| blob | 467f0b67cd1fbfc9a63cf4a14fe75680bbcf4c3a |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /**
6 * Manifest Format
7 * ---------------
8 *
9 * contents = 1*( line )
10 * line = method LWS *( param LWS ) CRLF
11 * CRLF = "\r\n"
12 * LWS = 1*( " " | "\t" )
13 *
14 * Available methods for the manifest file:
15 *
16 * updatev2.manifest
17 * -----------------
18 * method = "add" | "add-if" | "patch" | "patch-if" | "remove" |
19 * "rmdir" | "rmrfdir" | type
20 *
21 * 'type' is the update type (e.g. complete or partial) and when present MUST
22 * be the first entry in the update manifest. The type is used to support
23 * downgrades by causing the actions defined in precomplete to be performed.
24 *
25 * updatev3.manifest
26 * -----------------
27 * method = "add" | "add-if" | "add-if-not" | "patch" | "patch-if" |
28 * "remove" | "rmdir" | "rmrfdir" | type
29 *
30 * 'add-if-not' adds a file if it doesn't exist.
31 *
32 * precomplete
33 * -----------
34 * method = "remove" | "rmdir"
35 */
42 #include <thread>
43 #include <vector>
45 #include <stdio.h>
46 #include <string.h>
47 #include <stdlib.h>
48 #include <stdarg.h>
50 #include <sys/types.h>
51 #include <sys/stat.h>
52 #include <fcntl.h>
53 #include <limits.h>
54 #include <errno.h>
55 #include <algorithm>
56 #include <memory>
58 #include <config_version.h>
62 #include <onlineupdate/mozilla/Compiler.h>
63 #include <onlineupdate/mozilla/Types.h>
65 #ifdef _WIN32
66 #include <comphelper/windowsStart.hxx>
70 // TODO:moggi taken from the mozilla code -- find a better solution
71 #define INVALID_APPLYTO_DIR_ERROR 74
72 #define REMOVE_FILE_SPEC_ERROR 71
73 #define INVALID_APPLYTO_DIR_STAGED_ERROR 72
75 #endif
78 // Amount of the progress bar to use in each of the 3 update stages,
79 // should total 100.0.
80 #define PROGRESS_PREPARE_SIZE 20.0f
81 #define PROGRESS_EXECUTE_SIZE 75.0f
82 #define PROGRESS_FINISH_SIZE 5.0f
84 // Amount of time in ms to wait for the parent process to close
85 #ifdef _WIN32
86 #define PARENT_WAIT 5000
87 #endif
89 #if defined(MACOSX)
90 // These functions are defined in launchchild_osx.mm
99 struct UpdateServerThreadArgs
100 {
103 };
104 #endif
106 #ifndef SSIZE_MAX
107 # define SSIZE_MAX LONG_MAX
108 #endif
110 // We want to use execv to invoke the callback executable on platforms where
111 // we were launched using execv. See nsUpdateDriver.cpp.
112 #if defined(UNIX) && !defined(MACOSX)
113 #define USE_EXECV
114 #endif
116 #if defined(VERIFY_MAR_SIGNATURE) && !defined(_WIN32) && !defined(MACOSX)
117 #include <nss.h>
118 #include <nspr.h>
119 #endif
121 #ifdef _WIN32
122 #ifdef MAINTENANCE_SERVICE
124 #endif
127 LPCWSTR siblingFilePath,
128 LPCWSTR newFileName);
131 // Closes the handle if valid and if the updater is elevated returns with the
132 // return code specified. This prevents multiple launches of the callback
133 // application by preventing the elevated process from launching the callback.
134 #define EXIT_WHEN_ELEVATED(path, handle, retCode) \
135 { \
136 if (handle != INVALID_HANDLE_VALUE) { \
137 CloseHandle(handle); \
138 } \
139 if (_waccess(path, F_OK) == 0 && NS_tremove(path) != 0) { \
140 LogFinish(); \
141 return retCode; \
142 } \
143 }
144 #endif
146 //-----------------------------------------------------------------------------
148 // This variable lives in libbz2. It's declared in bzlib_private.h, so we just
149 // declare it here to avoid including that entire header file.
150 #if defined __GNUC__
152 #elif defined(__SUNPRO_C) || defined(__SUNPRO_CC)
154 #else
156 #endif
158 static unsigned int
160 {
169 }
171 //-----------------------------------------------------------------------------
173 // A simple stack based container for a FILE struct that closes the
174 // file descriptor from its destructor.
175 class AutoFile
176 {
180 {
181 }
184 {
187 }
190 {
195 }
198 {
200 }
203 {
205 }
209 };
211 struct MARChannelStringTable
212 {
214 {
216 }
219 };
221 //-----------------------------------------------------------------------------
231 #ifdef _WIN32
232 // The current working directory specified in the command line.
237 #endif
245 {
247 {
250 }
252 // skip leading "whitespace"
255 do
256 {
258 {
260 {
263 }
264 }
265 }
269 {
272 }
275 do
276 {
278 {
280 {
284 }
285 }
287 }
292 }
294 #if defined(_WIN32) && defined(MAINTENANCE_SERVICE)
295 static bool
297 {
300 }
301 #endif
303 /**
304 * Converts a relative update path to an absolute path related to the working
305 * or install directory. Allocates a new NS_tchar[] based path!
306 *
307 * @param relpath
308 * The relative path to convert to a full path.
309 * @return valid filesystem full path or nullptr if memory allocation fails.
310 */
313 {
324 c++;
330 }
335 {
337 /*
338 // the algorithm is:
339 // 1.) if userprofile path length is smaller than installation dir,
340 // the profile is surely not in instdir
341 // 2.) else comparing the two paths looking only at the installation dir
342 // characters should yield an equal string
343 NS_tchar userprofile[MAXPATHLEN];
344 NS_tstrcpy(userprofile, gPatchDirPath);
345 NS_tchar *slash = (NS_tchar *) NS_tstrrchr(userprofile, NS_T('/'));
346 if (slash)
347 *slash = NS_T('\0');
349 size_t userprofile_len = NS_tstrlen(userprofile);
350 size_t installdir_len = NS_tstrlen(gInstallDirPath);
352 if (userprofile_len < installdir_len)
353 return false;
355 return NS_tstrncmp(userprofile, gInstallDirPath, installdir_len) == 0;
356 */
357 }
359 }
361 /**
362 * Get a pointer in the absolute path, relative to the working or install
363 * directory. Returns itself, if not absolute or outside of the directory.
