Re-enable MOZ_VERIFY_MAR_SIGNATURE feature
...that 3a445cb49795fabe0d8caaf12bfc38eb9e12d5fc "Turn onlineupdate into
external/onlineupdate" had accidentally turned off
Change-Id: I345d02a305a33fc641566d122c8cdb55c09599a2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161546
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>
(cherry picked from commit 1e5fedf1a34e4609d4cf9f7fb70bc8797692d521)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161557
diff --git a/Repository.mk b/Repository.mk
index a53d923..d9361db 100644
--- a/Repository.mk
+++ b/Repository.mk
@@ -1097,7 +1097,10 @@ $(eval $(call gb_Helper_register_packages_for_install,brand,\
readlicense_oo_files \
readlicense_oo_license \
$(call gb_Helper_optional,DESKTOP,setup_native_packinfo) \
$(if $(ENABLE_ONLINE_UPDATE_MAR),updater_ini) \
$(if $(ENABLE_ONLINE_UPDATE_MAR), \
update-settings_ini \
updater_ini \
) \
))
ifeq ($(USING_X11), TRUE)
diff --git a/external/onlineupdate/CustomTarget_generated.mk b/external/onlineupdate/CustomTarget_generated.mk
index dba82744..ffdfffd 100644
--- a/external/onlineupdate/CustomTarget_generated.mk
+++ b/external/onlineupdate/CustomTarget_generated.mk
@@ -9,31 +9,14 @@
$(eval $(call gb_CustomTarget_CustomTarget,external/onlineupdate/generated))
onlineupdate_INC := $(call gb_CustomTarget_get_workdir,external/onlineupdate/generated)/onlineupdate
onlineupdate_INC := $(call gb_CustomTarget_get_workdir,external/onlineupdate/generated)
# For debug purposes, ONLINEUPDATE_MAR_CERTIFICATEDER can be empty, but gen_cert_header.py always
# expects an existing certificate-der=... pathname, so as a hack fall back to the generated
# update.ini itself as the pathname of the certificate DER file (though that will cause
# gen_cert_header.py to generate nonsense data, of course):
$(call gb_CustomTarget_get_workdir,onlineupdate/generated)/update.ini: | \
$(call gb_CustomTarget_get_workdir,onlineupdate/generated)/.dir
printf '[Updater]\ncertificate-der=%s\n' '$(or $(ONLINEUPDATE_MAR_CERTIFICATEDER),$@)' > $@
$(onlineupdate_INC)/primaryCert.h : \
$(onlineupdate_INC)/primaryCert.h $(onlineupdate_INC)/secondaryCert.h : \
$(call gb_ExternalExecutable_get_dependencies,python) \
$(call gb_CustomTarget_get_workdir,onlineupdate/generated)/update.ini \
| $(call gb_UnpackedTarball_get_target,onlineupdate)
$(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),build,,1)
mkdir -p $(dir $@)
$(call gb_ExternalExecutable_get_command,python) $(call gb_UnpackedTarball_get_dir,onlineupdate)/onlineupdate/source/update/updater/gen_cert_header.py "primaryCertData" $(call gb_CustomTarget_get_workdir,onlineupdate/generated)/update.ini > $(onlineupdate_INC)/primaryCert.h
$(onlineupdate_INC)/secondaryCert.h : \
$(call gb_ExternalExecutable_get_dependencies,python) \
$(call gb_CustomTarget_get_workdir,onlineupdate/generated)/update.ini \
| $(call gb_UnpackedTarball_get_target,onlineupdate)
$(call gb_Output_announce,$(subst $(WORKDIR)/,,$@),build,,1)
mkdir -p $(dir $@)
$(call gb_ExternalExecutable_get_command,python) $(call gb_UnpackedTarball_get_dir,onlineupdate)/onlineupdate/source/update/updater/gen_cert_header.py "secondaryCertData" $(call gb_CustomTarget_get_workdir,onlineupdate/generated)/update.ini > $(onlineupdate_INC)/secondaryCert.h
PYPATH=$${PYPATH:+$$PYPATH$(gb_CLASSPATHSEP)}'$(call gb_UnpackedTarball_get_dir,onlineupdate)/onlineupdate/source/update/updater' $(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/onlineupdate/generate.py $@ '$(ONLINEUPDATE_MAR_CERTIFICATEDER)'
$(call gb_CustomTarget_get_target,external/onlineupdate/generated) : \
$(onlineupdate_INC)/primaryCert.h \
diff --git a/external/onlineupdate/Executable_test_updater_dialog.mk b/external/onlineupdate/Executable_test_updater_dialog.mk
index 9c9c003..4d31c7f 100644
--- a/external/onlineupdate/Executable_test_updater_dialog.mk
+++ b/external/onlineupdate/Executable_test_updater_dialog.mk
@@ -53,7 +53,7 @@ $(eval $(call gb_Executable_add_ldflags,test_updater_dialog,\
else
