ABORT; + } + AUSTLMY.pingDownloadCode(this.isCompleteUpdate, dwnldCode); + + // Some sort of other failure, log this in the |statusText| property + state = STATE_DOWNLOAD_FAILED; + + // XXXben - if |request| (The Incremental Download) provided a means + // for accessing the http channel we could do more here. + + this._update.statusText = getStatusTextFromCode( + status, + Cr.NS_BINDING_FAILED + ); + + // Destroy the updates directory, since we're done with it. + cleanUpDownloadingUpdateDir(); + + deleteActiveUpdate = true; + } + if (!this.usingBits) { + LOG(`Downloader:onStopRequest - Setting internalResult to ${status}`); + this._patch.setProperty("internalResult", status); + } else { + LOG(`Downloader:onStopRequest - Setting bitsResult to ${status}`); + this._patch.setProperty("bitsResult", status); + + // If we failed when using BITS, we want to override the retry decision + // since we need to retry with nsIncrementalDownload before we give up. + // However, if the download was cancelled, don't retry. If the transfer + // was cancelled, we don't want it to restart on its own. + if ( + !Components.isSuccessCode(status) && + status != Cr.NS_BINDING_ABORTED && + status != Cr.NS_ERROR_ABORT + ) { + deleteActiveUpdate = false; + shouldRetrySoon = true; + } + + // Send BITS Telemetry + if (Components.isSuccessCode(status)) { + AUSTLMY.pingBitsSuccess(this.isCompleteUpdate); + } else { + let error; + if (bitsCompletionError) { + error = bitsCompletionError; + } else if (status == Cr.NS_ERROR_CORRUPTED_CONTENT) { + error = new BitsVerificationError(); + } else { + error = request.transferError; + if (!error) { + error = new BitsUnknownError(); + } + } + AUSTLMY.pingBitsError(this.isCompleteUpdate, error); + } + } + + LOG("Downloader:onStopRequest - setting state to: " + state); + if (this._patch.state != state) { + this._patch.state = state; + } + if (deleteActiveUpdate) { + LOG("Downloader:onStopRequest - Clearing downloadingUpdate."); + this._update.installDate = new Date().getTime(); + lazy.UM.addUpdateToHistory(lazy.UM.downloadingUpdate); + lazy.UM.downloadingUpdate = null; + } else if ( + lazy.UM.downloadingUpdate && + lazy.UM.downloadingUpdate.state != state + ) { + lazy.UM.downloadingUpdate.state = state; + } + if (migratedToReadyUpdate) { + LOG( + "Downloader:onStopRequest - Moving downloadingUpdate into readyUpdate" + ); + lazy.UM.readyUpdate = lazy.UM.downloadingUpdate; + lazy.UM.downloadingUpdate = null; + } + lazy.UM.saveUpdates(); + + // Only notify listeners about the stopped state if we + // aren't handling an internal retry. + if (!shouldRetrySoon && !shouldRegisterOnlineObserver) { + this.updateService.forEachDownloadListener(listener => { + listener.onStopRequest(request, status); + }); + } + + this._request = null; + + // This notification must happen after _request is set to null so that + // the correct this.updateService.isDownloading value is available in + // _notifyDownloadStatusObservers(). + this._notifyDownloadStatusObservers(); + + if (state == STATE_DOWNLOAD_FAILED) { + var allFailed = true; + // Don't bother retrying the download if we got an error that isn't + // download related. + if (!nonDownloadFailure) { + // If we haven't already, attempt to download without BITS + if (request instanceof BitsRequest) { + LOG( + "Downloader:onStopRequest - BITS download failed. Falling back " + + "to nsIIncrementalDownload" + ); + let success = await this.downloadUpdate(this._update); + if (!success) { + LOG( + "Downloader:onStopRequest - Failed to fall back to " + + "nsIIncrementalDownload. Cleaning up downloading update." + ); + cleanupDownloadingUpdate(); + } else { + allFailed = false; + } + } + + // Check if there is a complete update patch that can be downloaded. + if ( + allFailed && + !this._update.isCompleteUpdate && + this._update.patchCount == 2 + ) { + LOG( + "Downloader:onStopRequest - verification of patch failed, " + + "downloading complete update patch" + ); + this._update.isCompleteUpdate = true; + let success = await this.downloadUpdate(this._update); + + if (!success) { + LOG( + "Downloader:onStopRequest - Failed to fall back to complete " + + "patch. Cleaning up