364 *
365 * @param abs_path
366 * An absolute path.
367 * return pointer to the location within fullpath where the relative path starts
368 * or fullpath itself if it already looks relative.
369 */
372 {
373 // If the path isn't absolute, just return it as-is.
374 #ifdef _WIN32
376 {
377 #else
379 {
380 #endif
382 }
392 }
394 /**
395 * Gets the platform specific path and performs simple checks to the path. If
396 * the path checks don't pass nullptr will be returned.
397 *
398 * @param line
399 * The line from the manifest that contains the path.
400 * @param isdir
401 * Whether the path is a directory path. Defaults to false.
402 * @return valid filesystem path or nullptr if the path checks fail.
403 */
406 {
409 {
412 }
414 // All paths must be relative from the current working directory
416 {
419 }
421 #ifdef _WIN32
422 // All paths must be relative from the current working directory
424 {
427 }
428 #endif
431 {
432 // Directory paths must have a trailing forward slash.
434 {
438 }
440 // Remove the trailing forward slash because stat on Windows will return
441 // ENOENT if the path has a trailing slash.
443 }
445 // Don't allow relative paths that resolve to a parent directory.
447 {
450 }
453 }
457 {
474 c++;
476 }
479 {
480 #ifdef _WIN32
482 #else
485 {
487 }
488 #endif
489 }
492 {
499 }
501 // Remove the directory pointed to by path and all of its files and sub-directories.
504 {
505 // We use lstat rather than stat here so that we can successfully remove
506 // symlinks.
510 {
511 // This error is benign
513 }
515 {
517 }
524 {
528 }
531 {
534 {
540 {
542 }
543 }
544 }
549 {
553 {
556 }
557 }
559 }
562 {
567 // Make sure the string begins with "r"
571 // Look for "r+" or "r+b"
575 // Look for "rb+"
580 }
583 {
587 {
588 // Don't attempt to modify the file permissions if the file is being opened
589 // in read-only mode.
591 }
593 {
595 {
597 }
599 }
602 {
604 {
606 }
608 }
610 }
612 // Ensure that the directory containing this file exists.
614 {
619 {
622 // Only attempt to create the directory if we're not at the root
624 {
626 // If the directory already exists, then ignore the error.
628 {
632 }
633 else
634 {
636 }
637 }
639 }
641 }
643 #ifdef UNIX
645 {
646 // Copy symlinks by creating a new symlink to the same target
650 {
654 }
657 {
658 LOG(("ensure_copy_symlink: failed to create the new link: " LOG_S ", target: " LOG_S " err: %d",
661 }
663 }
664 #endif
666 // Copy the file named path onto a new file named dest.
668 {
669 #ifdef _WIN32
670 // Fast path for Windows
673 {
677 }
679 #else
683 {
687 }
689 #ifdef UNIX
691 {
693 }
694 #endif
698 {
702 }
705 {
709 }
711 // This block size was chosen pretty arbitrarily but seems like a reasonable
712 // compromise. For example, the optimal block size on a modern macOS machine
713 // is 100k */
720 {
723 {
728 }
733 {
737 {
742 }
745 }
746 }
752 #endif
753 }
756 struct copy_recursive_skiplist
757 {
761 {
763 }
766 {
768 }
771 {
773 {
775 {
777 }
778 }
780 }
781 };
783 // Copy all of the files and subdirectories under path to a new directory named dest.
784 // The path names in the skiplist will be skipped and will not be copied.
788 {
792 {
796 }
798 #ifdef UNIX
800 {
802 }
803 #endif
806 {
808 }
812 {
813 LOG(("ensure_copy_recursive: could not create destination directory: " LOG_S ", rv: %d, err: %d",
816 }
823 {
827 }
830 {
833 {
838 {
840 }
846 {
848 }
849 }
850 }
853 }
855 // Renames the specified file to the new file specified. If the destination file
856 // exists it is removed.
859 {
867 {
871 }
874 {
876 {
880 }
881 else
882 {
884 }
885 }
888 {
890 {
894 }
895 }
898 {
902 }
905 }
907 #ifdef _WIN32
908 // Remove the directory pointed to by path and all of its files and
909 // sub-directories. If a file is in use move it to the tobedeleted directory
910 // and attempt to schedule removal of the file on reboot
912 {
916 {
917 // This error is benign
919 }
922 {
928 {
931 }
932 else
933 {
936 }
938 }
945 {
950 }
953 {
956 {
960 // There is no need to check the return value of this call since this
961 // function is only called after an update is successful and there is not
962 // much that can be done to recover if it isn't successful. There is also
963 // no need to log the value since it will have already been logged.
965 }
966 }
971 {
975 {
978 }
979 }
981 }
982 #endif
984 //-----------------------------------------------------------------------------
986 // Create a backup of the specified file by renaming it.
988 {
994 }
996 // Rename the backup of the specified file that was created by renaming it back
997 // to the original file.
999 {
1009 {
1012 }
1015 }
1017 // Discard the backup of the specified file that was created by renaming it.
1019 {
1028 // Nothing to discard
1030 {
1032 }
1035 #if defined(_WIN32)
1037 {
1042 {
1046 }
1047 // The MoveFileEx call to remove the file on OS reboot will fail if the
1048 // process doesn't have write access to the HKEY_LOCAL_MACHINE registry key
1049 // but this is ok since the installer / uninstaller will delete the
1050 // directory containing the file along with its contents after an update is
1051 // applied, on reinstall, and on uninstall.
1053 {
1056 }
1057 else
1058 {
1061 }
1062 }
1063 #else
1066 #endif
1069 }
1071 // Helper function for post-processing a temporary backup.
1074 {
1077 else
1079 }
1081 //-----------------------------------------------------------------------------
1085 class Action
1086 {
1093 // Do any preprocessing to ensure that the action can be performed. Execute
1094 // will be called if this Action and all others return OK from this method.
1097 // Perform the operation. Return OK to indicate success. After all actions
1098 // have been executed, Finish will be called. A requirement of Execute is
1099 // that its operation be reversible from Finish.
1102 // Finish is called after execution of all actions. If status is OK, then
1103 // all actions were successfully executed. Otherwise, some action failed.
1111 };
1114 {
1127 };
1129 int
1131 {
1132 // format "<deadfile>"
1143 {
1145 }
1148 }
1150 int
1152 {
1153 // Skip the file if it already doesn't exist.
1156 {
1160 }
1164 // Make sure that we're actually a file...
1168 {
1170 errno));
1172 }
1175 {
1178 }
1182 {
1186 }
1187 else
1188 {
1190 }
1193 {
1196 }
1199 }
1201 int
1203 {
1209 // The file is checked for existence here and in Prepare since it might have
1210 // been removed by a separate instruction: bug 311099.
1213 {
1217 }
1219 // Rename the old file. It will be removed in Finish.
1222 {
1225 }
1228 }
1230 void
1232 {
1239 }
1242 {
1255 };
1257 int
1259 {
1260 // format "<deaddir>/"
1271 {
1273 }
1276 }
1278 int
1280 {
1281 // We expect the directory to exist if we are to remove it.
1284 {
1288 }
1292 // Make sure that we're actually a dir.
1296 {
1298 errno));
1300 }
1303 {
1306 }
1310 {
1313 }
1316 }
1318 int
1320 {
1326 // The directory is checked for existence at every step since it might have
1327 // been removed by a separate instruction: bug 311099.
1330 {
1333 }
1336 }
1338 void
1340 {
1346 // The directory is checked for existence at every step since it might have
1347 // been removed by a separate instruction: bug 311099.
1350 {
1353 }
1357 {
1359 {
1362 }
1363 }
1364 }
1367 {
1381 };
1383 int
1385 {
1386 // format "<newfile>"
1397 {
1399 }
1402 }
1404 int
1406 {
1410 }
1412 int
1414 {
1419 // First make sure that we can actually get rid of any existing file.
1422 {
1426 }
1427 else
1428 {
1432 }
1434 #ifdef _WIN32
1438 {
1441 }
1444 #else
1446 #endif
1448 {
1450 }
1452 }
1454 void
1456 {
1458 // When there is an update failure and a file has been added it is removed
1459 // here since there might not be a backup to replace it.
1463 }
1466 {
1468 PatchFile(ArchiveReader& ar) : mPatchFile(nullptr), mPatchIndex(-1), buf(nullptr), mArchiveReader(ar) { }
1486 MBSPatchHeader header;
1489 AutoFile mPatchStream;
1491 };
1496 {
1497 // Make sure mPatchStream gets unlocked on Windows; the system will do that,
1498 // but not until some indeterminate future time, and we want determinism.
1499 // Normally this happens at the end of Execute, when we close the stream;
1500 // this call is here in case Execute errors out.
1501 #ifdef _WIN32
1503 {
1504 UnlockFile((HANDLE)_get_osfhandle(fileno(mPatchStream)), (DWORD)0, (DWORD)0, (DWORD)-1, (DWORD)-1);
1505 }
1506 #endif
1508 // delete the temporary patch file
1514 }
1516 int
1518 {
1522 {
1526 }
1529 {
1533 }
1542 {
1546 {
1550 }
1554 }
1556 // Verify that the contents of the source file correspond to what we expect.
1561 {
1565 }
1568 }
1570 int
1572 {
1573 // format "<patchfile>" "<filetopatch>"
1575 // Get the path to the patch file inside of the mar
1580 // consume whitespace between args
1593 {
1595 }
1598 }
1600 int
1602 {
1605 // extract the patch to a temporary file
1618 #ifdef _WIN32
1619 // Lock the patch file, so it can't be messed with between
1620 // when we're done creating it and when we go to apply it.
1621 if (!LockFile((HANDLE)_get_osfhandle(fileno(mPatchStream)), (DWORD)0, (DWORD)0, (DWORD)-1, (DWORD)-1))
1622 {
1624 // TODO: moggi: fix the build problem with LOCK_ERROR_PATCH_FILE
1626 }
1630 {
1633 }
1636 #else
1638 #endif
1641 }
1643 int
1645 {
1655 #ifdef _WIN32
1657 {
1658 // Read from the copy of the callback when patching since the callback can't
1659 // be opened for reading to prevent the application from being launched.
1661 }
1662 else
1663 {
1665 }
1666 #else
1668 #endif
1671 {
1675 }
1680 {
1683 }
1685 // Rename the destination file if it exists before proceeding so it can be
1686 // used to restore the file to its original state if there is an error.
1690 {
1694 }
1700 #if defined(HAVE_POSIX_FALLOCATE)
1703 #elif defined(_WIN32)
1705 // Creating the file, setting the size, and then closing the file handle
1706 // lessens fragmentation more than any other method tested. Other methods that
1707 // have been tested are:
1708 // 1. _chsize / _chsize_s reduced fragmentation though not completely.
1709 // 2. _get_osfhandle and then setting the size reduced fragmentation though
1710 // not completely. There are also reports of _get_osfhandle failing on
1711 // mingw.
1713 GENERIC_WRITE,
1716 CREATE_ALWAYS,
1717 FILE_ATTRIBUTE_NORMAL,
1721 {
1725 {
1727 }
1729 }
1733 #elif defined(MACOSX)
1735 // Modified code from FileUtils.cpp
1737 // Try to get a continuous chunk of disk space
1740 {
1741 // OK, perhaps we are too fragmented, allocate non-continuous
1744 }
1747 {
1749 }
1750 #else
1752 #endif
1755 {
1757 errno));
1759 }
1761 #ifdef _WIN32
1763 {
1765 }
1766 #endif
1770 // Go ahead and do a bit of cleanup now to minimize runtime overhead.
1771 // Make sure mPatchStream gets unlocked on Windows; the system will do that,
1772 // but not until some indeterminate future time, and we want determinism.
1773 #ifdef _WIN32
1774 UnlockFile((HANDLE)_get_osfhandle(fileno(mPatchStream)), (DWORD)0, (DWORD)0, (DWORD)-1, (DWORD)-1);
1775 #endif
1776 // Set mPatchStream to nullptr to make AutoFile close the file,
1777 // so it can be deleted on Windows.
1784 }
1786 void
1788 {
1792 }
1795 {
1806 };
1810 {
1811 }
1813 int
1815 {
1816 // format "<testfile>" "<newfile>"
1822 // consume whitespace between args
1828 }
1830 int
1832 {
1833 // If the test file does not exist, then skip this action.
1835 {
1838 }
1841 }
1843 int
1845 {
1850 }
1852 void
1854 {
1859 }
1862 {
1873 };
1877 {
1878 }
1880 int
1882 {
1883 // format "<testfile>" "<newfile>"
1889 // consume whitespace between args
1895 }
1897 int
1899 {
1900 // If the test file exists, then skip this action.
