Bug #4234: Use the Firefox Update Process for TBB.

New configure options: --with-tor-browser-version=VERSION # Pass TBB version throughout build. --enable-tor-browser-update # Enable bundle update behavior. The following files are never updated: TorBrowser/Data/Browser/profiles.ini TorBrowser/Data/Browser/profile.default/bookmarks.html TorBrowser/Data/Tor/torrc
torbsd · Jan 9, 2015 · 2cfb50a · 2cfb50a
1 parent a6284db
commit 2cfb50a
Show file tree

Hide file tree

Showing 21 changed files with 582 additions and 161 deletions.
diff --git a/.mozconfig b/.mozconfig
@@ -9,12 +9,15 @@ mk_add_options BUILD_OFFICIAL=1
 ac_add_options --enable-optimize
 #ac_add_options --disable-optimize
 ac_add_options --enable-official-branding
+ac_add_options --enable-tor-browser-update
+ac_add_options --enable-update-packaging
+# We do not use signed MAR files yet (Mozilla uses them on Windows only).
+ac_add_options --disable-verify-mar
 ac_add_options --disable-strip
 ac_add_options --disable-install-strip
 ac_add_options --disable-tests
 ac_add_options --disable-debug
 ac_add_options --disable-maintenance-service
-ac_add_options --disable-updater
 ac_add_options --disable-crashreporter
 ac_add_options --disable-webrtc
 #ac_add_options --disable-ctypes
diff --git a/.mozconfig-mac b/.mozconfig-mac
@@ -38,7 +38,11 @@ ac_add_options --disable-debug
 
 # See above for a reason why this is currently disabled
 # ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS
-ac_add_options --disable-updater
+#ac_add_options --disable-updater
+ac_add_options --enable-tor-browser-update
+ac_add_options --enable-update-packaging
+# We do not use signed MAR files yet (Mozilla uses them on Windows only).
+ac_add_options --disable-verify-mar
 ac_add_options --disable-crashreporter
 ac_add_options --disable-maintenance-service
 ac_add_options --disable-webrtc

diff --git a/.mozconfig-mingw b/.mozconfig-mingw
@@ -14,8 +14,11 @@ ac_add_options --disable-debug
 ac_add_options --enable-optimize
 ac_add_options --enable-strip
 ac_add_options --enable-official-branding
+ac_add_options --enable-tor-browser-update
+ac_add_options --enable-update-packaging
+# We do not use signed MAR files yet (Mozilla uses them on Windows only).
+ac_add_options --disable-verify-mar
 
-ac_add_options --disable-updater
 ac_add_options --disable-crashreporter
 ac_add_options --disable-maintenance-service
 ac_add_options --disable-webrtc

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
@@ -4,9 +4,8 @@
 
 // Please maintain unit tests at ./tbb-tests/browser_tor_TB4.js
 
-// Disable browser auto updaters and associated homepage notifications
+// Disable browser automatic updates and associated homepage notifications
 pref("app.update.auto", false);
-pref("app.update.enabled", false);
 pref("browser.search.update", false);
 pref("browser.rights.3.shown", true);
 pref("browser.startup.homepage_override.mstone", "ignore");

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
@@ -99,14 +99,6 @@ pref("app.update.log", false);
 // the failure.
 pref("app.update.backgroundMaxErrors", 10);
 
-// The aus update xml certificate checks for application update are disabled on
-// Windows since the mar signature check which is currently only implemented on
-// Windows is sufficient for preventing us from applying a mar that is not
-// valid.
-#ifdef XP_WIN
-pref("app.update.cert.requireBuiltIn", false);
-pref("app.update.cert.checkAttributes", false);
-#else
 // When |app.update.cert.requireBuiltIn| is true or not specified the
 // final certificate and all certificates the connection is redirected to before
 // the final certificate for the url specified in the |app.update.url|
@@ -140,22 +132,8 @@ pref("app.update.cert.maxErrors", 5);
 // the |app.update.url.override| preference should ONLY be used for testing.
 // IMPORTANT! metro.js should also be updated for updates to certs.X.issuerName
 
