Closed Bug 1121580 Opened 10 years ago Closed 10 years ago

Add Loop Dev server to the Marketplace web list so it can request the installation of Fx Hello

Categories

(Marketplace Graveyard :: General, defect, P2)

Product:
Marketplace Graveyard
Component:
General
Version:
Avenir
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2015-01-20

People

(Reporter: dcoloma, Assigned: mat)

References

Details

(Whiteboard: [qa-])

There are some concerns to publish to Loop production server the changes in the standalone UI for installing FxOS Hello client compatible with rooms. Hence we need to use Loop Dev Server (https://loop-webapp-dev.stage.mozaws.net) for end-to-end testing, but that server does not seem to be in the Marketplace whitelist that was changed in: https://github.com/mozilla/zamboni/pull/2614 If there is any other approach to test this in commercial devices, we are also OK with that provided it allows end-to-end testing.
ni? on Wil and Mat
Flags: needinfo?(wclouser)
Flags: needinfo?(mpillard)
In bug 1075515 we were asked to add http://loop-webapp.dev.mozaws.net and not https://loop-webapp-dev.stage.mozaws.net - one is https and one is not, which one is correct ? Also, since it's a dev URL, we only added it to our own dev URL and not in production (this is sensitive stuff, since it allows you to install stuff as if you were Marketplace - hence the reason for not enabling access from development URLs in prod). Therefore, it will work only on https://marketplace-dev.allizom.org/iframe-install.html and not https://marketplace.firefox.com/iframe-install.html If that helps I can also whitelist loop dev server on stage (https://marketplace.allizom.org), but would prefer avoiding prod.
Flags: needinfo?(mpillard)
(In reply to Mathieu Pillard [:mat] from comment #2) > In bug 1075515 we were asked to add http://loop-webapp.dev.mozaws.net and > not https://loop-webapp-dev.stage.mozaws.net - one is https and one is not, > which one is correct ? > > Also, since it's a dev URL, we only added it to our own dev URL and not in > production (this is sensitive stuff, since it allows you to install stuff as > if you were Marketplace - hence the reason for not enabling access from > development URLs in prod). Therefore, it will work only on > https://marketplace-dev.allizom.org/iframe-install.html and not > https://marketplace.firefox.com/iframe-install.html > > If that helps I can also whitelist loop dev server on stage > (https://marketplace.allizom.org), but would prefer avoiding prod. IIRC the right server is the HTTPS one, but that is something that Mark can confirm, ni on him for that. Can we use the stage or the development marketplace servers in 2.0 commercial devices? That is what is key for us for completing the end to end testing.
Flags: needinfo?(standard8)
Flags: needinfo?(mpillard)
I can't tell you if you can use stage because I don't know exactly what loop is doing with the iframe. I do know that, for a device device to be able to install privileged packaged apps (which is the most common scenario why you'd need the iframe for) from marketplace stage, you need the following: - The pref dom.mozApps.use_reviewer_certs set to true - The pref dom.mozApps.signed_apps_installable_from set to something containing https://marketplace.allizom.org - Marketplace dev certificates installed All this is done automatically for engineering builds with the "Use Marketplace reviewer certs" checkbox checked (in developer settings). It should also be possible to do all that with a commercial device as long as you can root it.
Flags: needinfo?(mpillard)
Antonio, can we do this in the Fire E devices we have? Either with commercial or with an engineering build. > I do know that, for a device device to be able to install privileged > packaged apps (which is the most common scenario why you'd need the iframe > for) from marketplace stage, you need the following: > - The pref dom.mozApps.use_reviewer_certs set to true > - The pref dom.mozApps.signed_apps_installable_from set to something > containing https://marketplace.allizom.org > - Marketplace dev certificates installed > > All this is done automatically for engineering builds with the "Use > Marketplace reviewer certs" checkbox checked (in developer settings). It > should also be possible to do all that with a commercial device as long as > you can root it.
Flags: needinfo?(amac.bug)
The first two without any problems, as I rooted the commercial builds for the FireE before Christmas. As per the certificates, I would have to check if they're also included on the production builds, cause otherwise to add them we would have to recompile Gecko, which kinda defeats the purpose of using the commercial build. I'll try this tomorrow and see if it works.
Flags: needinfo?(amac.bug)
I don't know if it's included in commercial builds, but it should be possible without recompiling gecko - https://github.com/mozilla/marketplace-certs might help.
I just checked this and it works. There's no need to add the certificate to the database (which wouldn't work in any case, since the signature check uses pinned certificates since some time ago) as the dev certificates are included on the build. The only caveat is that dom.mozApps.signed_apps_installable_from has to be set to https://marketplace-dev.allizom.org and *not* https://marketplace.allizom.org AFAIK apps cannot be installed from https://marketplace.allizom.org at all unless those apps are signed with the production key (since that's the pinned certificate used to check by default, and the only exception is for marketplace-dev at [1]. [1] http://mxr.mozilla.org/mozilla-b2g32_v2_0/source/dom/apps/src/Webapps.jsm#3253
Ok great! The only thing left to solve then, is whether we should whitelist loop's dev URL using http or https - currently http is whitelisted.
Flags: needinfo?(wclouser)
Our dev server is https://loop-webapp-dev.stage.mozaws.net/ I think the other one was an older site that's now not present anymore. I've just swapped the dev server back to reference the dev marketplace.
Flags: needinfo?(standard8)
Assignee: nobody → mpillard
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → 2015-01-20
I merged the new dev URL in https://github.com/mozilla/zamboni/commit/23521ba6e3f9b42444fc4c0d5dadef9757169766 The new whitelist is visible in https://marketplace-dev.allizom.org/iframe-install.html Anything left to do here ?
(In reply to Mathieu Pillard [:mat] from comment #11) > I merged the new dev URL in > https://github.com/mozilla/zamboni/commit/ > 23521ba6e3f9b42444fc4c0d5dadef9757169766 > > The new whitelist is visible in > https://marketplace-dev.allizom.org/iframe-install.html > > Anything left to do here ? We have tested the installation with the dummy app that was available before and the app is successfully installed. We have submitted a Hello app to the dev marketplace (Hello dev) but still waiting for approval, so we can test the whole cycle: the app is not only installed but also invoked after the installation. As soon as the app is approved we will test again. Harald, do all apps in dev marketplace need to go through the review process too?
Flags: needinfo?(hkirschner)
Yes, they do need to go through the review process, but many developers have reviewer access on -dev. I just approved it for you.
Flags: needinfo?(hkirschner)
Mark, the new app is available in the Dev Marketplace. Can you please point the Loop Dev Server to this new app? The details are: - Name: Hello Dev - Manifest URL: https://marketplace-dev.allizom.org/app/6adc2ddc-8c2c-4494-a499-a2d5fa29782f/manifest.webapp Thanks!
Flags: needinfo?(standard8)
I've updated the dev server.
Flags: needinfo?(standard8)
Tested and it works! The app is launched after the installation, however the room is not opened, we will check what is happening and opening a follow-up if required (maybe is just a client thing). Closing this bug.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Blocks: 1127841
You need to log in before you can comment on or make changes to this bug.