1902 {
1905 }
1908 }
1910 int
1912 {
1917 }
1919 void
1921 {
1926 }
1929 {
1940 };
1944 {
1945 }
1947 int
1949 {
1950 // format "<testfile>" "<patchfile>" "<filetopatch>"
1956 // consume whitespace between args
1962 }
1964 int
1966 {
1967 // If the test file does not exist, then skip this action.
1969 {
1972 }
1975 }
1977 int
1979 {
1984 }
1986 void
1988 {
1993 }
1995 //-----------------------------------------------------------------------------
1997 #ifdef _WIN32
1999 /**
2000 * Launch the post update application (helper.exe). It takes in the path of the
2001 * callback application to calculate the path of helper.exe. For service updates
2002 * this is called from both the system account and the current user account.
2003 *
2004 * @param installationDir The path to the callback application binary.
2005 * @param updateInfoDir The directory where update info is stored.
2006 * @return true if there was no error starting the process.
2007 */
2008 bool
2011 {
2015 // TODO: moggi: needs adaptation for LibreOffice
2016 // Most likely we don't have the helper method yet. Check if we really need it.
2018 // Launch helper.exe to perform post processing (e.g. registry and log file
2019 // modifications) for the update.
2023 {
2025 }
2033 {
2035 }
2039 {
2041 }
2044 exeasync,
2046 inifile))
2047 {
2049 }
2051 // Verify that exeFile doesn't contain relative paths
2053 {
2055 }
2060 {
2062 }
2064 #if !defined(TEST_UPDATER) && defined(MAINTENANCE_SERVICE)
2067 {
2069 }
2070 #endif
2074 {
2076 }
2081 {
2083 }
2091 {
2093 }
2101 {
2103 }
2105 // We want to launch the post update helper app to update the Windows
2106 // registry even if there is a failure with removing the uninstall.update
2107 // file or copying the update.log file.
2115 cmdline,
2121 workingDirectory,
2126 {
2128 {
2130 }
2133 }
2135 }
2137 #endif
2139 static void
2144 {
2148 // Run from the specified working directory (see bug 312360). This is not
2149 // necessary on Windows CE since the application that launches the updater
2150 // passes the working directory as an --environ: command line argument.
2152 {
2154 }
2156 #if defined(USE_EXECV)
2160 #elif defined(MACOSX)
2162 #elif defined(_WIN32)
2163 // Do not allow the callback to run when running an update through the
2164 // service as session 0. The unelevated updater.exe will do the launching.
2166 {
2168 }
2169 #else
2171 #endif
2172 }
2174 static bool
2176 {
2178 #if defined(_WIN32)
2179 // The temp file is not removed on failure since there is client code that
2180 // will remove it.
2182 #else
2185 #endif
2187 // Make sure that the directory for the update status file exists
2191 // This is scoped to make the AutoFile close the file so it is possible to
2192 // move the temp file to the update.status file on Windows.
2193 {
2196 {
2198 }
2201 {
2203 }
2204 }
2206 #if defined(_WIN32)
2211 {
2213 }
2214 #endif
2217 }
2219 static void
2221 {
2226 {
2228 {
2230 }
2231 else
2232 {
2234 }
2235 }
2236 else
2237 {
2240 }
2243 }
2245 #ifdef MAINTENANCE_SERVICE
2246 /*
2247 * Read the update.status file and sets isPendingService to true if
2248 * the status is set to pending-service.
2249 *
2250 * @param isPendingService Out parameter for specifying if the status
2251 * is set to pending-service or not.
2252 * @return true if the information was retrieved and it is pending
2253 * or pending-service.
2254 */
2255 static bool
2257 {
2276 }
2277 #endif
2279 #ifdef _WIN32
2280 /*
2281 * Read the update.status file and sets isSuccess to true if
2282 * the status is set to succeeded.
2283 *
2284 * @param isSucceeded Out parameter for specifying if the status
2285 * is set to succeeded or not.
2286 * @return true if the information was retrieved and it is succeeded.
2287 */
2288 static bool
2290 {
2307 }
2308 #endif
2310 /*
2311 * Copy the entire contents of the application installation directory to the
2312 * destination directory for the update process.
2313 *
2314 * @return 0 if successful, an error code otherwise.
2315 */
2316 static int
2318 {
2319 // These files should not be copied over to the updated app
2320 #ifdef _WIN32
2321 #define SKIPLIST_COUNT 4
2322 #elif defined(MACOSX)
2323 #define SKIPLIST_COUNT 1
2324 #else
2325 #define SKIPLIST_COUNT 3
2326 #endif
2338 #ifndef MACOSX
2341 #ifdef _WIN32
2343 #endif
2344 #endif
2347 }
2349 /*
2350 * Replace the application installation directory with the destination
2351 * directory in order to finish a staged update task
2352 *
2353 * @return 0 if successful, an error code otherwise.
2354 */
2355 static int
2357 {
2358 // TODO: moggi: handle the user profile in the installation dir also
2359 // during the replacement request
2360 // The replacement algorithm is like this:
2361 // 1. Move destDir to tmpDir. In case of failure, abort.
2362 // 2. Move newDir to destDir. In case of failure, revert step 1 and abort.
2363 // 3. Delete tmpDir (or defer it to the next reboot).
2365 #ifdef MACOSX
2369 #elif defined(_WIN32)
2370 // Windows preserves the case of the file/directory names. We use the
2371 // GetLongPathName API in order to get the correct case for the directory
2372 // name, so that if the user has used a different case when launching the
2373 // application, the installation directory's name does not change.
2377 {
2379 }
2380 #else
2382 #endif
2388 // First try to remove the possibly existing temp directory, because if this
2389 // directory exists, we will fail to rename destDir.
2390 // No need to error check here because if this fails, we will fail in the
2391 // next step anyways.
2398 #ifdef _WIN32
2399 // On Windows, if Firefox is launched using the shortcut, it will hold a handle
2400 // to its installation directory open, which might not get released in time.
2401 // Therefore we wait a little bit here to see if the handle is released.
2402 // If it's not released, we just fail to perform the replace request.
2406 {
2414 }
2415 #endif
2417 {
2418 // The status file will have 'pending' written to it so there is no value in
2419 // returning an error specific for this failure.
