Closed
Bug 1012705
Opened 10 years ago
Closed 8 years ago
BetaChannel support for provisioning devices to new channels
Categories
(DevTools Graveyard :: WebIDE, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ozten, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(5 files, 1 obsolete file)
BetaFox [1] is a new project to make testing privileged apps easier. A FxOS device must be provisioned with a new certificate database as well as an update to a preference in user.js. Currently this is done over adb with shell scripts. App Manager would make this very nice. As discussed with Paul and Axel, we will use this bug for mockup and code to coordinate implementing this in the App Manager. [1] https://wiki.mozilla.org/Mobile/Projects/BetaFox
Reporter | ||
Comment 1•10 years ago
|
||
Default State - Mozilla Marketplace is the trusted channel by default.
Reporter | ||
Comment 2•10 years ago
|
||
BetaFox Provisioned - Device is ready for testing
Reporter | ||
Comment 3•10 years ago
|
||
Example Channel - After adding an example channel, the new channel is listed (Mockup is as though we were on Default and then used the Add Trusted Channel form)
Reporter | ||
Comment 4•10 years ago
|
||
Very early sketch of the code, not tested. I'll keep working on this in an Addon, but wanted to share early in case this is enough to get you going.
Attachment #8424879 -
Flags: feedback?(paul)
Reporter | ||
Comment 5•10 years ago
|
||
Requirements: 1) Given a endpoint (http://betafox.mozilla.org) provision a device by updating the certificate db and updating * cert9.db, key4.db, and pkcs11.txt copied under /b2g/mozilla/${profile} * /system/b2g/defaults/pref/user.js update dom.mozApps.signed_apps_installable_from ${profile} is the directory with a random name that ends in ".default" Reboot the device 2) When provisioning, backup the existing files and value of dom.mozApps.signed_apps_installable_from to a restore location 3) Allow restoring default certificate dbs and user.js pref value 4) UI - Allow adding new Trusted Channels to the App Manager "Distribution Channels" panel
Reporter | ||
Comment 6•10 years ago
|
||
Fixes paths, moved into a file I can test from a sample SDK based Add-on.
Attachment #8424879 -
Attachment is obsolete: true
Attachment #8424879 -
Flags: feedback?(paul)
Attachment #8424939 -
Flags: review?(paul)
Reporter | ||
Comment 7•10 years ago
|
||
Basic Addon adds context menu 'Test Provisioning' item, which runs provisioning code against http://d2gk.co our unoffical dev environment
Comment 8•10 years ago
|
||
Comment on attachment 8424869 [details]
Default State
This is the old App Manager. The new App Manager is very different. You'll need to build it yourself to test it. Basically, you need to host this tool in its own window, and use native styling.
Attachment #8424869 -
Flags: feedback-
Comment 9•10 years ago
|
||
Comment on attachment 8424939 [details]
provision.js
Looks good. But I need to understand where the phone come from. Will they be unlocked? Apparently, we won't be allowed to update the certificates on "normal" phone. A pref in prefs.js will need to be changed to allow that, and ADB is required for that.
Attachment #8424939 -
Flags: review?(paul) → feedback+
Reporter | ||
Comment 10•10 years ago
|
||
> This is the old App Manager. The new App Manager is very different. Do you have a link for how to get/build the new app manager? > You'll need to build it yourself to test it. Basically, you need to host this tool in its own window, and use native styling. If we treat these as wireframes, is that enough to get you going? > But I need to understand where the phone come from. Will they be unlocked? Yes, for 1.0 release, partners will have unlocked phones for their testers to use. (After 1.0 we will work on improving FxOS to support all phones)
Reporter | ||
Updated•10 years ago
|
Flags: needinfo?(paul)
Comment 11•10 years ago
|
||
As far as I understand (need to be confirmed by the security team), to enable this feature in the app manager, you'll need to set a preference (devtools.debugger.forbid-certified-apps) in prefs.js on the phone (only accessible via ADB, so on rooted devices). This would require to run a script for each phone to update the pref, and at this point, they could just override the certificates at the same time. How do they unlock the phones? Just trying to figure out the process. We need this feature to avoid having to run shell scripts against the phones, but if you need to run a shell script to unlock the phone in the first place, there's no point of building this feature.
Flags: needinfo?(paul)
Reporter | ||
Comment 12•10 years ago
|
||
Great, thank you for looking into this. For 1.0, it is okay if only rooted phones are supported.
Comment 13•10 years ago
|
||
Geeksphone and Flame are currently come rooted by default. Review team has rooted Tarakos and OneTouch Fire where some device they got off ebay.
Comment 14•10 years ago
|
||
Do partners need to go through a unlocking/rooting phase? Do partners, at any point in time, need to run a script against the phone?
Comment 15•10 years ago
|
||
(In reply to Paul Rouget [:paul] (slow to respond. Ping me on IRC) from comment #14) > Do partners need to go through a unlocking/rooting phase? > Do partners, at any point in time, need to run a script against the phone? No for partners and long tail, as they currently don't need to sideload certificates.
Reporter | ||
Comment 16•10 years ago
|
||
This current plan works for existing versions of FxOS, but what is landing in aurora Fx right now completely restructures certificates and how they work. It will break our current plan. We are working outside of this bug on how to support this going forward. I'll add a depends on bug# once I find the best one to track.
Reporter | ||
Comment 17•10 years ago
|
||
There is a proposal for FxOS 2.x in bug#1023499#c1 Feedback there for this work would be great.
Reporter | ||
Comment 18•10 years ago
|
||
Renaming project from BetaFox to BetaChannel.
Summary: BetaFox support for provisioning devices to new channels → BetaChannel support for provisioning devices to new channels
Comment 19•8 years ago
|
||
Given that last update on transitioning gaia/fxos to no longer use certified/privileged permissions, I imagine this project is going to be cancelled? Also, in the meantime we provided a way to root your phone via settings app and be able to push certified apps via webide. Please reopen if it isn't.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•4 years ago
|
Product: DevTools → DevTools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•