-// Non-release builds (Nightly, Aurora, etc.) have been switched over to aus4.mozilla.org.
-// This condition protects us against accidentally using it for release builds.
-#ifndef RELEASE_BUILD
-pref("app.update.certs.1.issuerName", "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US");
-pref("app.update.certs.1.commonName", "aus4.mozilla.org");
-
-pref("app.update.certs.2.issuerName", "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US");
-pref("app.update.certs.2.commonName", "aus4.mozilla.org");
-#else
-pref("app.update.certs.1.issuerName", "CN=Thawte SSL CA,O=\"Thawte, Inc.\",C=US");
-pref("app.update.certs.1.commonName", "aus3.mozilla.org");
-
-pref("app.update.certs.2.issuerName", "CN=DigiCert Secure Server CA,O=DigiCert Inc,C=US");
-pref("app.update.certs.2.commonName", "aus3.mozilla.org");
-#endif
-#endif
+pref("app.update.certs.1.issuerName", "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US");
+pref("app.update.certs.1.commonName", "*.torproject.org");
 
 // Whether or not app updates are enabled
 pref("app.update.enabled", true);
@@ -185,11 +163,7 @@ pref("app.update.silent", false);
 pref("app.update.staging.enabled", true);
 
 // Update service URL:
-#ifndef RELEASE_BUILD
-pref("app.update.url", "https://aus4.mozilla.org/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml");
-#else
-pref("app.update.url", "https://aus3.mozilla.org/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml");
-#endif
+pref("app.update.url", "https://www.torproject.org/dist/torbrowser/update/%CHANNEL%/%BUILD_TARGET%/%OS_VERSION%/%VERSION%/%LOCALE%");
 // app.update.url.manual is in branding section
 // app.update.url.details is in branding section
 
@@ -207,7 +181,7 @@ pref("app.update.idletime", 60);
 // upgrade start page instead! Other apps may wish to show this UI, and supply
 // a whatsNewURL field in their brand.properties that contains a link to a page
 // which tells users what's new in this new update.
-pref("app.update.showInstalledUI", false);
+pref("app.update.showInstalledUI", true);
 
 // 0 = suppress prompting for incompatibilities if there are updates available
 //     to newer versions of installed addons that resolve them.

diff --git a/browser/base/content/aboutDialog.js b/browser/base/content/aboutDialog.js
@@ -7,6 +7,11 @@ Components.utils.import("resource://gre/modules/Services.jsm");
 
 const PREF_EM_HOTFIX_ID = "extensions.hotfix.id";
 
+#ifdef TOR_BROWSER_VERSION
+# Add double-quotes back on (stripped by JarMaker.py).
+#expand const TOR_BROWSER_VERSION = "__TOR_BROWSER_VERSION__";
+#endif
+
 function init(aEvent)
 {
   if (aEvent.target != document)
@@ -42,13 +47,16 @@ function init(aEvent)
   // Include the build ID and display warning if this is an "a#" (nightly or aurora) build
   let version = Services.appinfo.version;
   if (/a\d+$/.test(version)) {
-    let buildID = Services.appinfo.appBuildID;
-    let buildDate = buildID.slice(0,4) + "-" + buildID.slice(4,6) + "-" + buildID.slice(6,8);
-    document.getElementById("version").textContent += " (" + buildDate + ")";
     document.getElementById("experimental").hidden = false;
     document.getElementById("communityDesc").hidden = true;
   }
 
+#ifdef TOR_BROWSER_VERSION
+  let versionElem = document.getElementById("version");
+  if (versionElem)
+    versionElem.textContent += " (Tor Browser " + TOR_BROWSER_VERSION + ")";
+#endif
+
 #ifdef MOZ_UPDATER
   gAppUpdater = new appUpdater();
 