2422 }
2426 {
2431 }
2432 else
2433 {
2436 gWorkingDirPath);
2437 }
2442 #ifdef MACOSX
2444 {
2449 }
2450 #endif
2452 {
2458 {
2460 }
2461 // The status file will be have 'pending' written to it so there is no value
2462 // in returning an error specific for this failure.
2464 }
2467 {
2468 // 1.) calculate path of the user profile in the backup directory
2469 // 2.) move the user profile from the backup to the install directory
2484 {
2486 }
2489 }
2491 #if !defined(_WIN32) && !defined(MACOSX)
2492 // Platforms that have their updates directory in the installation directory
2493 // need to have the last-update.log and backup-update.log files moved from the
2494 // old installation directory to the new installation directory.
2500 {
2506 }
2507 #endif
2512 {
2514 #ifdef _WIN32
2518 // Attempt to remove the tobedeleted directory and then recreate it if it
2519 // was successfully removed.
2522 {
2524 }
2526 #endif
2527 }
2529 #ifdef MACOSX
2530 // On macOS, we need to remove the staging directory after its Contents
2531 // directory has been moved.
2536 #endif
2541 }
2543 #ifdef _WIN32
2544 static void
2546 {
2547 // We wait at most 10 minutes, we already waited 5 seconds previously
2548 // before deciding to show this UI.
2551 }
2552 #endif
2554 #ifdef VERIFY_MAR_SIGNATURE
2555 /**
2556 * This function reads in the ACCEPTED_MAR_CHANNEL_IDS from update-settings.ini
2557 *
2558 * @param path The path to the ini file that is to be read
2559 * @param results A pointer to the location to store the read strings
2560 * @return OK on success
2561 */
2562 static int
2564 {
2565 // TODO: moggi: needs adaptation for LibreOffice
2566 // Check where this function gets its parameters from
2578 }
2579 #endif
2581 static int
2583 {
2589 // add the language packs
2592 {
2595 }
2599 {
2603 {
2605 {
2608 {
2615 }
2616 }
2617 }
2618 }
2620 }
2622 static int
2624 {
2625 #ifdef VERIFY_MAR_SIGNATURE
2626 #ifdef _WIN32
2632 L"SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced Cryptographic Provider v1.0",
2635 {
2638 DWORD type;
2641 {
2643 {
2648 {
2650 }
2651 }
2652 }
2653 }
2654 #endif
2656 #ifdef _WIN32
2658 {
2660 {
2664 }
2666 }
2667 #endif
2671 {
2673 {
2676 // TODO: moggi: needs adaptation for LibreOffice
2677 // These paths need to be adapted for us.
2680 #ifdef MACOSX
2682 #else
2684 #endif
2685 gWorkingDirPath);
2687 MARChannelStringTable MARStrings;
2689 {
2690 // If we can't read from update-settings.ini then we shouldn't impose
2691 // a MAR restriction. Some installations won't even include this file.
2693 }
2696 LIBO_VERSION_DOTTED);
2697 }
2698 }
2699 #endif
2702 }
2704 static void
2706 {
2707 // open ZIP archive and process...
2710 {
2712 }
2713 else
2714 {
2719 {
2720 ArchiveReader archiveReader;
2723 {
2726 }
2730 {
2733 }
2734 }
2737 {
2739 }
2742 {
2744 {
2745 ArchiveReader archiveReader;
2748 }
2754 }
2755 }
2758 {
2759 #ifdef _WIN32
2760 // On Windows, the current working directory of the process should be changed
2761 // so that it's not locked.
2763 {
2766 {
2768 }
2769 }
2770 #endif
2772 // When attempting to replace the application, we should fall back
2773 // to non-staged updates in case of a failure. We do this by
2774 // setting the status to pending, exiting the updater, and
2775 // launching the callback application. The callback application's
2776 // startup path will see the pending status, and will start the
2777 // updater application again in order to apply the update without
2778 // staging.
2780 {
2782 }
2783 else
2784 {
2786 }
2787 #ifdef TEST_UPDATER
2788 // Some tests need to use --test-process-updates again.
2790 #endif
2791 }
2792 else
2793 {
2795 {
2797 }
2798 else
2799 {
2800 #ifdef MACOSX
2801 // If the update was successful we need to update the timestamp on the
2802 // top-level macOS bundle directory so that macOS's Launch Services
2803 // picks up any major changes when the bundle is updated.
2805 {
2807 }
2808 #endif
2811 }
2813 }
2817 }
2819 #ifdef MACOSX
2820 static void
2822 {
2826 {
2828 }
2830 }
2833 {
2835 {
2837 }
2839 }
2840 #endif
2843 int callbackIndex
2844 #ifdef _WIN32
2846 , HANDLE updateLockFileHandle
2847 #elif defined(MACOSX)
2849 #endif
2850 )
2851 {
2853 {
2854 #if defined(_WIN32)
2856 {
2858 {
2860 }
2862 // The service update will only be executed if it is already installed.
2863 // For first time installs of the service, the install will happen from
2864 // the PostUpdate process. We do the service update process here
2865 // because it's possible we are updating with updater.exe without the
2866 // service if the service failed to apply the update. We want to update
2867 // the service to a newer version in that case. If we are not running
2868 // through the service, then USING_SERVICE will not exist.
2870 {
2872 }
2873 }
2875 #elif defined(MACOSX)
2877 {
2879 {
2881 }
2882 #endif
2887 sUsingService);
2888 #ifdef XP_MACOSX
2891 }
2893 }
2896 {
2897 // The callback is the remaining arguments starting at callbackIndex.
2898 // The argument specified by callbackIndex is the callback executable and the
2899 // argument prior to callbackIndex is the working directory.
2902 #ifdef MACOSX
2903 // TODO: moggi: needs adaptation for LibreOffice
2907 {
2909 {
2910 // Won't actually get here because ObtainUpdaterArguments will terminate
2911 // the current process on failure.
2913 }
2914 }
2915 #endif
2917 #if defined(VERIFY_MAR_SIGNATURE) && !defined(_WIN32) && !defined(MACOSX)
2918 // On Windows and Mac we rely on native APIs to do verifications so we don't
2919 // need to initialize NSS at all there.
2920 // Otherwise, minimize the amount of NSS we depend on by avoiding all the NSS
2921 // databases.
