The update process of signed, packaged, origin-specified app fails after type changing update

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
3 years ago
8 months ago

People

(Reporter: kyadani.moz, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
[How to reproduce]
1. Install a packaged app A from Firefox marketplace, whose manifest contains:
   - type: "web"
   - origin: "somestring.example.com"
   and the app is signed by Firefox marketplace.
2. Update app A to app A', whose manifest contains:
   - type: "privileged"
   - origin: "somestring.example.com"
   and the app is signed by Firefox marketplace.
3. Update app A' to app A'', whose manifest contains:
   - type: "privileged"
   - origin: "somestring.example.com"
   and the app is signed by Firefox marketplace.
4. The update of step 3 will fail.

[Bug cause]
- After step 1, the origin of app A will be an UUID, because the type of app A is web.
- After step 2, the origin of app A' will be still the UUID.
- On step 3, the update process intends to set the origin to "somestring.example.com", but app A' origin is UUID. So INVALID_ORIGIN_CHANGE error occurs.
  - https://dxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#4017-4021
        // Changing the origin during an update is not allowed.
        if (uri.prePath != aOldApp.origin) {
          throw "INVALID_ORIGIN_CHANGE";
        }
- The update process handles the error as download error, so the update process fails.

[Question]
On Firefox marketplace, is there any use case such as packaged web app (step 1) or type change on update (step 2) ?
If the answer is yes, I think we have to fix the problem.
Changing app type on update is not supported currently.
(Reporter)

Comment 2

3 years ago
(In reply to Fabrice Desré [:fabrice] from comment #1)
> Changing app type on update is not supported currently.

"not supported" means that the submission flow to Firefox marketplace forbids changing app type?
Or, there is an implementation in b2g to forbid changing app type on update? I could not find the implementation.
So, I looks like we actually don't prevent changing the application type (privileged or not) but we don't allow origin changes. I don't think we want to change that now since we're moving away from app:// in FxOS v3.
(Reporter)

Comment 4

3 years ago
From b2g's point of view, I understood that since we don't allow origin change, the INVALID_ORIGIN_CHANGE error of step 3 is an expected behavior of b2g.

From marketplace's point of view, I'd like to know how Firefox marketplace deal the behavior of b2g.
- Error occurs when user update an app after type change ("web"->"privileged"). Is the error an expected behavior of Firefox marketplace?
- Or, does Firefox marketplace ensure that app type never changes from "web" to "privileged" on update?
(Reporter)

Comment 5

3 years ago
Hello Howie-san,
About comment 4, could you give me an information or assign some member?
Flags: needinfo?(hochang)

Comment 6

3 years ago
Hi Thomas, could you provide feedback on this if you are the right person? Thank you.
Flags: needinfo?(hochang) → needinfo?(telin)

Comment 7

3 years ago
Hi Bill, could you assist us here on Comment 4 since Thomas is out of office? Thank you!
Flags: needinfo?(bwalker)
Hi Howie, I'm asking David Durst from the Marketplace team to help answer your question.

Yadani, thanks for the very clear bug report. Can you please make this bug public? I can't see any information here that is confidential, and I can get this problem fixed more quickly if I don't need to explicitly cc every person from whom I seek info.
Flags: needinfo?(telin)
Flags: needinfo?(kyadani.moz)
Flags: needinfo?(ddurst)
Flags: needinfo?(bwalker)
(Reporter)

Updated

3 years ago
Group: panasonic-confidential
(Reporter)

Comment 9

3 years ago
Hello Bill-san, thanks for your advice. I changed to public bug.
Flags: needinfo?(kyadani.moz)
(In reply to Yadani from comment #4)
> From b2g's point of view, I understood that since we don't allow origin
> change, the INVALID_ORIGIN_CHANGE error of step 3 is an expected behavior of
> b2g.
> 
> From marketplace's point of view, I'd like to know how Firefox marketplace
> deal the behavior of b2g.
> - Error occurs when user update an app after type change
> ("web"->"privileged"). Is the error an expected behavior of Firefox
> marketplace?
> - Or, does Firefox marketplace ensure that app type never changes from "web"
> to "privileged" on update?

We mitigate that situation by disallowing changes to the origin. So, that error is expected, as we're catching the attempted origin change. But it doesn't have anything to do with the type change, other than how the series of changes you describe affect the origin.

Because breaking the origin risks and complicates things for the user (they could get notified to update an app, but that update would fail), our current recommendation for the developer is to a) only change the origin if you absolutely must, and b) create a new app and remove the other one.
Flags: needinfo?(ddurst)
(Reporter)

Comment 11

3 years ago
Hello David-san, thank you for your reply.
I understood that the behavior [1] is the expected behavior from marketplace's point of view, too, and when app developer wants to change the origin, he should create a new app and remove the old app.

I want to confirm what the app developer should do if the developer wants to change the type.
In my understanding, the developer should create a new app and remove old app, too.
E.g., on step 1 --> step 2 of [1], the app developer should:
- Create a new app B with 'type: "privileged"' and 'origin: "somestring.example.com"'.
- Submit app B to Firefox marketplace.
- Remove app A.
Is my understanding correct?

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1174691#c0
Flags: needinfo?(ddurst)
I would assume so, yes. (It may help to think of this not as an update to A, but as a new app B that makes A obsolete and unsupported.)
(Reporter)

Comment 13

3 years ago
Thank you. I understand the operation to change app type.

I have another question. On Firefox Marketplace, if an app developer who don't know the operation unfortunately change app type on app update (i.e. step 1 -> step 2 of [1]), the app user will face update error after next update.
I think it is somewhat unintended behavior from the app user's point of view. But is it the spec of Firefox OS or Firefox Marketplace?
Sorry, I somehow missed this question.

Possibly unintended behavior from the app developer's point of view (though one could argue they should understand the implications of changes to the type and/or origin).

I'm not sure what you mean by "spec of Firefox Marketplace" -- if you mean that it's expected, I think it's expected by definition. If you mean that it's somehow conveyed to the app developer by definition on Marketplace, clearly the answer is no (since this wasn't apparent and this bug was opened).

I cannot speak for Firefox OS specs, but I'm not sure it's relevant, given #c1 and #c3 and the fact that the context of this discussion is process on marketplace.firefox.com/developers.
Flags: needinfo?(ddurst)
(Reporter)

Comment 15

3 years ago
David-san, thank you for your answer.

Comment 16

8 months ago
Firefox OS is not being worked on
Status: NEW → RESOLVED
Last Resolved: 8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.