@@ -256,9 +264,13 @@ appUpdater.prototype =
   doUpdate: function() {
     // skip the compatibility check if the update doesn't provide appVersion,
     // or the appVersion is unchanged, e.g. nightly update
+#ifdef TOR_BROWSER_UPDATE
+    let pkgVersion = TOR_BROWSER_VERSION;
+#else
+    let pkgVersion = Services.appinfo.version;
+#endif
     if (!this.update.appVersion ||
-        Services.vc.compare(gAppUpdater.update.appVersion,
-                            Services.appinfo.version) == 0) {
+        Services.vc.compare(gAppUpdater.update.appVersion, pkgVersion) == 0) {
       this.startDownload();
     } else {
       this.checkAddonCompatibility();
@@ -413,11 +425,16 @@ appUpdater.prototype =
         // (see bug 566787). The hotfix add-on is also ignored as it shouldn't
         // block the user from upgrading.
         try {
+#ifdef TOR_BROWSER_UPDATE
+          let compatVersion = self.update.platformVersion;
+#else
+          let compatVersion = self.update.appVersion;
+#endif
           if (aAddon.type != "plugin" && aAddon.id != hotfixID &&
               !aAddon.appDisabled && !aAddon.userDisabled &&
               aAddon.scope != AddonManager.SCOPE_APPLICATION &&
               aAddon.isCompatible &&
-              !aAddon.isCompatibleWith(self.update.appVersion,
+              !aAddon.isCompatibleWith(compatVersion,
                                        self.update.platformVersion))
             self.addons.push(aAddon);
         }
@@ -441,8 +458,13 @@ appUpdater.prototype =
    */
   checkAddonsForUpdates: function() {
     this.addons.forEach(function(aAddon) {
+#ifdef TOR_BROWSER_UPDATE
+      let compatVersion = this.update.platformVersion;
+#else
+      let compatVersion = this.update.appVersion;
+#endif
       aAddon.findUpdates(this, AddonManager.UPDATE_WHEN_NEW_APP_DETECTED,
-                         this.update.appVersion,
+                         compatVersion,
                          this.update.platformVersion);
     }, this);
   },
@@ -463,8 +485,13 @@ appUpdater.prototype =
    * See XPIProvider.jsm
    */
   onUpdateAvailable: function(aAddon, aInstall) {
+#ifdef TOR_BROWSER_UPDATE
+    let compatVersion = this.update.platformVersion;
+#else
+    let compatVersion = this.update.appVersion;
+#endif
     if (!Services.blocklist.isAddonBlocklisted(aAddon,
-                                               this.update.appVersion,
+                                               compatVersion,
                                                this.update.platformVersion)) {
       // Compatibility or new version updates mean the same thing here.
       this.onCompatibilityUpdateAvailable(aAddon);

diff --git a/browser/branding/official/pref/firefox-branding.js b/browser/branding/official/pref/firefox-branding.js
@@ -13,10 +13,10 @@ pref("app.update.download.backgroundInterval", 60);
 pref("app.update.promptWaitTime", 172800);
 // URL user can browse to manually if for some reason all update installation
 // attempts fail.
-pref("app.update.url.manual", "https://www.mozilla.org/firefox/");
+pref("app.update.url.manual", "https://www.torproject.org/download/download-easy.html");
 // A default value for the "More information about this update" link
 // supplied in the "An update is available" page of the update wizard. 
-pref("app.update.url.details", "https://www.mozilla.org/%LOCALE%/firefox/notes");
+pref("app.update.url.details", "https://www.torproject.org/projects/torbrowser.html");
 
 // The number of days a binary is permitted to be old
 // without checking for an update.  This assumes that

diff --git a/browser/confvars.sh b/browser/confvars.sh
@@ -8,21 +8,6 @@ MOZ_APP_VENDOR=Mozilla
 MOZ_UPDATER=1
 MOZ_PHOENIX=1
 