2923 {
2925 {
2930 }
2931 }
2932 #endif
2934 #ifdef MACOSX
2936 {
2937 #endif
2939 #ifdef MACOSX
2940 }
2941 #endif
2943 // To process an update the updater command line must at a minimum have the
2944 // directory path containing the updater.mar file to process as the first
2945 // argument, the install directory as the second argument, and the directory
2946 // to apply the update to as the third argument. When the updater is launched
2947 // by another process the PID of the parent process should be provided in the
2948 // optional fourth argument and the updater will wait on the parent process to
2949 // exit if the value is non-zero and the process is present. This is necessary
2950 // due to not being able to update files that are in use on Windows. The
2951 // optional fifth argument is the callback's working directory and the
2952 // optional sixth argument is the callback path. The callback is the
2953 // application to launch after updating and it will be launched when these
2954 // arguments are provided whether the update was successful or not. All
2955 // remaining arguments are optional and are passed to the callback when it is
2956 // launched.
2958 {
2959 fprintf(stderr, "Usage: updater patch-dir install-dir apply-to-dir [wait-pid [callback-working-dir callback-path args...]]\n");
2960 #ifdef MACOSX
2962 {
2965 }
2966 #endif
2968 }
2970 // The directory containing the update information.
2973 // The directory we're going to update to.
2974 // We copy this string because we need to remove trailing slashes. The C++
2975 // standard says that it's always safe to write to strings pointed to by argv
2976 // elements, but I don't necessarily believe it.
2981 {
2983 }
2985 #ifdef _WIN32
2990 // We never want the service to be used unless we build with
2991 // the maintenance service.
2992 #ifdef MAINTENANCE_SERVICE
2994 // Our tests run with a different apply directory for each test.
2995 // We use this registry key on our test slaves to store the
2996 // allowed name/issuers.
2998 #endif
3000 // Remove everything except close window from the context menu
3001 {
3002 // TODO: moggi: needs adaptation for LibreOffice
3012 {
3017 }
3018 }
3019 #endif
3021 // If there is a PID specified and it is not '0' then wait for the process to exit.
3022 #ifdef _WIN32
3024 #else
3026 #endif
3028 {
3029 #ifdef _WIN32
3031 #else
3033 #endif
3035 {
3036 // This is a signal from the parent process that the updater should stage
3037 // the update.
3039 }
3041 {
3042 // We're processing a request to replace the application with a staged
3043 // update.
3045 }
3046 }
3048 // The directory we're going to update to.
3049 // We copy this string because we need to remove trailing slashes. The C++
3050 // standard says that it's always safe to write to strings pointed to by argv
3051 // elements, but I don't necessarily believe it.
3056 {
3058 }
3060 #ifdef MACOSX
3062 {
3063 // If the app directory isn't recursively writeable, an elevated update is
3064 // required.
3065 UpdateServerThreadArgs threadArgs;
3069 Thread t1;
3071 {
3072 // Show an indeterminate progress bar while an elevated update is in
3073 // progress.
3075 }
3080 }
3081 #endif
3086 {
3088 #ifdef MACOSX
3090 {
3093 }
3094 #endif
3096 }
3099 {
3101 }
3103 {
3105 }
3111 #ifdef _WIN32
3113 {
3115 {
3121 }
3128 {
3133 }
3136 {
3142 }
3143 }
3144 #endif
3147 #ifdef _WIN32
3149 {
3151 // May return nullptr if the parent process has already gone away.
3152 // Otherwise, wait for the parent process to exit before starting the
3153 // update.
3155 {
3161 }
3162 }
3163 #else
3166 #endif
3168 #if defined(_WIN32)
3169 #ifdef MAINTENANCE_SERVICE
3172 #endif
3173 // lastFallbackError keeps track of the last error for the service not being
3174 // used, in case of an error when fallback is not enabled we write the
3175 // error to the update.status file.
3176 // When fallback is disabled (MOZ_NO_SERVICE_FALLBACK does not exist) then
3177 // we will instead fallback to not using the service and display a UAC prompt.
3180 // Launch a second instance of the updater with the runas verb on Windows
3181 // when write access is denied to the installation directory.
3186 {
3189 {
3190 // When staging an update, the lock file is:
3191 // <install_dir>\updated.update_in_progress.lock
3195 }
3197 {
3198 // When processing a replace request, the lock file is:
3199 // <install_dir>\..\moz_update_in_progress.lock
3207 }
3208 else
3209 {
3210 // In the non-staging update case, the lock file is:
3211 // <install_dir>\<app_name>.exe.update_in_progress.lock
3215 }
3217 // The update_in_progress.lock file should only exist during an update. In
3218 // case it exists attempt to remove it and exit if that fails to prevent
3219 // simultaneous updates occurring.
3222 {
3223 // Try to fall back to the old way of doing updates if a staged
3224 // update fails.
3226 {
3227 // Note that this could fail, but if it does, there isn't too much we
3228 // can do in order to recover anyways.
3230 }
3233 }
3239 OPEN_ALWAYS,
3240 FILE_FLAG_DELETE_ON_CLOSE,
3247 // Even if a file has no sharing access, you can still get its attributes
3251 // If we're running from the service, then we were started with the same
3252 // token as the service so the permissions are already dropped. If we're
3253 // running from an elevated updater that was started from an unelevated
3254 // updater, then we drop the permissions here. We do not drop the
3255 // permissions on the originally called updater because we use its token
3256 // to start the callback application.
3258 {
3259 // Disable every privilege we don't need. Processes started using
3260 // CreateProcess will use the same token as this process.
3262 }
3266 {
3269 {
3272 }
3274 HANDLE elevatedFileHandle;
3279 OPEN_ALWAYS,
3280 FILE_FLAG_DELETE_ON_CLOSE,
3284 {
3287 }
3291 {
3294 }
3296 // Make sure the path to the updater to use for the update is on local.
3297 // We do this check to make sure that file locking is available for
3298 // race condition security checks.
3300 {
3303 }
3305 // If we have unprompted elevation we should NOT use the service
3306 // for the update. Service updates happen with the SYSTEM account
3307 // which has more privs than we need to update with.
3308 // Windows 8 provides a user interface so users can configure this
3309 // behavior and it can be configured in the registry in all Windows
3310 // versions that support UAC.
3312 {
3313 BOOL unpromptedElevation;
3315 {
3317 }
3318 }
3320 // Make sure the service registry entries for the installation path
3321 // are available. If not don't use the service.
