We derive the extension ID from the add-on's signature. When the signature is not recognized (e.g. because of bug 1548973), we fall back to manifest.json. But the ID in manifest.json is not required, so we end up believing that some extension packages are not associated with the ID, and delete it [here in `XPIDatabase.jsm`](https://searchfox.org/mozilla-central/rev/06578bfadb5bdc5faee81f7e9b3c3fed21e616e0/toolkit/mozapps/extensions/internal/XPIDatabase.jsm#2516-2519,2523-2524). This affects all add-ons without ID in their manifest.json (i.e. most if not all static themes, and many extensions). Steps to reproduce: 1. Download the XPI for an affected extension, e.g. https://addons.mozilla.org/en-US/firefox/addon/epubreader/ https://addons.mozilla.org/firefox/downloads/file/1753729/epubreader-2.0.8-fx.xpi 2. Prepare a profile directory that is affected by bug 1548973: ``` # Create a new profile directory mkdir profile # Disable the hotfix for bug 1548973 echo 'user_pref("app.normandy.enabled", false);' > profile/user.js # Start Firefox with a past time to be able to install the test extension. faketime '2019-05-04 00:00:00' firefox --no-remote -profile profiledir/ . # Install epubreader.xpi by clicking on it. # Quit Firefox. ``` 3. Look at `profiledir/extensions/` and observe the existence of "{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi" 4. Start Firefox again using the profile above: ``` firefox --no-remote -profile profiledir/ ``` 5. Look at `profiledir/extensions/` for the XPI. 6. Look at the global JS console (Ctrl-Shift-J). Expected: 5. The XPI should still be there. 6. The global JS console is not interesting. Actual: 5. The XPI is gone. 6. The global JS console contains the following (in Firefox 66.0.3): ``` addons.xpi-utils WARN updateMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Incorrect id in install manifest for existing add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F}(resource://gre/modules/addons/XPIDatabase.jsm:2441:15) JS Stack trace: updateMetadata@XPIDatabase.jsm:2441:15 updateExistingAddon@XPIDatabase.jsm:2608:18 processFileChanges@XPIDatabase.jsm:2680:26 checkForChanges@XPIProvider.jsm:2570:34 startup@XPIProvider.jsm:2148:25 callProvider@AddonManager.jsm:203:12 _startProvider@AddonManager.jsm:652:5 startup@AddonManager.jsm:805:9 startup@AddonManager.jsm:2775:5 observe@addonManager.js:66:9 ``` Environment: - ArchLinux - Firefox 66.0.3 - Tested with tmpfs and ext4
Bug 1549129 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
We derive the extension ID from the add-on's signature. When the signature is not recognized (e.g. because of bug 1548973), we fall back to manifest.json. But the ID in manifest.json is not required, so we end up believing that some extension packages are not associated with the ID when we parse the XPI again. When the XPI file has been modified (**this does normally not happen**), we try to update the database based on the disk content, and because we cannot find an ID, we delete the xpi [here in `XPIDatabase.jsm`](https://searchfox.org/mozilla-central/rev/06578bfadb5bdc5faee81f7e9b3c3fed21e616e0/toolkit/mozapps/extensions/internal/XPIDatabase.jsm#2516-2519,2523-2524). Note that any data that the add-on saved is *not lost*, and becomes available again when the user re-installs the add-on. This affects all add-ons without ID in their manifest.json (i.e. most if not all static themes, and many extensions). Steps to reproduce: 1. Download the XPI for an affected extension, e.g. https://addons.mozilla.org/en-US/firefox/addon/epubreader/ https://addons.mozilla.org/firefox/downloads/file/1753729/epubreader-2.0.8-fx.xpi 2. Prepare a profile directory that is affected by bug 1548973: ``` # Create a new profile directory mkdir profile # Disable the hotfix for bug 1548973 echo 'user_pref("app.normandy.enabled", false);' > profile/user.js # Start Firefox with a past time to be able to install the test extension. faketime '2019-05-04 00:00:00' firefox --no-remote -profile profiledir/ . # Install epubreader.xpi by clicking on it. # Quit Firefox. ``` 3. Look at `profiledir/extensions/` and observe the existence of "{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi" 4. Start Firefox again using the profile above: ``` firefox --no-remote -profile profiledir/ ``` 5. Look at `profiledir/extensions/` for the XPI. 6. Look at the global JS console (Ctrl-Shift-J). Expected: 5. The XPI should still be there. 