update-programs.configure (9602B)
1 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- 2 # vim: set filetype=python: 3 # This Source Code Form is subject to the terms of the Mozilla Public 4 # License, v. 2.0. If a copy of the MPL was not distributed with this 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 6 7 8 # Updater 9 # ============================================================== 10 @depends(build_project, target) 11 def updater_default(build_project, target): 12 if build_project == "tools/update-programs": 13 return True 14 return build_project != "mobile/android" and target.os != "iOS" 15 16 17 option( 18 "--enable-updater", 19 default=updater_default, 20 help="{Enable|Disable} building the updater", 21 ) 22 23 set_config("MOZ_UPDATER", True, when="--enable-updater") 24 set_define("MOZ_UPDATER", True, when="--enable-updater") 25 26 # Updates that do not verify signatures 27 # ============================================================== 28 29 option( 30 "--enable-unverified-updates", 31 default=False, 32 help="Enable application update without verifying MAR or updater binary signatures", 33 ) 34 35 36 @depends("--enable-unverified-updates", "--enable-compile-environment") 37 def disable_unverified_updates(unverified_updates, compile_environment): 38 if unverified_updates: 39 if not compile_environment: 40 die("--enable-unverified-updates requires --enable-compile-environment") 41 return not unverified_updates 42 43 44 set_define( 45 "MOZ_VERIFY_MAR_SIGNATURE", 46 depends_if(disable_unverified_updates)(lambda _: True), 47 ) 48 set_config( 49 "MOZ_VERIFY_MAR_SIGNATURE", 50 True, 51 depends_if(disable_unverified_updates)(lambda _: True), 52 ) 53 54 set_config( 55 "DISABLE_UPDATER_AUTHENTICODE_CHECK", 56 True, 57 depends_if("--enable-unverified-updates")(lambda _: True), 58 ) 59 60 # Mac elevated updates without production signing 61 # ============================================================== 62 63 option( 64 "--enable-mac-elevated-updates-with-generic-certs", 65 when=target_is_osx, 66 default=False, 67 help="Allow local developer-signed builds to perform elevated updates on macOS", 68 ) 69 70 71 def mac_prod_requirements_string(identifier): 72 return ( 73 f'identifier "{identifier}" and anchor apple generic and ' 74 "certificate 1[field.1.2.840.113635.100.6.2.6] and " 75 "certificate leaf[field.1.2.840.113635.100.6.1.13] and " 76 'certificate leaf[subject.OU] = "43AQ936H96"' 77 ) 78 79 80 def mac_relaxed_requirements_string(identifier): 81 return f'identifier "{identifier}" and anchor apple generic' 82 83 84 @depends("--enable-mac-elevated-updates-with-generic-certs", when=target_is_osx) 85 def smauthorizedclients_requirements(enabled): 86 bundle_id_env_var = "$(MOZ_MACBUNDLE_ID)" 87 if enabled: 88 return mac_relaxed_requirements_string(bundle_id_env_var) 89 else: 90 return mac_prod_requirements_string(bundle_id_env_var) 91 92 93 set_config("MOZ_SMAUTHORIZEDCLIENTS_REQUIREMENTS", smauthorizedclients_requirements) 94 95 96 @depends("--enable-mac-elevated-updates-with-generic-certs", when=target_is_osx) 97 def smprivilegedexec_requirements(enabled): 98 updater_id = "org.mozilla.updater" 99 if enabled: 100 return mac_relaxed_requirements_string(updater_id) 101 else: 102 return mac_prod_requirements_string(updater_id) 103 104 105 set_config("MOZ_SMPRIVILEGEDEXECUTABLES_REQUIREMENTS", smprivilegedexec_requirements) 106 107 # MAR channel ID configuration 108 # ============================================================== 109 110 option(env="MAR_CHANNEL_ID", nargs=1, help="MAR channel identifier") 111 112 set_config( 113 "MAR_CHANNEL_ID", 114 depends_if("MAR_CHANNEL_ID")(lambda channel: channel[0]), 115 ) 116 117 option( 118 env="ACCEPTED_MAR_CHANNEL_IDS", nargs="+", help="Accepted MAR channel identifiers" 119 ) 120 121 set_config( 122 "ACCEPTED_MAR_CHANNEL_IDS", 123 depends_if("ACCEPTED_MAR_CHANNEL_IDS")(lambda channels: ",".join(channels)), 124 ) 125 126 # Use NSS for MAR signatures even on platforms where system libraries are 127 # supported (currently Windows and macOS). 128 # ============================================================== 129 130 can_toggle_nss_mar = target_is_windows | target_is_osx 131 132 option( 133 "--enable-nss-mar", 134 when=can_toggle_nss_mar, 135 help="Enable using NSS to check MAR signatures instead of system crypto", 136 ) 137 138 139 @depends( 140 depends("--enable-nss-mar", when=can_toggle_nss_mar)(lambda x: x), 141 can_toggle_nss_mar, 142 ) 143 def enable_nss_mar(enabled, can_toggle_nss_mar): 144 return enabled or not can_toggle_nss_mar 145 146 147 set_config("MOZ_USE_NSS_FOR_MAR", True, when=enable_nss_mar) 148 149 # Maintenance service (Windows only) 150 # ============================================================== 151 152 153 @depends("--enable-updater") 154 def maintenance_service_default(updater): 155 return bool(updater) 156 157 158 option( 159 "--enable-maintenance-service", 160 when=target_is_windows, 161 default=maintenance_service_default, 162 