$(eval $(call gb_Executable_add_defs,test_updater_dialog,\
-DVERIFY_MAR_SIGNATURE \
-DMOZ_VERIFY_MAR_SIGNATURE \
-DNSS3 \
))
diff --git a/external/onlineupdate/Executable_updater.mk b/external/onlineupdate/Executable_updater.mk
index 0aa0bbe2..2196ff5d 100644
--- a/external/onlineupdate/Executable_updater.mk
+++ b/external/onlineupdate/Executable_updater.mk
@@ -64,7 +64,8 @@ $(eval $(call gb_Executable_add_ldflags,updater,\
))
$(eval $(call gb_Executable_add_defs,updater,\
-DVERIFY_MAR_SIGNATURE \
-DMOZ_APP_VERSION=\"$(LIBO_VERSION_MAJOR).$(LIBO_VERSION_MINOR).$(LIBO_VERSION_MICRO).$(LIBO_VERSION_PATCH)\" \
-DMOZ_VERIFY_MAR_SIGNATURE \
-DNS_NO_XPCOM \
-DMOZ_MAINTENANCE_SERVICE \
-DXP_WIN \
@@ -84,7 +85,8 @@ $(eval $(call gb_Executable_add_defs,updater,\
else
$(eval $(call gb_Executable_add_defs,updater,\
-DVERIFY_MAR_SIGNATURE \
-DMOZ_APP_VERSION=\"$(LIBO_VERSION_MAJOR).$(LIBO_VERSION_MINOR).$(LIBO_VERSION_MICRO).$(LIBO_VERSION_PATCH)\" \
-DMOZ_VERIFY_MAR_SIGNATURE \
-DNSS3 \
-DNS_NO_XPCOM \
-DXP_UNIX \
diff --git a/external/onlineupdate/Module_onlineupdate.mk b/external/onlineupdate/Module_onlineupdate.mk
index 97f7d5c..6b037bd 100644
--- a/external/onlineupdate/Module_onlineupdate.mk
+++ b/external/onlineupdate/Module_onlineupdate.mk
@@ -25,6 +25,7 @@ $(eval $(call gb_Module_add_targets,onlineupdate,\
Executable_updater \
Executable_mbsdiff \
CustomTarget_generated \
Package_update-settings_ini \
Package_updater_ini \
))
endif
diff --git a/external/onlineupdate/Package_update-settings_ini.mk b/external/onlineupdate/Package_update-settings_ini.mk
new file mode 100644
index 0000000..bbb438e
--- /dev/null
+++ b/external/onlineupdate/Package_update-settings_ini.mk
@@ -0,0 +1,16 @@
# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t; fill-column: 100 -*-
#
# This file is part of the LibreOffice project.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
$(eval $(call gb_Package_Package,update-settings_ini,$(SRCDIR)/external/onlineupdate))
$(eval $(call gb_Package_add_files,update-settings_ini,$(if $(filter MACOSX,$(OS)),Contents/Resources,.), \
update-settings.ini \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/onlineupdate/StaticLibrary_updatehelper.mk b/external/onlineupdate/StaticLibrary_updatehelper.mk
index 742d4d1..79da4f8 100644
--- a/external/onlineupdate/StaticLibrary_updatehelper.mk
+++ b/external/onlineupdate/StaticLibrary_updatehelper.mk
@@ -26,7 +26,7 @@ $(eval $(call gb_StaticLibrary_set_include,updatehelper,\
$(eval $(call gb_StaticLibrary_add_defs,updatehelper,\
-DMOZ_MAINTENANCE_SERVICE \
-DNSS3 \
-DVERIFY_MAR_SIGNATURE \
-DMOZ_VERIFY_MAR_SIGNATURE \
-DXP_$(if $(filter WNT,$(OS)),WIN,UNIX) \
$(if $(filter WNT,$(OS)),-U_WIN32_WINNT) \
))
diff --git a/external/onlineupdate/generate.py b/external/onlineupdate/generate.py
new file mode 100644
index 0000000..8454d7e
--- /dev/null
+++ b/external/onlineupdate/generate.py
@@ -0,0 +1,21 @@
# -*- tab-width: 4; indent-tabs-mode: nil; py-indent-offset: 4 -*-
#
# This file is part of the LibreOffice project.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
import sys
from gen_cert_header import create_header
with open(sys.argv[1], mode='w') as f:
# For debug purposes, ONLINEUPDATE_MAR_CERTIFICATEDER (passed in as sys.argv[2]) can be empty,
# but create_header always expects an existing file argument, so as a hack fall back to this
# script itself (i.e., sys.argv[0]) as the pathname of the certificate DER file (though that
# will cause create_header to generate nonsense data, of course):
create_header(f, sys.argv[2] or sys.argv[0])
# vim: set shiftwidth=4 softtabstop=4 expandtab:
diff --git a/external/onlineupdate/update-settings.ini b/external/onlineupdate/update-settings.ini
new file mode 100644
index 0000000..60a657f
--- /dev/null
+++ b/external/onlineupdate/update-settings.ini
@@ -0,0 +1,10 @@
;
; This file is part of the LibreOffice project.
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
[Settings]
ACCEPTED_MAR_CHANNEL_IDS=LOOnlineUpdater