6. The global JS console is not interesting. Actual: 5. The XPI is gone. 6. The global JS console contains the following (in Firefox 66.0.3): ``` addons.xpi-utils WARN updateMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Incorrect id in install manifest for existing add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F}(resource://gre/modules/addons/XPIDatabase.jsm:2441:15) JS Stack trace: updateMetadata@XPIDatabase.jsm:2441:15 updateExistingAddon@XPIDatabase.jsm:2608:18 processFileChanges@XPIDatabase.jsm:2680:26 checkForChanges@XPIProvider.jsm:2570:34 startup@XPIProvider.jsm:2148:25 callProvider@AddonManager.jsm:203:12 _startProvider@AddonManager.jsm:652:5 startup@AddonManager.jsm:805:9 startup@AddonManager.jsm:2775:5 observe@addonManager.js:66:9 ``` Environment: - ArchLinux - Firefox 66.0.3 - Tested with tmpfs and ext4
We derive the extension ID from the add-on's signature. When the signature is not recognized (e.g. because of bug 1548973), we fall back to manifest.json. But the ID in manifest.json is not required, so we end up believing that some extension packages are not associated with the ID when we parse the XPI again. When the XPI file has been modified (**this does normally not happen**), we try to update the database based on the disk content, and because we cannot find an ID, we delete the xpi [here in `XPIDatabase.jsm`](https://searchfox.org/mozilla-central/rev/06578bfadb5bdc5faee81f7e9b3c3fed21e616e0/toolkit/mozapps/extensions/internal/XPIDatabase.jsm#2516-2519,2523-2524). Note that any data that the add-on saved is *not lost*, and becomes available again when the user re-installs the add-on. This affects all add-ons without ID in their manifest.json (i.e. most if not all static themes, and many extensions). Steps to reproduce: 1. Download the XPI for an affected extension, e.g. https://addons.mozilla.org/en-US/firefox/addon/epubreader/ https://addons.mozilla.org/firefox/downloads/file/1753729/epubreader-2.0.8-fx.xpi 2. Prepare a profile directory that is affected by bug 1548973: ``` # Create a new profile directory mkdir profiledir # Disable the hotfix for bug 1548973 echo 'user_pref("app.normandy.enabled", false);' > profiledir/user.js # Start Firefox with a past time to be able to install the test extension. faketime '2019-05-04 00:00:00' firefox --no-remote -profile profiledir/ . # Install epubreader.xpi by clicking on it. # Quit Firefox. ``` 3. Look at `profiledir/extensions/` and observe the existence of "{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi" 4. Start Firefox again using the profile above: ``` firefox --no-remote -profile profiledir/ ``` 5. Look at `profiledir/extensions/` for the XPI. 6. Look at the global JS console (Ctrl-Shift-J). Expected: 5. The XPI should still be there. 6. The global JS console is not interesting. Actual: 5. The XPI is gone. 6. The global JS console contains the following (in Firefox 66.0.3): ``` addons.xpi-utils WARN updateMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Incorrect id in install manifest for existing add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F}(resource://gre/modules/addons/XPIDatabase.jsm:2441:15) JS Stack trace: updateMetadata@XPIDatabase.jsm:2441:15 updateExistingAddon@XPIDatabase.jsm:2608:18 processFileChanges@XPIDatabase.jsm:2680:26 checkForChanges@XPIProvider.jsm:2570:34 startup@XPIProvider.jsm:2148:25 callProvider@AddonManager.jsm:203:12 _startProvider@AddonManager.jsm:652:5 startup@AddonManager.jsm:805:9 startup@AddonManager.jsm:2775:5 observe@addonManager.js:66:9 ``` Environment: - ArchLinux - Firefox 66.0.3 - Tested with tmpfs and ext4