help="{Enable|Disable} building of maintenance service", 163 ) 164 165 set_define( 166 "MOZ_MAINTENANCE_SERVICE", 167 depends_if("--enable-maintenance-service", when=target_is_windows)(lambda _: True), 168 ) 169 set_config( 170 "MOZ_MAINTENANCE_SERVICE", 171 depends_if("--enable-maintenance-service", when=target_is_windows)(lambda _: True), 172 ) 173 174 175 @depends("--enable-maintenance-service", "--enable-updater", when=target_is_windows) 176 def check_maintenance_service(mainteance_service, updater): 177 if mainteance_service and not updater: 178 die("--enable-updater is required to --enable-maintenance-service") 179 return mainteance_service 180 181 182 # Update agent (currently Windows and macOS only) 183 # This is an independent task that runs on a schedule to 184 # check for, download, and install updates. 185 # ============================================================== 186 187 188 @depends("--enable-backgroundtasks", "--enable-updater", build_project) 189 def update_agent_default(backgroundtasks, updater, build_project): 190 return bool(backgroundtasks) and bool(updater) and build_project == "browser" 191 192 193 option( 194 "--disable-update-agent", 195 when=target_is_windows | target_is_osx, 196 default=update_agent_default, 197 help="{Enable|Disable} building update agent", 198 ) 199 200 set_config( 201 "MOZ_UPDATE_AGENT", 202 depends_if("--enable-update-agent", when=target_is_windows | target_is_osx)( 203 lambda _: True 204 ), 205 ) 206 207 208 @depends( 209 "--enable-update-agent", 210 "--enable-backgroundtasks", 211 "--enable-updater", 212 when=target_is_windows | target_is_osx, 213 ) 214 def check_update_agent(update_agent, backgroundtasks, updater): 215 if update_agent and not backgroundtasks: 216 die("--enable-backgroundtasks is required to --enable-update-agent") 217 if update_agent and not updater: 218 die("--enable-updater is required to --enable-update-agent") 219 return update_agent 220 221 222 # Enable or disable the default browser agent, which monitors the user's default 223 # browser setting on Windows. 224 # ============================================================================== 225 226 227 @depends(target, build_project) 228 def default_browser_agent_default(target, build_project): 229 return target.os == "WINNT" and build_project == "browser" 230 231 232 option( 233 "--enable-default-browser-agent", 234 default=default_browser_agent_default, 235 help="{Enable|Disable} building the default browser agent", 236 ) 237 238 239 @depends("--enable-default-browser-agent", when=target_is_windows) 240 def default_agent_flag(enabled): 241 if enabled: 242 return True 243 244 245 set_config("MOZ_DEFAULT_BROWSER_AGENT", default_agent_flag) 246 247 248 # Enable or disable the notification server, which allows Windows native 249 # notifications to persist when the application is not running and relaunch as 250 # necessary. 251 # ============================================================================== 252 @depends(target, build_project) 253 def notification_server_default(target, build_project): 254 return target.os == "WINNT" and build_project in ( 255 "browser", 256 "comm/mail", 257 ) 258 259 260 option( 261 "--disable-notification-server", 262 when=notification_server_default, 263 help="Disable building the notification server", 264 ) 265 266 set_config("MOZ_NOTIFICATION_SERVER", True, when="--enable-notification-server") 267 268 # Supported patch formats for the updater 269 # ======================================= 270 271 with only_when("--enable-updater"): 272 include("zucchini.configure") 273 274 with only_when(~zucchini_is_available): 275 set_config("MOZ_BSPATCH", True) 276 set_define("MOZ_BSPATCH", True) 277 278 with only_when(zucchini_is_available): 279 option( 280 "--disable-bspatch", 281 help="Disable bspatch support", 282 ) 283 284 set_config("MOZ_BSPATCH", True, when="--enable-bspatch") 285 set_define("MOZ_BSPATCH", True, when="--enable-bspatch") 286 287 @depends("--enable-bspatch", "--enable-zucchini") 288 def check_at_least_one_patch_format(bspatch, zucchini): 289 if not bspatch and not zucchini: 290 die( 291 "You must enable at least one patch format when --enable-updater " 292 "is used. Use --enable-bspatch or --enable-zucchini." 293 ) 294 295 296 # Enable updater customization for Base Browser-based browsers 297 # ============================================================================== 298 299 option("--enable-base-browser-update", help="Enable Base Browser update") 300 301 set_config("BASE_BROWSER_UPDATE", True, when="--enable-base-browser-update") 302 set_define("BASE_BROWSER_UPDATE", True, when="--enable-base-browser-update") 303 304 305 # Updater URL 306 # ============================================================== 307 308 option( 309 "--with-updater-url", 310 default="https://aus1.torproject.org/torbrowser/update_3/", 311 nargs=1, 312 help="Set the updater URL", 313 ) 314 315 set_config( 316 "BB_UPDATER_URL", 317 depends("--with-updater-url")(lambda x: x[0].rstrip("/")), 318 )