1244329 - Flip the preference to on for requiring signed addons

Status: VERIFIED FIXED

(Firefox for Android Graveyard :: General, defect)

Description

[Andy McKay]

All add-ons on AMO are now signed. Following the procedure with Desktop, let's turn on signing for Android by flipping the flag

xpinstall.signatures.required
 
Users will still be able to turn it off. Let's test it out in nightly and so on and let in ride the trains.

Comment 1

[:Margaret Leibovic]

Attachment: MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle

Review commit: https://reviewboard.mozilla.org/r/33795/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/33795/

Comment 2

[:Margaret Leibovic]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=2493a190c69b

Comment 3

[Mark Finkle (:mfinkle) (use needinfo?)]

Comment on attachment 8716309 [details]
MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle

https://reviewboard.mozilla.org/r/33795/#review30517

Comment 4

[:Margaret Leibovic]

https://hg.mozilla.org/integration/fx-team/rev/d0ed2f83c82c79c45d7e6430e5f6a22b6a59e3d7
Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle

Comment 5

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/d0ed2f83c82c

Comment 6

[:Margaret Leibovic]

[Tracking Requested - why for this release]: Getting this on the release management radar because we've talked about uplifting this to beta.

Barbara/Andy, is that still the plan? I still see the Aha! card for this is in the 45 column.

Comment 7

[Andy McKay]

(In reply to :Margaret Leibovic from comment #6)
> [Tracking Requested - why for this release]: Getting this on the release
> management radar because we've talked about uplifting this to beta.
> 
> Barbara/Andy, is that still the plan? I still see the Aha! card for this is
> in the 45 column.

I'd be interested to see how this works for users and get some QA feedback. 45 is coming pretty darn soon.

Comment 8

[Roland Tanglao needinfo please :rolandtanglao, :mohnkuchen, :adobo, :sinigang, :roland]

so not in 45 currently right? and in 47. any chance of moving this to 46? let me know so joni and i can document whatever you decide in SUMO

Comment 10

[Barbara Bermes [:barbara] - NI please!]

I'm fine with 45 or 46, whatever is possible.

Comment 11

[Sylvestre Ledru [:Sylvestre]]

It is too late for 45, please target 46 and submit the uplift request quickly so that it is in the first beta.

Comment 12

[Teodora Vermesan (:TeoVermesan)]

Verified as fixed using:
Device: Nexus 6 (Android 6.0)
Build: Firefox for Android 47.0a1 (2016-02-14)

With "xpinstall.signatures.required=true" by default trying to install Crash Me add-on, the following message is displayed: "Nightly has prevented people.mozilla.org from installing an unverified add-on. Learn more". Learn more links redirects the user to the "Add-on signing in Firefox for Android" post. 
With "xpinstall.signatures.required=false , Crash Me add-on is installed.

Comment 13

[:Margaret Leibovic]

Comment on attachment 8716309 [details]
MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle

Approval Request Comment
[Feature/regressing bug #]: None.

[User impact if declined]: Users can install unsigned add-ons.

[Describe test coverage new/current, TreeHerder]: Baked on Nightly for a bit. Not much automated test coverage on mobile, but we have tested the bits pieces manually.

[Risks and why]: Potential risk of people's add-ons breaking if they haven't been signed. But we probably won't get more data on this until this is on beta, so we should uplift sooner rather than later.

[String/UUID change made/needed]: None.

Comment 14

[Liz Henry (:lizzard) (relman/hg->git project)]

Comment on attachment 8716309 [details]
MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle

Turns on addon signing, let's see if we can shake out any problems in aurora.

Comment 15

[Liz Henry (:lizzard) (relman/hg->git project)]

Tracking as well since this is a new feature for android.

Comment 16

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/releases/mozilla-aurora/rev/b9a7695cb100

Comment 17

[Liz Henry (:lizzard) (relman/hg->git project)]

Kev or Margaret, can you suggest wording for a release note?

Comment 18

[Flaviu Cos]

Verified as fixed in build 46 Beta 7;
Device: LG G4 (Android 5.1).

Comment 19

[:Margaret Leibovic]

(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #17)
> Kev or Margaret, can you suggest wording for a release note?

Kev is better qualified than I am to answer this question, but maybe something like "Prevent installation of unverified add-ons"?

Comment 20

[Liz Henry (:lizzard) (relman/hg->git project)]

Release Note Request (optional, but appreciated)
[Why is this notable]:  Users will certainly notice it when they try to install an unsigned addon. 
[Suggested wording]:  Prevent installation of unverified add-ons
[Links (documentation, blog post, etc)]:  (Probably something on AMO... kev, want to pick a post or write a new one?)

Comment 21

[Liz Henry (:lizzard) (relman/hg->git project)]

Kev, do we have a blog post or something to point to from 46 release notes?

Comment 22

[Kev Needham [:kev]]

Yes, included. Also recommend slight modification to wording. Installed add-ons that are not signed will be disabled. Attempts to install unsigned add-ons will fail. Just wanted to make it a little clearer that any unsigned addons will no longer work. Preference to disable signing enforcement is outlined in the FAQ in the link.


[suggested wording] - By default, add-ons that have not been verified and signed by Mozilla will not load in Firefox for Android.
[links]: https://blog.mozilla.org/addons/2016/03/17/add-on-signing-enforcement-in-firefox-46-for-android/