3323 {
3325 // TODO: moggi: needs adaptation for LibreOffice
3326 // Most likely the registry part is not correct yet
3328 maintenanceServiceKey))
3329 {
3335 {
3337 }
3338 else
3339 {
3340 #ifdef TEST_UPDATER
3342 #endif
3344 {
3346 }
3347 }
3348 }
3349 else
3350 {
3353 }
3354 }
3356 // Originally we used to write "pending" to update.status before
3357 // launching the service command. This is no longer needed now
3358 // since the service command is launched from updater.exe. If anything
3359 // fails in between, we can fall back to using the normal update process
3360 // on our own.
3362 // If we still want to use the service try to launch the service
3363 // command for the update.
3365 {
3366 // If the update couldn't be started, then set useService to false so
3367 // we do the update the old way.
3370 // If the command was launched then wait for the service to be done.
3372 {
3374 // Never show the progress UI when staging updates.
3376 {
3377 // We need to call this separately instead of allowing ShowProgressUI
3378 // to initialize the strings because the service will move the
3379 // ini file out of the way when running updater.
3381 }
3383 // Wait for the service to stop for 5 seconds. If the service
3384 // has still not stopped then show an indeterminate progress bar.
3387 {
3390 {
3392 }
3394 }
3398 {
3399 // If the service doesn't stop after 10 minutes there is
3400 // something seriously wrong.
3403 }
3404 }
3405 else
3406 {
3408 }
3409 }
3411 // If the service can't be used when staging and update, make sure that
3412 // the UAC prompt is not shown! In this case, just set the status to
3413 // pending and the update will be applied during the next startup.
3415 {
3417 {
3419 }
3422 }
3424 // If we started the service command, and it finished, check the
3425 // update.status file to make sure it succeeded, and if it did
3426 // we need to manually start the PostUpdate process from the
3427 // current user's session of this unelevated updater.exe the
3428 // current process is running as.
3429 // Note that we don't need to do this if we're just staging the update,
3430 // as the PostUpdate step runs when performing the replacing in that case.
3432 {
3435 updateStatusSucceeded)
3436 {
3438 {
3441 }
3442 }
3443 }
3445 // If we didn't want to use the service at all, or if an update was
3446 // already happening, or launching the service command failed, then
3447 // launch the elevated updater.exe as we do without the service.
3448 // We don't launch the elevated updater in the case that we did have
3449 // write access all along because in that case the only reason we're
3450 // using the service is because we are testing.
3453 {
3454 SHELLEXECUTEINFO sinfo;
3458 SEE_MASK_FLAG_DDEWAIT |
3459 SEE_MASK_NOCLOSEPROCESS;
3470 {
3473 }
3474 else
3475 {
3477 }
3478 }
3481 {
3484 }
3490 {
3491 // We didn't use the service and we did run the elevated updater.exe.
3492 // The elevated updater.exe is responsible for writing out the
3493 // update.status file.
3495 }
3497 {
3498 // The service command was launched. The service is responsible for
3499 // writing out the update.status file.
3501 {
3503 }
3505 }
3506 else
3507 {
3508 // Otherwise the service command was not launched at all.
3509 // We are only reaching this code path because we had write access
3510 // all along to the directory and a fallback key existed, and we
3511 // have fallback disabled (MOZ_NO_SERVICE_FALLBACK env var exists).
3512 // We only currently use this env var from XPCShell tests.
3516 }
3517 }
3518 }
3519 #endif
3522 {
3523 // When staging updates, blow away the old installation directory and create
3524 // it from scratch.
3526 }
3528 {
3529 // Try to create the destination directory if it doesn't exist
3532 {
3533 #ifdef MACOSX
3535 {
3538 }
3539 #endif
3541 }
3542 }
3544 #ifdef _WIN32
3545 // For replace requests, we don't need to do any real updates, so this is not
3546 // necessary.
3548 {
3549 // Allocate enough space for the length of the path an optional additional
3550 // trailing slash and null termination.
3551 NS_tchar *destpath = (NS_tchar *) malloc((NS_tstrlen(gWorkingDirPath) + 2) * sizeof(NS_tchar));
3560 {
3563 }
3565 c++;
3568 }
3573 {
3579 {
3582 }
3584 }
3588 {
3589 // If the callback executable is specified it must exist for a successful
3590 // update. It is important we null out the whole buffer here because later
3591 // we make the assumption that the callback application is inside the
3592 // apply-to dir. If we don't have a fully null'ed out buffer it can lead
3593 // to stack corruption which causes crashes and other problems.
3600 {
3601 // In case of replace requests, we should look for the callback file in
3602 // the destination directory.
3604 gInstallDirPath,
3617 bufferLeft--;
3622 installDir,
3627 }
3630 {
3636 {
3640 sUsingService);
3641 }
3643 }
3645 // Doing this is only necessary when we're actually applying a patch.
3647 {
3651 // advance to the apply to directory and advance past the trailing backslash
3652 // if present.
3657 // Copy the string and replace backslashes with forward slashes along the
3658 // way.
3659 do
3660 {
3663 else
3667 }
3672 // Make a copy of the callback executable so it can be read when patching.
3678 {
3684 {
3686 }
3687 else
3688 {
3690 }
3696 sUsingService);
3698 }
3700 // Since the process may be signaled as exited by WaitForSingleObject before
3701 // the release of the executable image try to lock the main executable file
3702 // multiple times before giving up. If we end up giving up, we won't
3703 // fail the update.
3707 do
3708 {
3709 // By opening a file handle without FILE_SHARE_READ to the callback
3710 // executable, the OS will prevent launching the process while it is
3711 // being updated.
3714 // allow delete, rename, and write
3726 }
3729 // CreateFileW will fail if the callback executable is already in use.
3731 {
3732 // Only fail the update if the last error was not a sharing violation.
3734 {
3739 {
3741 }
3742 else
3743 {
3745 }
3752 sUsingService);
3754 }
3758 }
3759 }
3760 }
3762 // DELETE_DIR is not required when performing a staged update or replace
3763 // request; it can be used during a replace request but then it doesn't
3764 // use gDeleteDirPath.
3766 {
3767 // The directory to move files that are in use to on Windows. This directory
3768 // will be deleted after the update is finished, on OS reboot using
3769 // MoveFileEx if it contains files that are in use, or by the post update
3770 // process after the update finishes. On Windows when performing a normal
3771 // update (e.g. the update is not a staged update and is not a replace
3772 // request) gWorkingDirPath is the same as gInstallDirPath and
3773 // gWorkingDirPath is used because it is the destination directory.
