Without setting "developer-root" and "trusted-root" still can open nsec packages



Firefox OS
3 years ago
3 years ago


(Reporter: mlien, Unassigned)


Firefox Tracking Flags

(Not tracked)




3 years ago
[Blocking Requested - why for this release]:

Enable "network.http.enable-packaged-apps" and "network.http.signed-packages.enabled" but doesn't set "network.http.signed-packages.developer-root" and "network.http.signed-packages.trusted-root" still can open nsec packages

[Reproduce Steps]
1. Enable two preferences "network.http.enable-packaged-apps" and "network.http.signed-packages.enabled"
2. Do not set "network.http.signed-packages.developer-root" and "network.http.signed-packages.trusted-root"
3. Open nsec package, e.g., http://people.mozilla.org/~mlien/uitest_privileged.pak!//index.html

[Expected Result]
Cannot access nsec package because no permission key in device and no trusted origin as well

[Actual Result]
The first time will show file not found, refresh webpage again will show package successfully

[Build Information]
Build ID               20151025090221
Gaia Revision          1c6628ed1e40575e5ec3669ab6ef389d4ebeea65
Gaia Date              2015-10-23 17:01:43
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/d53a52b39a95dced722cca90ac74529b66dd5253
Gecko Version          44.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151025.082115
Firmware Date          Sun Oct 25 08:21:23 UTC 2015
Bootloader             s1

[Reproduce Rate]


3 years ago
QA Whiteboard: [COM=NSec]

Comment 1

3 years ago
Jonathan, please help to check this issue.
Flags: needinfo?(jhao)
From what I heard from Mike, those packages failed for the first time, but can be opened when reload.
This is because cache are not cleared after verification failure.

Bug 1214079 is addressing this issue. Or we may even set this as a duplicate.
Depends on: 1214079
Flags: needinfo?(jhao)
blocking-b2g: 2.5? → ---

Comment 3

3 years ago
Mike, this bug should already be resolved. Please help to verify it, thanks.

Comment 4

3 years ago
verify again with the latest build, it works as expected: no these two prefs won't allow user to access nsec packages

Build Information:
Build ID               20151113011841
Gaia Revision          4019a15121359c470765dd06e94850dd64cdf8d9
Gaia Date              2015-11-12 17:17:45
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/0c648a1efbe06b5ec866ba058d18256b80808b46
Gecko Version          45.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151113.003716
Firmware Date          Fri Nov 13 00:37:24 UTC 2015
Bootloader             s1
Last Resolved: 3 years ago
Resolution: --- → FIXED

Comment 5

3 years ago
Good. Thanks for verification, Mike.
You need to log in before you can comment on or make changes to this bug.