-if test "$OS_ARCH" = "WINNT"; then
-  if ! test "$HAVE_64BIT_OS"; then
-    MOZ_VERIFY_MAR_SIGNATURE=1
-    MOZ_MAINTENANCE_SERVICE=1
-    if test "$MOZ_UPDATE_CHANNEL" = "nightly" -o \
-            "$MOZ_UPDATE_CHANNEL" = "aurora" -o \
-            "$MOZ_UPDATE_CHANNEL" = "beta" -o \
-            "$MOZ_UPDATE_CHANNEL" = "release"; then
-      if ! test "$MOZ_DEBUG"; then
-        MOZ_STUB_INSTALLER=1
-      fi
-    fi
-  fi
-fi
-
 MOZ_CHROME_FILE_FORMAT=omni
 MOZ_DISABLE_EXPORT_JS=1
 MOZ_SAFE_BROWSING=1
@@ -48,9 +33,9 @@ MOZ_APP_ID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}
 # This should usually be the same as the value MAR_CHANNEL_ID.
 # If more than one ID is needed, then you should use a comma separated list
 # of values.
-ACCEPTED_MAR_CHANNEL_IDS=firefox-mozilla-esr
+ACCEPTED_MAR_CHANNEL_IDS=torbrowser-torproject-release
 # The MAR_CHANNEL_ID must not contain the following 3 characters: ",\t "
-MAR_CHANNEL_ID=firefox-mozilla-esr
+MAR_CHANNEL_ID=torbrowser-torproject-release
 MOZ_PROFILE_MIGRATOR=1
 MOZ_EXTENSION_MANAGER=1
 MOZ_APP_STATIC_INI=1

diff --git a/browser/installer/Makefile.in b/browser/installer/Makefile.in
@@ -63,6 +63,10 @@ ifdef WIN32_REDIST_DIR
 DEFINES += -DMOZ_MSVC_REDIST=$(_MSC_VER)
 endif
 
+ifdef TOR_BROWSER_UPDATE
+DEFINES += -DTOR_BROWSER_UPDATE
+endif
+
 ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET)))
 DEFINES += -DMOZ_SHARED_MOZGLUE=1
 endif

diff --git a/config/createprecomplete.py b/config/createprecomplete.py
@@ -5,13 +5,18 @@
 # update instructions which is used to remove files and directories that are no
 # longer present in a complete update. The current working directory is used for
 # the location to enumerate and to create the precomplete file.
+# For symlinks, remove instructions are always generated.
 
 import sys
 import os
 
 def get_build_entries(root_path):
     """ Iterates through the root_path, creating a list for each file and
         directory. Excludes any file paths ending with channel-prefs.js.
+        To support Tor Browser updates, excludes:
+          TorBrowser/Data/Browser/profiles.ini
+          TorBrowser/Data/Browser/profile.default/bookmarks.html
+          TorBrowser/Data/Tor/torrc
     """
     rel_file_path_set = set()
     rel_dir_path_set = set()
@@ -22,6 +27,9 @@ def get_build_entries(root_path):
             rel_path_file = rel_path_file.replace("\\", "/")
             if not (rel_path_file.endswith("channel-prefs.js") or
                     rel_path_file.endswith("update-settings.ini") or
+                    rel_path_file == "TorBrowser/Data/Browser/profiles.ini" or
+                    rel_path_file == "TorBrowser/Data/Browser/profile.default/bookmarks.html" or
+                    rel_path_file == "TorBrowser/Data/Tor/torrc" or
                     rel_path_file.find("distribution/") != -1):
                 rel_file_path_set.add(rel_path_file)
 
@@ -30,7 +38,10 @@ def get_build_entries(root_path):
             rel_path_dir = os.path.join(parent_dir_rel_path, dir_name)
             rel_path_dir = rel_path_dir.replace("\\", "/")+"/"
             if rel_path_dir.find("distribution/") == -1:
-                rel_dir_path_set.add(rel_path_dir)
+                if (os.path.islink(rel_path_dir[:-1])):
+                    rel_file_path_set.add(rel_path_dir[:-1])
+                else:
+                    rel_dir_path_set.add(rel_path_dir)
 
     rel_file_path_list = list(rel_file_path_set)
     rel_file_path_list.sort(reverse=True)