3779 {
3781 }
3782 }
3785 // Run update process on a background thread. ShowProgressUI may return
3786 // before QuitProgressUI has been called, so wait for UpdateThreadFunc to
3787 // terminate. Avoid showing the progress UI when staging an update, or if this
3788 // is an elevated process on OSX.
3791 #ifdef XP_MACOSX
3792 && !isElevated
3793 #endif
3794 )
3795 {
3797 }
3800 #ifdef _WIN32
3802 {
3804 {
3806 }
3807 // Remove the copy of the callback executable.
3809 }
3812 {
3815 // The directory probably couldn't be removed due to it containing files
3816 // that are in use and will be removed on OS reboot. The call to remove the
3817 // directory on OS reboot is done after the calls to remove the files so the
3818 // files are removed first on OS reboot since the directory must be empty
3819 // for the directory removal to be successful. The MoveFileEx call to remove
3820 // the directory on OS reboot will fail if the process doesn't have write
3821 // access to the HKEY_LOCAL_MACHINE registry key but this is ok since the
3822 // installer / uninstaller will delete the directory along with its contents
3823 // after an update is applied, on reinstall, and on uninstall.
3825 {
3827 DELETE_DIR));
3828 }
3829 else
3830 {
3833 }
3834 }
3838 #ifdef MACOSX
3839 // When the update is successful remove the precomplete file in the root of
3840 // the application bundle and move the distribution directory from
3841 // Contents/MacOS to Contents/Resources and if both exist delete the
3842 // directory under Contents/MacOS (see Bug 1068439).
3844 {
3855 {
3861 {
3866 {
3868 }
3869 }
3870 else
3871 {
3876 {
3879 }
3880 }
3881 }
3882 }
3885 {
3889 }
3891 {
3892 // If the group ownership of the Firefox .app bundle was set to the "admin"
3893 // group during a previous elevated update, we need to ensure that all files
3894 // in the bundle have group ownership of "admin" as well as write permission
3895 // for the group to not break updates in the future.
3897 }
3903 #ifdef _WIN32
3904 , elevatedLockFilePath
3905 , updateLockFileHandle
3906 #elif defined(MACOSX)
3907 , isElevated
3908 #endif
3909 );
3912 }
3914 class ActionList
3915 {
3929 };
3932 {
3935 {
3939 }
3940 }
3942 void
3944 {
3947 else
3951 mCount++;
3952 }
3954 int
3956 {
3957 // If the action list is empty then we should fail in order to signal that
3958 // something has gone wrong. Otherwise we report success when nothing is
3959 // actually done. See bug 327140.
3961 {
3964 }
3969 {
3978 }
3981 }
3983 int
3985 {
3989 {
3992 }
3996 {
3999 {
4002 }
4010 }
4013 }
4015 void
4017 {
4021 {
4026 PROGRESS_EXECUTE_SIZE +
4030 }
4034 }
4037 #ifdef _WIN32
4039 {
4041 WIN32_FIND_DATAW finddata;
4042 HANDLE hFindFile;
4052 {
4053 do
4054 {
4055 // Don't process the current or parent directory.
4063 {
4066 // Recurse into the directory.
4069 {
4072 }
4073 }
4074 else
4075 {
4076 // Add the file to be removed to the ActionList.
4084 {
4088 }
4092 }
4093 }
4097 {
4098 // Add the directory to be removed to the ActionList.
4108 else
4111 }
4112 }
4115 }
4117 #elif defined(__sun)
4119 {
4122 struct
4123 {
4124 dirent dent_buffer;
4132 {
4134 errno));
4136 }
4139 {
4149 {
4152 }
4154 {
4157 // Recurse into the directory.
4160 {
4164 }
4165 }
4166 else
4167 {
4168 // Add the file to be removed to the ActionList.
4171 {
4174 }
4179 {
4184 }
4187 }
4188 }
4191 // Add the directory to be removed to the ActionList.
4199 {
4202 }
4203 else
4204 {
4206 }
4209 }
4211 #else
4214 {
4220 // Remove the trailing slash so the paths don't contain double slashes. The
4221 // existence of the slash has already been checked in DoUpdate.
4225 // FTS_NOCHDIR is used so relative paths from the destination directory are
4226 // returned.
4233 {
4239 {
4240 // Filesystem objects that shouldn't be in the application's directories
4248 // Files
4251 // Add the file to be removed to the ActionList.
4256 {
4259 }
4267 // Directories
4270 // Add the directory to be removed to the ActionList.
4275 {
4278 }
4287 // Errors
4290 // ENOENT is an acceptable error for FTS_DNR and FTS_NS and means that
4291 // we're racing with ourselves. Though strange, the entry will be
4292 // removed anyway.
4294 {
4297 }
4298 // Fall through
4313 // FTS_D is ignored and FTS_DP is used instead (post-order).
4316 }
4320 }
4325 }
4326 #endif
4330 {
4333 {
4336 }
4341 {
4344 }
4353 {
4357 {
4361 }
4365 }
4369 #ifndef _WIN32
4371 #else
4374 {
4377 }
4381 {
4386 }
4390 #endif
4391 }
4394 {
4395 #ifdef MACOSX
4398 #else
4401 #endif
4405 {
4408 // Applications aren't required to have a precomplete manifest. The mar
4409 // generation scripts enforce the presence of a precomplete manifest.
4411 }
4416 {
4417 // skip comments
4423 {
4426 }
4430 {
4432 }
4434 {
4436 }
4438 {
4440 }
4441 else
4442 {
4445 }
4455 }
4458 }
4461 {
4468 // extract the manifest
4469 // TODO: moggi: needs adaptation for LibreOffice
4470 // Why would we need the manifest? Even if we need it why would we need 2?
4473 {
4476 {
4479 }
4480 }
4485 {
4488 }
4490 ActionList list;
4495 {
4496 // skip comments
4502 {
4505 }
4508 {
4510 // The update manifest isn't required to have a type declaration. The mar
4511 // generation scripts enforce the presence of the type declaration.
4513 {
4517 {
4521 }
4523 }
4524 }
4528 {
4530 }
4532 {
4534 }
4536 {
4549 }
4551 {
4553 }
4555 {
4557 }
4559 {
4561 }
4563 {
4565 }
4567 {
4569 }
4570 else
4571 {
4574 }
4584 }
4594 }