Confirm
394
edits
Changes
no edit summary
== Details ==
The file structure in a nut-shell is a header (HEADER), followed by zero or more hash signtures (SIGNATURES), followed by a list of variable length files, and finally ending with an index of the files (INDEX). The index is a list of variable length entries (INDEX_ENTRY).
HEADER
SIGNATURES
''Zero or more of the following:''
4 bytes : Hash Signature ID 4 bytes : length of the signed hash signature that follows N bytes : the signed hash signature as defined below
INDEX
The flags field is used to store file permission bits (in the standard unix-style format).
== Signed hashes Signatures ==
Zero or more signed hashes signatures can be specified. The format signature must be composed of the hash must include all bytes of the MAR fileexcluding the embedded signature itself. The signed hash should be of the format:Sign(Hash([First 4 HEADER bytes][INDEX][INDEX_ENTRY][HEADER's offset to INDEX][Hash IDs if any]))
== Defined Signature IDs ==
ID 1: An SHA1 hash signed with RSA 2048, the first certificate shipped with Firefox must be used.
The updater program will not use a MAR file if one of the known signed hashes do signatures does not verify. If the updater program encounters a Hash Signature ID that it does not know about, it will not verify its hash check the signature, and will proceed onto to the next hashsignature. This is why there exists a "4 bytes : length of the hash" field, so that unknown hash IDs signatures can be skipped.
Some versions of the updater may not apply a MAR file unless a specific hash Signature ID is inside of them.After Firefox 10 updater.exe on Windows will require a hash Signature ID of 1.
== Source Code ==
