Closed
Bug 1168577
Opened 9 years ago
Closed 5 years ago
Create a new hotfix signing certificate for Android that chains to the AMO root.
Categories
(Firefox for Android Graveyard :: General, defect)
Firefox for Android Graveyard
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mossop, Unassigned)
References
Details
When add-on signing is turned on there will need to be a new hotfix certificate that meets the signing requirements. So we need to create a cert, keep it somewhere and add its fingerprint to the prefs. Bug 1155762 and bug 1151537 did this for Firefox.
Updated•9 years ago
|
Blocks: addon-signing
Comment 1•8 years ago
|
||
What do we need to do here? Do we just need to add a fingerprint pref in mobile.js similar to what was done in bug 1151537?
Flags: needinfo?(dtownsend)
Reporter | ||
Comment 2•8 years ago
|
||
(In reply to :Margaret Leibovic from comment #1) > What do we need to do here? Do we just need to add a fingerprint pref in > mobile.js similar to what was done in bug 1151537? If you have the certificate already (or if the plan is to use the same certificate as Firefox) then yes.
Flags: needinfo?(dtownsend)
Comment 3•8 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #2) > (In reply to :Margaret Leibovic from comment #1) > > What do we need to do here? Do we just need to add a fingerprint pref in > > mobile.js similar to what was done in bug 1151537? > > If you have the certificate already (or if the plan is to use the same > certificate as Firefox) then yes. Andy, can Android use the same certificate as desktop here? If so, I can write a simple patch to update mobile.js. I don't think we've ever shipped a hotfix add-on on Android, so I'm worried this is not well tested, but we might as well try to maintain the same level of support.
Flags: needinfo?(amckay)
Comment 4•8 years ago
|
||
(In reply to :Margaret Leibovic from comment #3) > (In reply to Dave Townsend [:mossop] from comment #2) > > (In reply to :Margaret Leibovic from comment #1) > > > What do we need to do here? Do we just need to add a fingerprint pref in > > > mobile.js similar to what was done in bug 1151537? > > > > If you have the certificate already (or if the plan is to use the same > > certificate as Firefox) then yes. > > Andy, can Android use the same certificate as desktop here? If so, I can > write a simple patch to update mobile.js. > > I don't think we've ever shipped a hotfix add-on on Android, so I'm worried > this is not well tested, but we might as well try to maintain the same level > of support. I would presume so, but there's probably a reason Mossop filed it so just checking with him.
Flags: needinfo?(amckay) → needinfo?(dtownsend)
Reporter | ||
Comment 5•8 years ago
|
||
I assume that using different certificates means we don't have to update both apps in the event we need to revoke but I'm going to defer to Dan as someone who knows more than me about such things.
Flags: needinfo?(dtownsend) → needinfo?(dveditz)
Comment 6•8 years ago
|
||
It's probably simpler to use the same certificate for both -- there may even be future hotfixes where we could release a single one for both applications (pref changes to disable some platform feature?) but only if there's a single certificate. Why would we have to revoke? If someone can get our key out of HSM, or get into our build subnet to issue "sign me" commands they could compromise both certs anyway--or at least we'd have to assume they did even if we didn't have proof. I don't think two certs buys us much benefit. Unless the android hotfix already has a separate ID -- then they need a separate certificate anyway. ... and of course it does: https://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#67 https://mxr.mozilla.org/mozilla-central/source/mobile/android/app/mobile.js#211 You need to either * rename the android hotfix, or * get a separate android cert I don't think either way is meaningfully more secure so do whichever fits our other needs better. Probably should ask RelEng which works better for them. Lawrence?
Flags: needinfo?(dveditz) → needinfo?(lmandel)
Comment 7•8 years ago
|
||
Chris - Can you answer Dan's question ^ above?
Flags: needinfo?(lmandel) → needinfo?(catlee)
Comment 8•8 years ago
|
||
My understanding is that we want to use the new addon signing infrastructure for signing the hotfix addons as well? If that's the case, then RelEng will have no direct involvement with the hotfix signing, so I don't have a preference which option you choose. If we're going to continue to use the RelEng signing infra for signing hotfixes, then it's simpler if we can use the same cert for both Firefox and Android.
Flags: needinfo?(catlee)
Comment 9•5 years ago
|
||
Closing this since the hotfix add-on was discontinued, and there are other conversations going on for how to quickly patch up Firefox.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•