downloading update." + ); + cleanupDownloadingUpdate(); + } else { + allFailed = false; + } + } + } + + if (allFailed) { + let downloadAttempts = Services.prefs.getIntPref( + PREF_APP_UPDATE_DOWNLOAD_ATTEMPTS, + 0 + ); + downloadAttempts++; + Services.prefs.setIntPref( + PREF_APP_UPDATE_DOWNLOAD_ATTEMPTS, + downloadAttempts + ); + let maxAttempts = Math.min( + Services.prefs.getIntPref(PREF_APP_UPDATE_DOWNLOAD_MAXATTEMPTS, 2), + 10 + ); + + transitionState(Ci.nsIApplicationUpdateService.STATE_IDLE); + + if (downloadAttempts > maxAttempts) { + LOG( + "Downloader:onStopRequest - notifying observers of error. " + + "topic: update-error, status: download-attempts-exceeded, " + + "downloadAttempts: " + + downloadAttempts + + " " + + "maxAttempts: " + + maxAttempts + ); + Services.obs.notifyObservers( + this._update, + "update-error", + "download-attempts-exceeded" + ); + } else { + this._update.selectedPatch.selected = false; + LOG( + "Downloader:onStopRequest - notifying observers of error. " + + "topic: update-error, status: download-attempt-failed" + ); + Services.obs.notifyObservers( + this._update, + "update-error", + "download-attempt-failed" + ); + } + // We don't care about language pack updates now. + this._langPackTimeout = null; + LangPackUpdates.delete(unwrap(this._update)); + + // Prevent leaking the update object (bug 454964). + this._update = null; + + // allFailed indicates that we didn't (successfully) call downloadUpdate + // to try to download a different MAR. In this case, this Downloader + // is no longer being used. + this.updateService._downloader = null; + } + // A complete download has been initiated or the failure was handled. + return; + } + + // If the download has succeeded or failed, we are done with this Downloader + // object. However, in some cases (ex: network disconnection), we will + // attempt to resume using this same Downloader. + if (state != STATE_DOWNLOADING) { + this.updateService._downloader = null; + } + + if ( + state == STATE_PENDING || + state == STATE_PENDING_SERVICE || + state == STATE_PENDING_ELEVATE + ) { + if (getCanStageUpdates()) { + LOG( + "Downloader:onStopRequest - attempting to stage update: " + + this._update.name + ); + // Stage the update + let stagingStarted = true; + try { + Cc["@mozilla.org/updates/update-processor;1"] + .createInstance(Ci.nsIUpdateProcessor) + .processUpdate(); + } catch (e) { + LOG( + "Downloader:onStopRequest - failed to stage update. Exception: " + e + ); + stagingStarted = false; + } + if (stagingStarted) { + transitionState(Ci.nsIApplicationUpdateService.STATE_STAGING); + } else { + // Fail gracefully in case the application does not support the update + // processor service. + shouldShowPrompt = true; + } + } + } + + // If we're still waiting on language pack updates then run a timer to time + // out the attempt after an appropriate amount of time. + if (this._langPackTimeout) { + // Start a timer to measure how much longer it takes for the language + // packs to stage. + TelemetryStopwatch.start( + "UPDATE_LANGPACK_OVERTIME", + unwrap(this._update), + { inSeconds: true } + ); + + lazy.setTimeout( + this._langPackTimeout, + Services.prefs.getIntPref( + PREF_APP_UPDATE_LANGPACK_TIMEOUT, + LANGPACK_UPDATE_DEFAULT_TIMEOUT + ) + ); + } + + // Do this after *everything* else, since it will likely cause the app + // to shut down. + if (shouldShowPrompt) { + // Wait for language packs to stage before showing any prompt to restart. + let update = this._update; + promiseLangPacksUpdated(update).then(() => { + LOG( + "Downloader:onStopRequest - Notifying observers that " + + "an update was downloaded. topic: update-downloaded, status: " + + update.state + ); + transitionState(Ci.nsIApplicationUpdateService.STATE_PENDING); + Services.obs.notifyObservers(update, "update-downloaded", update.state); + }); + } + + if (shouldRegisterOnlineObserver) { + LOG("Downloader:onStopRequest - Registering online observer"); + this.updateService._registerOnlineObserver(); + } else if (shouldRetrySoon) { + LOG("Downloader:onStopRequest - Retrying soon"); + this.updateService._consecutiveSocketErrors++; + if (this.updateService._retryTimer) { + this.updateService._retryTimer.cancel(); + } + this.updateService._retryTimer = Cc[ + "@mozilla.org/timer;1" + ].createInstance(Ci.nsITimer); + this.updateService._retryTimer.initWithCallback( + async () => { + await this.updateService._attemptResume(); + }, + retryTimeout, + Ci.nsITimer.TYPE_ONE_SHOT + ); + } else { + // Prevent leaking the update object (bug 454964) + this._update = null; + } + }, + + /** + * This function should be called when shutting down so that resources get + * freed properly. + */ + cleanup: async function Downloader_cleanup() { + if (this.usingBits) { + if (this._pendingRequest) { + await this._pendingRequest; + } + this._request.shutdown(); + } + }, + + /** + * See nsIInterfaceRequestor.idl + */ + getInterface: function Downloader_getInterface(iid) { + // The network request may require proxy authentication, so provide the + // default nsIAuthPrompt if requested. + if (iid.equals(Ci.nsIAuthPrompt)) { + var prompt = + Cc["@mozilla.org/network/default-auth-prompt;1"].createInstance(); + return prompt.QueryInterface(iid); + } + throw Components.Exception("", Cr.NS_NOINTERFACE); + }, + + QueryInterface: ChromeUtils.generateQI([ + "nsIRequestObserver", + "nsIProgressEventSink", + "nsIInterfaceRequestor", + ]), +}; + +// On macOS, all browser windows can be closed without Firefox exiting. If it +// is left in this state for a while and an update is pending, we should restart +// Firefox on our own to apply the update. This class will do that +// automatically. +class RestartOnLastWindowClosed { + #enabled = false; + #hasShutdown = false; + + #restartTimer = null; + #restartTimerExpired = false; + + constructor() { + this.#maybeEnableOrDisable(); + + Services.prefs.addObserver( + PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_ENABLED, + this + ); + Services.obs.addObserver(this, "quit-application"); + } + + shutdown() { + LOG("RestartOnLastWindowClosed.shutdown - Shutting down"); + this.#hasShutdown = true; + + Services.prefs.removeObserver( + PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_ENABLED, + this + ); + Services.obs.removeObserver(this, "quit-application"); + + this.#maybeEnableOrDisable(); + } + + get shouldEnable() { + if (AppConstants.platform != "macosx") { + return false; + } + if (this.#hasShutdown) { + return false; + } + return Services.prefs.getBoolPref( + PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_ENABLED, + false + ); + } + + get enabled() { + return this.#enabled; + } + + observe(subject, topic, data) { + switch (topic) { + case "nsPref:changed": + if (data == PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_ENABLED) { + this.#maybeEnableOrDisable(); + } + break; + case "quit-application": + this.shutdown(); + break; + case "domwindowclosed": + this.#onWindowClose(); + break; + case "domwindowopened": + this.#onWindowOpen(); + break; + case "update-downloaded": + case "update-staged": + this.#onUpdateReady(data); + break; + } + } + + // Returns true if any windows are open. Otherwise, false. + #windowsAreOpen() { + // eslint-disable-next-line no-unused-vars + for (const win of Services.wm.getEnumerator(null)) { + return true; + } + return false; + } + + // Enables or disables this class's functionality based on the value of + // this.shouldEnable. Does nothing if the class is already in the right state + // (i.e. if the class should be enabled and already is, or should be disabled + // and already is). + #maybeEnableOrDisable() { + if (this.shouldEnable) { + if (this.#enabled) { + return; + } + LOG("RestartOnLastWindowClosed.#maybeEnableOrDisable - Enabling"); + + Services.obs.addObserver(this, "domwindowclosed"); + Services.obs.addObserver(this, "domwindowopened"); + Services.obs.addObserver(this, "update-downloaded"); + Services.obs.addObserver(this, "update-staged"); + + this.#restartTimer = null; + this.#restartTimerExpired = false; + + this.#enabled = true; + + // Synchronize with external state. + this.#onWindowClose(); + } else { + if (!this.#enabled) { + return; + } + LOG("RestartOnLastWindowClosed.