Closed
Bug 991993
Opened 11 years ago
Closed 10 years ago
Disable NSS for updater in OSX and enable native APIs
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bbondy, Assigned: bbondy)
References
Details
Attachments
(1 file, 2 obsolete files)
11.28 KB,
patch
|
bbondy
:
review+
|
Details | Diff | Splinter Review |
This is different from bug 978596 and bug 978597 in that it's to use the work in those bugs for updater. Currently updater in OSX is i) initializing NSS, ii) linking to NSS, iii) Using NSS when the following patches are applied: (apply last) Bug 903135 - Link updater to NSS and enable MAR verification on Linux and OSX Bug 903126 - Replace DER file with XPCShell cert. r=rstrong Bug 903126 - Don't use an xpcshell cert for verification. r=rstrong Bug 903135 - Multi platform MAR verification updater support. r=rstrong Bug 903135 - Multi platform MAR verification build config. r=rstrong Bug 903135 - Updates to libmar needed to support B2G MAR signature verification. r=bbondy Bug 902761 - Stop storing certs used for MAR verification in EXE resource files. r=rstrong (apply first) Bug 902761 - Build configuration for turning .der files into .h files. r=rstrong This bug should be applied after the last patch in that series and it should use and link to the native APIs and not NSS.
Assignee | ||
Updated•11 years ago
|
Comment 1•11 years ago
|
||
Here is my current understanding of what we need to do in this bug: 1. With all dependent patches applied, the "aCertData" that is being passed to CryptoMac_LoadPublicKey is now the content of the cert file (rather than the path to the cert file). This simplifies this function quite a bit and I've confirmed locally that this is working fine. This will also bring the behavior of the Mac function in line with the behavior of other platforms. 2. Set MOZ_VERIFY_MAR_SIGNATURE=1 for Mac (and presumably Linux) in confvars.sh [1]. 3. Change the logic in configure.in [2] to allow signature verification on Linux and Mac. Try appears to be clogged up at the moment, but I'll test this as soon as pushes go through again. [1] http://mxr.mozilla.org/mozilla-central/source/browser/confvars.sh#12 [2] http://mxr.mozilla.org/mozilla-central/source/configure.in#6365
Comment 2•11 years ago
|
||
This appears to (finally) pass on try, including B2G emulators: https://tbpl.mozilla.org/?tree=Try&rev=3edee85e9a93
Assignee: nobody → spohl.mozilla.bugs
Status: NEW → ASSIGNED
Attachment #8421873 -
Flags: review?(smichaud)
Attachment #8421873 -
Flags: review?(robert.strong.bugs)
Updated•11 years ago
|
Attachment #8421873 -
Flags: review?(robert.strong.bugs) → review+
Comment 3•11 years ago
|
||
Comment on attachment 8421873 [details] [diff] [review] Patch Looks fine to me.
Attachment #8421873 -
Flags: review?(smichaud) → review+
Comment 4•11 years ago
|
||
Unless I hear otherwise, I'll prepare all the patches from the dependent bugs as well as this one here for checkin tomorrow morning. I will have to push all of them at the same time to avoid compilation and/or test failures on inbound.
Comment 5•11 years ago
|
||
Before landing check in with bbondy since there are a lot of moving parts here and a second "everything is ready to go" check would be a good thing. Thanks!
Comment 6•11 years ago
|
||
Brian, do you think this (and dependent bugs) are ready to go? FWIW, the try build in comment 2 had all the latest patches from the dependent bugs applied.
Flags: needinfo?(netzen)
Assignee | ||
Comment 7•11 years ago
|
||
Do you mean everything in bug 973933? I think we should test it on oak first and also test to make sure all tests pass with dep, pgo, and nightly work via the self serve api page.
Flags: needinfo?(netzen)
Assignee | ||
Comment 8•10 years ago
|
||
Rebased
Attachment #8421873 -
Attachment is obsolete: true
Attachment #8509994 -
Flags: review+
Assignee | ||
Comment 9•10 years ago
|
||
Fix linking problem from last patch.
Attachment #8509994 -
Attachment is obsolete: true
Attachment #8510002 -
Flags: review+
Comment 10•10 years ago
|
||
Brian, I think you were going to land this once it's ready, so assigning to you. Let me know if that's not the case. Thanks!
Assignee: spohl.mozilla.bugs → netzen
Assignee | ||
Comment 11•10 years ago
|
||
Yep that's the right call, thanks. I'm working on some test failure stuff relating to multi platform mar signing and when that's resolved I'll be landing this.
Assignee | ||
Comment 12•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/pushloghtml?changeset=883e17fc475f
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•