diff --git a/configure.in b/configure.in
@@ -3574,15 +3574,12 @@ AC_SUBST(GRE_MILESTONE)
 # set RELEASE_BUILD and NIGHTLY_BUILD variables depending on the cycle we're in
 # The logic works like this:
 # - if we have "a1" in GRE_MILESTONE, we're building Nightly (define NIGHTLY_BUILD)
-# - otherwise, if we have "a" in GRE_MILESTONE, we're building Nightly or Aurora
 # - otherwise, we're building Release/Beta (define RELEASE_BUILD)
 case "$GRE_MILESTONE" in
   *a1*)
       NIGHTLY_BUILD=1
       AC_DEFINE(NIGHTLY_BUILD)
       ;;
-  *a*)
-      ;;
   *)
       RELEASE_BUILD=1
       AC_DEFINE(RELEASE_BUILD)
@@ -6399,6 +6396,31 @@ MOZ_ARG_ENABLE_BOOL(update-packaging,
     MOZ_UPDATE_PACKAGING= )
 AC_SUBST(MOZ_UPDATE_PACKAGING)
 
+dnl ========================================================
+dnl Tor Additions
+dnl ========================================================
+MOZ_ARG_WITH_STRING(tor-browser-version,
+[  --with-tor-browser-version=VERSION
+                          Set Tor Browser version, e.g., 4.0b1],
+    TOR_BROWSER_VERSION="$withval")
+
+MOZ_ARG_ENABLE_BOOL(tor-browser-update,
+[  --enable-tor-browser-update
+                          Enable Tor Browser update],
+    TOR_BROWSER_UPDATE=1,
+    TOR_BROWSER_UPDATE= )
+
+if test -n "$TOR_BROWSER_UPDATE"; then
+    if test -z "$TOR_BROWSER_VERSION"; then
+        AC_MSG_ERROR([--enable-tor-browser-update requires --with-tor-browser-version.])
+    fi
+    AC_DEFINE(TOR_BROWSER_UPDATE)
+fi
+
+AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,"$TOR_BROWSER_VERSION")
+AC_SUBST(TOR_BROWSER_VERSION)
+AC_SUBST(TOR_BROWSER_UPDATE)
+
 dnl ========================================================
 dnl build the tests by default
 dnl ========================================================

diff --git a/js/src/configure.in b/js/src/configure.in
@@ -2784,15 +2784,12 @@ AC_SUBST(GRE_MILESTONE)
 dnl set RELEASE_BUILD and NIGHTLY_BUILD variables depending on the cycle we're in
 dnl The logic works like this:
 dnl - if we have "a1" in GRE_MILESTONE, we're building Nightly (define NIGHTLY_BUILD)
-dnl - otherwise, if we have "a" in GRE_MILESTONE, we're building Nightly or Aurora
 dnl - otherwise, we're building Release/Beta (define RELEASE_BUILD)
 case "$GRE_MILESTONE" in
   *a1*)
       NIGHTLY_BUILD=1
       AC_DEFINE(NIGHTLY_BUILD)
       ;;
-  *a*)
-      ;;
   *)
       RELEASE_BUILD=1
       AC_DEFINE(RELEASE_BUILD)

diff --git a/toolkit/modules/debug.js b/toolkit/modules/debug.js
@@ -41,6 +41,7 @@ this.NS_ASSERT = function NS_ASSERT(condition, message) {
     switch (defB.getCharPref("app.update.channel")) {
       case "nightly":
       case "aurora":
+      case "alpha":
       case "beta":
       case "default":
         releaseBuild = false;

diff --git a/toolkit/mozapps/extensions/moz.build b/toolkit/mozapps/extensions/moz.build
@@ -37,7 +37,7 @@ EXTRA_PP_JS_MODULES += [
     'AddonManager.jsm'
 ]
 
-if CONFIG['MOZ_UPDATE_CHANNEL'] not in ('aurora', 'beta', 'release', 'esr'):
+if CONFIG['MOZ_UPDATE_CHANNEL'] not in ('aurora', 'alpha', 'beta', 'release', 'esr'):
     DEFINES['MOZ_COMPATIBILITY_NIGHTLY'] = 1
 
 # Additional debugging info is exposed in debug builds