#maybeEnableOrDisable - Disabling"); + + Services.obs.removeObserver(this, "domwindowclosed"); + Services.obs.removeObserver(this, "domwindowopened"); + Services.obs.removeObserver(this, "update-downloaded"); + Services.obs.removeObserver(this, "update-staged"); + + this.#enabled = false; + + if (this.#restartTimer) { + this.#restartTimer.cancel(); + } + this.#restartTimer = null; + } + } + + // Note: Since we keep track of the update state even when this class is + // disabled, this function will run even in that case. + #onUpdateReady(updateState) { + // Note that we do not count pending-elevate as a ready state, because we + // cannot silently restart in that state. + if ( + [ + STATE_APPLIED, + STATE_PENDING, + STATE_APPLIED_SERVICE, + STATE_PENDING_SERVICE, + ].includes(updateState) + ) { + if (this.#enabled) { + LOG("RestartOnLastWindowClosed.#onUpdateReady - update ready"); + this.#maybeRestartBrowser(); + } + } else if (this.#enabled) { + LOG( + `RestartOnLastWindowClosed.#onUpdateReady - Not counting update as ` + + `ready because the state is ${updateState}` + ); + } + } + + #onWindowClose() { + if (!this.#windowsAreOpen()) { + this.#onLastWindowClose(); + } + } + + #onLastWindowClose() { + if (this.#restartTimer || this.#restartTimerExpired) { + LOG( + "RestartOnLastWindowClosed.#onLastWindowClose - Restart timer is " + + "either already running or has already expired" + ); + return; + } + + let timeout = Services.prefs.getIntPref( + PREF_APP_UPDATE_NO_WINDOW_AUTO_RESTART_DELAY_MS, + 5 * 60 * 1000 + ); + + LOG( + "RestartOnLastWindowClosed.#onLastWindowClose - Last window closed. " + + "Starting restart timer" + ); + this.#restartTimer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); + this.#restartTimer.initWithCallback( + () => this.#onRestartTimerExpire(), + timeout, + Ci.nsITimer.TYPE_ONE_SHOT + ); + } + + #onWindowOpen() { + if (this.#restartTimer) { + LOG( + "RestartOnLastWindowClosed.#onWindowOpen - Window opened. Cancelling " + + "restart timer." + ); + this.#restartTimer.cancel(); + } + this.#restartTimer = null; + this.#restartTimerExpired = false; + } + + #onRestartTimerExpire() { + LOG("RestartOnLastWindowClosed.#onRestartTimerExpire - Timer Expired"); + + this.#restartTimer = null; + this.#restartTimerExpired = true; + this.#maybeRestartBrowser(); + } + + #maybeRestartBrowser() { + if (!this.#restartTimerExpired) { + LOG( + "RestartOnLastWindowClosed.#maybeRestartBrowser - Still waiting for " + + "all windows to be closed and restartTimer to expire. " + + "(not restarting)" + ); + return; + } + + if (lazy.AUS.currentState != Ci.nsIApplicationUpdateService.STATE_PENDING) { + LOG( + "RestartOnLastWindowClosed.#maybeRestartBrowser - No update ready. " + + "(not restarting)" + ); + return; + } + + if (getElevationRequired()) { + // We check for STATE_PENDING_ELEVATE elsewhere, but this is actually + // different from that because it is technically possible that the user + // gave permission to elevate, but we haven't actually elevated yet. + // This is a bit of a corner case. We only call elevationOptedIn() right + // before we restart to apply the update immediately. But it is possible + // that something could stop the browser from shutting down. + LOG( + "RestartOnLastWindowClosed.#maybeRestartBrowser - This update will " + + "require user elevation (not restarting)" + ); + return; + } + + if (this.#windowsAreOpen()) { + LOG( + "RestartOnLastWindowClosed.#maybeRestartBrowser - Window " + + "unexpectedly still open! (not restarting)" + ); + return; + } + + if (!this.shouldEnable) { + LOG( + "RestartOnLastWindowClosed.#maybeRestartBrowser - Unexpectedly " + + "attempted to restart when RestartOnLastWindowClosed ought to be " + + "disabled! (not restarting)" + ); + return; + } + + LOG("RestartOnLastWindowClosed.#maybeRestartBrowser - Restarting now"); + Services.telemetry.scalarAdd("update.no_window_auto_restarts", 1); + Services.startup.quit( + Ci.nsIAppStartup.eAttemptQuit | + Ci.nsIAppStartup.eRestart | + Ci.nsIAppStartup.eSilently + ); + } +} +// Nothing actually uses this variable at the moment, but let's make sure that +// we hold the reference to the RestartOnLastWindowClosed instance somewhere. +// eslint-disable-next-line no-unused-vars +let restartOnLastWindowClosed = new RestartOnLastWindowClosed(); |