commit b9aecf44142c7874de51bd29abdcd40dcf3e6cb2 Author: Igor Oliveira igt0@torproject.org Date: Mon Aug 20 16:33:16 2018 -0300
Bug 27220 - Don't verify signature for Tor Button
Tor Browser for Desktop has a similar logic. --- toolkit/mozapps/extensions/internal/XPIInstall.jsm | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm index 659d97616dc6..17fa45514063 100644 --- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm +++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm @@ -1029,6 +1029,10 @@ function getSignedStatus(aRv, aCert, aAddonID) { }
function shouldVerifySignedState(aAddon) { + if (aAddon.id === "torbutton@torproject.org") { + return false; + } + // Updated system add-ons should always have their signature checked if (aAddon._installLocation.name == KEY_APP_SYSTEM_ADDONS) return true;