Kaydet (Commit) 6de75d13 authored tarafından Markus Mohrhard's avatar Markus Mohrhard

updater: get the signature verification working on Windows

The updater itself does not link to NSS on Windows and instead uses the
Windows-internal crypto libraries. However the mar executable needs to
link against NSS, so we need to split the code a bit.

Change-Id: Iea61c716aa507a876fdb444eb28ad828bdea18bd
Reviewed-on: https://gerrit.libreoffice.org/40608Reviewed-by: 's avatarMarkus Mohrhard <markus.mohrhard@googlemail.com>
Tested-by: 's avatarMarkus Mohrhard <markus.mohrhard@googlemail.com>
üst 2539702f
......@@ -18,13 +18,9 @@ $(eval $(call gb_Executable_set_include,mar,\
$(eval $(call gb_Executable_use_static_libraries,mar,\
libmar \
libmarverify \
))
$(eval $(call gb_Executable_use_externals,mar,\
nss3 \
))
ifeq ($(OS),WNT)
$(eval $(call gb_Executable_add_libs,mar,\
ws2_32.lib \
......@@ -32,9 +28,13 @@ $(eval $(call gb_Executable_add_libs,mar,\
))
endif
$(eval $(call gb_Executable_use_externals,mar,\
nss3 \
))
$(eval $(call gb_Executable_add_defs,mar,\
-DMAR_NSS \
-DUNICODE \
-DMAR_NSS \
))
$(eval $(call gb_Executable_add_defs,mar,\
......
......@@ -19,12 +19,17 @@ $(eval $(call gb_Executable_set_include,updater,\
$(eval $(call gb_Executable_use_custom_headers,updater,onlineupdate/generated))
$(eval $(call gb_Executable_use_static_libraries,updater,\
libmar \
libmar \
libmarverify \
updatehelper \
$(if $(filter WNT,$(OS)), \
winhelper )\
))
$(eval $(call gb_Executable_use_externals,updater,\
bzip2 \
))
ifeq ($(OS),WNT)
$(eval $(call gb_Executable_add_libs,updater,\
Ws2_32.lib \
......@@ -32,8 +37,26 @@ $(eval $(call gb_Executable_add_libs,updater,\
Comctl32.lib \
Shell32.lib \
Shlwapi.lib \
Crypt32.lib \
))
$(eval $(call gb_Executable_add_defs,updater,\
-DVERIFY_MAR_SIGNATURE \
-DUNICODE \
))
else
$(eval $(call gb_Executable_add_defs,updater,\
-DVERIFY_MAR_SIGNATURE \
-DNSS3 \
))
$(eval $(call gb_Executable_use_externals,updater,\
nss3 \
gtk \
))
$(eval $(call gb_Executable_add_libs,updater,\
-lX11 \
-lXext \
......@@ -44,19 +67,6 @@ $(eval $(call gb_Executable_add_libs,updater,\
))
endif
$(eval $(call gb_Executable_use_externals,updater,\
bzip2 \
nss3 \
$(if $(filter LINUX,$(OS)), \
gtk )\
))
$(eval $(call gb_Executable_add_defs,updater,\
-DVERIFY_MAR_SIGNATURE \
-DNSS3 \
-DUNICODE \
))
$(eval $(call gb_Executable_add_exception_objects,updater,\
onlineupdate/source/update/updater/xpcom/glue/nsVersionComparator \
onlineupdate/source/update/updater/archivereader \
......
......@@ -13,6 +13,7 @@ $(eval $(call gb_Module_Module,onlineupdate))
ifneq ($(ENABLE_ONLINE_UPDATE_MAR),)
$(eval $(call gb_Module_add_targets,onlineupdate,\
StaticLibrary_libmar \
StaticLibrary_libmarverify \
StaticLibrary_updatehelper \
$(if $(filter WNT,$(OS)),\
Executable_update_service \
......
......@@ -11,6 +11,8 @@ The source/service directory contains the code for the silent windows updater th
== NOTE ==
The updater executable should not depend on any other dynamic library in the LibreOffice installation as we would need to copy that one also to a temporary directory during update. We can't update any library or executable that is currently in use. For the updater executable we solve this problem by copying the updater before using it to a temporary directory.
On Windows we use the system to provide us with a crypto library whereas on Linux we use NSS.
== Update procedure ==
The updater executable is run two times. In a first run, the current installation is copied to a "update" directory and the update is applied in this "update" directory. During the next run, a replacement request is executed. The replacement request removes the old installation directory and replaces it with the content of the "update" directory.
......
......@@ -15,19 +15,17 @@ $(eval $(call gb_StaticLibrary_set_include,libmar,\
))
$(eval $(call gb_StaticLibrary_add_defs,libmar,\
-DMAR_NSS \
))
$(eval $(call gb_StaticLibrary_use_externals,libmar,\
nss3 \
-DUNICODE \
))
$(eval $(call gb_StaticLibrary_add_cobjects,libmar,\
onlineupdate/source/libmar/src/mar_create \
onlineupdate/source/libmar/src/mar_extract \
onlineupdate/source/libmar/src/mar_read \
onlineupdate/source/libmar/verify/mar_verify \
onlineupdate/source/libmar/verify/cryptox \
))
$(eval $(call gb_StaticLibrary_use_static_libraries,\
libmarverify \
))
# vim:set shiftwidth=4 tabstop=4 noexpandtab: */
# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
#
# This file is part of the LibreOffice project.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
$(eval $(call gb_StaticLibrary_StaticLibrary,libmarverify))
$(eval $(call gb_StaticLibrary_set_include,libmarverify,\
-I$(SRCDIR)/onlineupdate/source/libmar/src/ \
$$(INCLUDE) \
))
ifeq ($(OS),WNT)
$(eval $(call gb_StaticLibrary_add_defs,libmarverify,\
-DUNICODE \
))
else
$(eval $(call gb_StaticLibrary_add_defs,libmar,\
-DMAR_NSS \
))
$(eval $(call gb_StaticLibrary_use_externals,libmarverify,\
nss3 \
))
endif
$(eval $(call gb_StaticLibrary_add_cobjects,libmarverify,\
onlineupdate/source/libmar/verify/mar_verify \
onlineupdate/source/libmar/verify/cryptox \
))
# vim:set shiftwidth=4 tabstop=4 noexpandtab: */
......@@ -8,7 +8,7 @@ all : call
unpack:
@echo "Unpacking the updater test project"
@rm -r $(UPDATER_DIR) || true
@mkdir -p $(WORKDIR)/updater/
@mkdir -p $(UPDATER_DIR)
@unzip single_step.zip -d $(WORKDIR)/updater > /dev/null
@mkdir -p $(UPDATER_DIR)/patch
......
......@@ -11,13 +11,13 @@
#include <stdlib.h>
#include "cryptox.h"
#if defined(MAR_NSS)
#ifdef _WIN32
#pragma warning(push)
#pragma warning(disable: 4204)
#endif
#if defined(MAR_NSS)
/**
* Loads the public key for the specified cert name from the NSS store.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment