The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
The public key pinning implementation is much less complex than the HSTS
implementation, and only needs a small subset of the parameters of the latter.
Furthermore, the information it relies on is static, and so is safe to access
from content processes. This patch separates the two implementations, thus
simplifying both of them and avoiding some unnecessary IPC calls in the
process.
Differential Revision: https://phabricator.services.mozilla.com/D117096
Without exporting org.mozilla.firefox.<profile_name> interface to the session bus
the Firefox cannot use the remote to open the links in the browser which
leads to running another instance showing the app is already running.
Differential Revision: https://phabricator.services.mozilla.com/D115817
Before this patch, getHSTSPreloadList.js would have no more than 250 requests
in flight at any given time. In the past, this limit was 500. After a refactor
that inadvertantly completely removed the limit, it was reduced to 250.
Presumably increasing it to 500 again will not have negative effects and will
allow the script to run faster.
Differential Revision: https://phabricator.services.mozilla.com/D114019
This will tie the version used for CI lints to the version of rust used
for builds on CI.
Bonus point: we can now have rustfmt and clippy on Windows and mac,
which allows to run the corresponding mozlint unit tests on those
platforms.
Differential Revision: https://phabricator.services.mozilla.com/D113905
This patch enables the process-switch test on mozilla-central. It also adds a new field in the raptor manifest to specify whether or not zero-values in vismets can be accepted.
Differential Revision: https://phabricator.services.mozilla.com/D113221
Now that docker images have been upgraded to Debian buster, we can
install a native zstd binary and use tar's native support rather than
relying on piping the output of tar to a python script that uses the
python-zstandard module. At least we can do that for toolchain tasks
that run on such docker images, which also means we can't on Mac and
Windows.
Differential Revision: https://phabricator.services.mozilla.com/D112894
This collects a bunch of fixes for issues exposed by the recent libdav1d
filing including not failing if hg strip has nothing to strip, not
abandoning a revision if we have unclassified failures, fixing external
commit links, easier to read summary, and correct outcome classification.
Differential Revision: https://phabricator.services.mozilla.com/D111470
I have manually pinned the requirements, and partials are working. We'll lose a way to auto-update our dependencies, but a) it's perma-busted, so realistically we're just losing a busted task, and b) mhentges is working on a way to auto-update pinned dependencies in-tree.
Differential Revision: https://phabricator.services.mozilla.com/D110148
Taskcluster secrets are not provided to clients in the same
format that they are set. Rather, the YAML is rendered
to JSON, and it's wrapped in a larger object that also
contains the `expires` timestamp.
Correctly parse the JSON and remove the dependency on `yq`.
Differential Revision: https://phabricator.services.mozilla.com/D109907
To identify regressions and existing exceptions in Sentry, we tag them
with their mach release (the current base revision).
To ensure that Sentry knows the correct order of revisions, we need to
tell it about each one that lands in mozilla-central.
Differential Revision: https://phabricator.services.mozilla.com/D109681
pip-tools 6.0.0 breaks due to a missing importlib-metadata in <py38, plus it removes --index and --no-index from pip-compile. Let's pin our pip-tools version to avoid future bustage like this.
Differential Revision: https://phabricator.services.mozilla.com/D108485
Bug 1694775 had to get a fixup to install the rename utility, that is
not in the base Debian image for buster, while it was there for jessie.
However, we only use rename for a hack when cross-building geckodriver
for Windows, and we don't need to.
Differential Revision: https://phabricator.services.mozilla.com/D106875
Now that all builds use sysroots, we:
- don't need to install -dev packages,
- don't need multi-arch packages,
- don't need workarounds for partial multi-arch awareness,
- however need a few packages that were installed as indirect
dependencies.
While here, we haven't really needed autoconf2.13 since bug 1663863
(except for one job, which switched in bug 1694784)
Differential Revision: https://phabricator.services.mozilla.com/D106357
We don't need the valgrind package for the valgrind.h header anymore,
because it's in the sysroot, and we only needed the package in the build
docker image because of the header. We still do need it in the valgrind
build image, because we run valgrind in the builds using that image.
The valgrind build image Dockerfile doesn't need an update because
valgrind will be pulled through the install of valgrind-dbg that already
happens there.
Differential Revision: https://phabricator.services.mozilla.com/D106355
While here, remove the -dev packages we have in the toolchain sysroot
and thus don't need in the docker image anymore.
Two exceptions: gcc and binutils need to stay on the older docker image,
at least for now.
Differential Revision: https://phabricator.services.mozilla.com/D106325
