Closed Bug 1162727 Opened 9 years ago Closed 9 years ago

ADB Helper, Valence, and Simulator extensions are not signed

Categories

(DevTools :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: rowbot, Assigned: jryans)

References

Details

Starting in Firefox 40 the concept of signed extentions/addons will exist.  These 2 developer tools extensions are not yet signed.  They should be signed to avoid problems with developers using these extensions in release and beta versions of Firefox.

https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/
https://wiki.mozilla.org/Addons/Extension_Signing
I've been expecting this to come up for a while, but I have a suspicion they may require manual review and / or be denied for some reason.

Anyway, let's see what happens.  I've tried to submit ADB Helper to AMO for signing as an externally hosted add-on, but the validator bans the updateURL entry.  This leads me to believe AMO is not yet ready to sign add-ons it does not host.

Jorge, do you know if AMO is meant to be ready to sign externally hosted addons?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jorge)
John-Galt on IRC said this ability should be available on the 12th.  Will try again then.
Flags: needinfo?(jorge)
(In reply to J. Ryan Stinnett [:jryans] (use ni?) from comment #1)
> I've been expecting this to come up for a while, but I have a suspicion they
> may require manual review and / or be denied for some reason.

I don't think AMO review will or should be required - Devtools engineering code review should be enough. I also don't expect for there to be much use of these extensions on release channel?
(In reply to Jeff Griffiths (:canuckistani) from comment #3)
> (In reply to J. Ryan Stinnett [:jryans] (use ni?) from comment #1)
> > I've been expecting this to come up for a while, but I have a suspicion they
> > may require manual review and / or be denied for some reason.
> 
> I don't think AMO review will or should be required - Devtools engineering
> code review should be enough. I also don't expect for there to be much use
> of these extensions on release channel?

I figured it was worth a try just to see how the experience goes.  I agree additional review is unnecessary, but that's the process for getting an add-on signed.  It's apparently not the "full" review process AMO usually employs, but all communications I've seen have been very light on specifics.

There was also discussion at one point of offering certs to companies for their internal use.  Potentially we could pursue that route for this special case (even though these are not for internal use...).

I agree use on beta / release is probably light.  But, it effectively means that WebIDE is unusable on beta / release, as connecting to any runtime requires an add-on:

* Simulators (each one is an add-on)
* FxOS and Fennec (uses ADB Helper)
* iOS, Chrome, etc. (uses Valence)

So, it becomes confusing to even offer WebIDE at all on beta / release when it effectively can't do much at all.

For the simulators, we do have an escape hatch: we no longer actually need to run the add-on at all, it's just a vector for downloading files.  So, we could support this case with some small changes.  But, the add-on manager will still show confusing messages about them being unsigned.
(In reply to J. Ryan Stinnett [:jryans] (use ni?) from comment #4)

> There was also discussion at one point of offering certs to companies for
> their internal use.  Potentially we could pursue that route for this special
> case (even though these are not for internal use...).

I remember something like this too - we should ask around and it seems like the most reasonable solution for us, to just sign our own extensions.
(In reply to Jeff Griffiths (:canuckistani) from comment #5)
> (In reply to J. Ryan Stinnett [:jryans] (use ni?) from comment #4)
> 
> > There was also discussion at one point of offering certs to companies for
> > their internal use.  Potentially we could pursue that route for this special
> > case (even though these are not for internal use...).
> 
> I remember something like this too - we should ask around and it seems like
> the most reasonable solution for us, to just sign our own extensions.

Mike, do you know of any way the DevTools team could sign their own extensions?  I asked about this during a add-on meeting at Mozlandia, and was told we could potentially take the route that will be offered for companies to sign their own internal extensions.  Is that ability being developed?
Flags: needinfo?(mconnor)
The latest update I've heard is that unhosted add-ons can be submitted on Monday, May 1st.
That'd be June 1st, I think.  And there will not be any mechanism for self-signing at this point.  We're still determining the right approach for ESR users.
Flags: needinfo?(mconnor)
Ah, right, sorry.

There was discussion on IRC between myself, Mossop, and John-Galt that we could potentially have these add-ons marked as "trusted" in AMO, so that AMO reviews would not be needed for each add-on revision.

Once I've tried the upload process on Monday, I'll look into this possibility.
Update: we can now sign the add-ons via AMO by uploading them as 'unlisted' and then requesting Jorge / Kris sign them manually using admin override. Eventually I'd prefer an automate-able process but this will probably do for now.
Summary: ADB Helper and Valence extensions are not signed → ADB Helper, Valence, and Simulator extensions are not signed
Assignee: nobody → jryans
Status: NEW → ASSIGNED
Valence 0.3.1 has been signed and released.  Updating from unsigned 0.3.0 works here.

I'll continue working on the others next week.
In bug 1157792, Kris brings up a good point about the simulators:

(In reply to Kris Maglione [:kmag] from comment #23)
> It's probably worth noting that these will stop working once mandatory
> signing is enabled.
> 
> Since they run b2g from within the add-on installation directory, using a
> profile within the add-on installation directory, extension files are
> modified whenever the simulator is run, which results in broken signatures.
> So the add-ons will install, but they'll be disabled on the first restart
> after the simulator runs.

We'll need to make some sort of change so the add-on files are not modified after install.
Will that affect Valence too? All we do there is fix the binary permissions and I am not sure if that breaks the signature.
The signatures only take file contents into account. Changing permissions shouldn't break them.

There have been other bugs in the past, where changing the mtime of add-on's install root has caused issues, but I don't know of any that haven't been fixed.
ADB Helper 0.8.0 has been signed and released.
All DevTools managed add-ons (ADB Helper, Valence, and Simulators) are now signed.

The simulators haven't changed in construction, so they may become unverified after use, since the profile directory inside will be modified.  However, WebIDE is still able to run such unverified simulators, so it becomes mainly a UX issue of perplexing red bars in the add-on manager.  We could work towards resolving this later on as needed.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.