This repository has been archived by the owner on Sep 15, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug 1490119: support mar cert replacement in update verify. r=nthomas
- Loading branch information
Showing
10 changed files
with
94 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
These certificates are imported from mozilla-central (https://hg.mozilla.org/mozilla-central/file/tip/toolkit/mozapps/update/updater) | ||
and used to support staging update verify jobs. These jobs end up replacing the certificates within the binaries | ||
(through a binary search and replace), and must all be the same length for this to work correctly. If we recreate | ||
these certificates, and the resulting public certificates are not the same length anymore, the commonName may be | ||
changed to line them up again. https://github.com/google/der-ascii is a useful tool for doing this. For example: | ||
|
||
To convert the certificate to ascii: | ||
der2ascii -i dep1.der -o dep1.ascii | ||
|
||
Then use your favourite editor to change the commonName field. That block will look something like: | ||
SEQUENCE { | ||
SET { | ||
SEQUENCE { | ||
# commonName | ||
OBJECT_IDENTIFIER { 2.5.4.3 } | ||
PrintableString { "CI MAR signing key 1" } | ||
} | ||
} | ||
} | ||
|
||
You can pad the PrintableString with spaces to increase the length of the cert (1 space = 1 byte). | ||
|
||
Then, convert back to der: | ||
ascii2der -i dep1.ascii -o newdep1.der |
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
import os.path | ||
import sys | ||
|
||
cert_dir = sys.argv[1] | ||
# Read twice, because strings cannot be copied | ||
updater_data = open(sys.argv[2], "rb").read() | ||
new_updater = open(sys.argv[2], "rb").read() | ||
outfile = sys.argv[3] | ||
|
||
cert_pairs = sys.argv[4:] | ||
|
||
if (len(cert_pairs) % 2) != 0: | ||
print("Certs must be provided in pairs") | ||
sys.exit(1) | ||
|
||
for find_cert, replace_cert in zip(*[iter(cert_pairs)]*2): | ||
find = open(os.path.join(cert_dir, find_cert), "rb").read() | ||
replace = open(os.path.join(cert_dir, replace_cert), "rb").read() | ||
print("Looking for {}...".format(find_cert)) | ||
if find in new_updater: | ||
print("Replacing {} with {}".format(find_cert, replace_cert)) | ||
new_updater = new_updater.replace(find, replace) | ||
else: | ||
print("Didn't find {}...".format(find_cert)) | ||
|
||
if len(updater_data) != len(new_updater): | ||
print("WARNING: new updater is not the same length as the old one (old: {}, new: {})".format(len(updater_data), len(new_updater))) | ||
|
||
if updater_data == new_updater: | ||
print("WARNING: updater is unchanged") | ||
|
||
with open(outfile, 'wb+') as f: | ||
f.write(new_updater) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters