Bug 1464766 - Allow to relax the addon signature requirements. r?aswan
Add a build option that allows to relax the requirements in
SCOPE_APPLICATION and SCOPE_SYSTEM, individually or together, in an
opt-in manner.
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -3,16 +3,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
ChromeUtils.defineModuleGetter(this, "Services", "resource://gre/modules/Services.jsm");
+ChromeUtils.defineModuleGetter(this, "AddonManager", "resource://gre/modules/AddonManager.jsm");
this.EXPORTED_SYMBOLS = ["AppConstants"];
// Immutable for export.
this.AppConstants = Object.freeze({
// See this wiki page for more details about channel specific build
// defines: https://wiki.mozilla.org/Platform/Channel-specific_build_defines
NIGHTLY_BUILD:
@@ -224,16 +225,27 @@ this.AppConstants = Object.freeze({
MOZ_REQUIRE_SIGNING:
#ifdef MOZ_REQUIRE_SIGNING
true,
#else
false,
#endif
+ get MOZ_UNSIGNED_SCOPES() {
+ let result = 0;
+#ifdef MOZ_UNSIGNED_APP_SCOPE
+ result |= AddonManager.SCOPE_APPLICATION;
+#endif
+#ifdef MOZ_UNSIGNED_SYSTEM_SCOPE
+ result |= AddonManager.SCOPE_SYSTEM;
+#endif
+ return result;
+ },
+
MOZ_ALLOW_LEGACY_EXTENSIONS:
#ifdef MOZ_ALLOW_LEGACY_EXTENSIONS
true,
#else
false,
#endif
MENUBAR_CAN_AUTOHIDE:
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -315,16 +315,18 @@ for var in ('ANDROID_PACKAGE_NAME',
'MOZ_WIDGET_TOOLKIT',
'DLL_PREFIX',
'DLL_SUFFIX',
'DEBUG_JS_MODULES'):
DEFINES[var] = CONFIG[var]
for var in ('MOZ_TOOLKIT_SEARCH',
'MOZ_SYSTEM_NSS',
+ 'MOZ_UNSIGNED_APP_SCOPE',
+ 'MOZ_UNSIGNED_SYSTEM_SCOPE',
'MOZ_UPDATER',
'MOZ_ANDROID_MOZILLA_ONLINE',
'MOZ_SWITCHBOARD'):
if CONFIG[var]:
DEFINES[var] = True
JAR_MANIFESTS += ['jar.mn']
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
@@ -1204,8 +1204,25 @@ option('--enable-proxy-bypass-protection
help='Prevent suspected or confirmed proxy bypasses')
@depends_if('--enable-proxy-bypass-protection')
def proxy_bypass_protection(_):
return True
set_config('MOZ_PROXY_BYPASS_PROTECTION', proxy_bypass_protection)
set_define('MOZ_PROXY_BYPASS_PROTECTION', proxy_bypass_protection)
+
+# Addon signing
+# ==============================================================
+
+option('--with-unsigned-addon-scopes',
+ nargs='+', choices=('app', 'system'),
+ help='Addon scopes where signature is not required')
+
+@depends('--with-unsigned-addon-scopes')
+def unsigned_addon_scopes(scopes):
+ return namespace(
+ app='app' in scopes or None,
+ system='system' in scopes or None,
+ )
+
+set_config('MOZ_UNSIGNED_APP_SCOPE', unsigned_addon_scopes.app)
+set_config('MOZ_UNSIGNED_SYSTEM_SCOPE', unsigned_addon_scopes.system)
--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -954,16 +954,19 @@ function shouldVerifySignedState(aAddon)
// Updated system add-ons should always have their signature checked
if (aAddon.location.name == KEY_APP_SYSTEM_ADDONS)
return true;
// We don't care about signatures for default system add-ons
if (aAddon.location.name == KEY_APP_SYSTEM_DEFAULTS)
return false;
+ if (aAddon.location.scope & AppConstants.MOZ_UNSIGNED_SCOPES)
+ return false;
+
// Otherwise only check signatures if the add-on is one of the signed
// types.
return XPIDatabase.SIGNED_TYPES.has(aAddon.type);
}
/**
* Verifies that a bundle's contents are all correctly signed by an
* AMO-issued certificate