Closed
Bug 1244329
Opened 8 years ago
Closed 8 years ago
Flip the preference to on for requiring signed addons
Categories
(Firefox for Android Graveyard :: General, defect)
Firefox for Android Graveyard
General
Tracking
(firefox45- wontfix, firefox46+ verified, firefox47+ verified, relnote-firefox 46+, fennec46+)
People
(Reporter: andy+bugzilla, Assigned: Margaret)
References
Details
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
mfinkle
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details |
All add-ons on AMO are now signed. Following the procedure with Desktop, let's turn on signing for Android by flipping the flag xpinstall.signatures.required Users will still be able to turn it off. Let's test it out in nightly and so on and let in ride the trains.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → margaret.leibovic
Assignee | ||
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/33795/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/33795/
Attachment #8716309 -
Flags: review?(mark.finkle)
Assignee | ||
Updated•8 years ago
|
tracking-fennec: --- → ?
Assignee | ||
Comment 2•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=2493a190c69b
Updated•8 years ago
|
Attachment #8716309 -
Flags: review?(mark.finkle) → review+
Comment 3•8 years ago
|
||
Comment on attachment 8716309 [details] MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle https://reviewboard.mozilla.org/r/33795/#review30517
Assignee | ||
Comment 4•8 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/d0ed2f83c82c79c45d7e6430e5f6a22b6a59e3d7 Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle
Comment 5•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d0ed2f83c82c
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox47:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 47
Assignee | ||
Comment 6•8 years ago
|
||
[Tracking Requested - why for this release]: Getting this on the release management radar because we've talked about uplifting this to beta. Barbara/Andy, is that still the plan? I still see the Aha! card for this is in the 45 column.
tracking-firefox45:
--- → ?
tracking-firefox46:
--- → ?
Flags: needinfo?(bbermes)
Flags: needinfo?(amckay)
Reporter | ||
Comment 7•8 years ago
|
||
(In reply to :Margaret Leibovic from comment #6) > [Tracking Requested - why for this release]: Getting this on the release > management radar because we've talked about uplifting this to beta. > > Barbara/Andy, is that still the plan? I still see the Aha! card for this is > in the 45 column. I'd be interested to see how this works for users and get some QA feedback. 45 is coming pretty darn soon.
Flags: needinfo?(amckay)
Comment 8•8 years ago
|
||
so not in 45 currently right? and in 47. any chance of moving this to 46? let me know so joni and i can document whatever you decide in SUMO
Updated•8 years ago
|
tracking-fennec: ? → 46+
Comment 11•8 years ago
|
||
It is too late for 45, please target 46 and submit the uplift request quickly so that it is in the first beta.
Comment 12•8 years ago
|
||
Verified as fixed using: Device: Nexus 6 (Android 6.0) Build: Firefox for Android 47.0a1 (2016-02-14) With "xpinstall.signatures.required=true" by default trying to install Crash Me add-on, the following message is displayed: "Nightly has prevented people.mozilla.org from installing an unverified add-on. Learn more". Learn more links redirects the user to the "Add-on signing in Firefox for Android" post. With "xpinstall.signatures.required=false , Crash Me add-on is installed.
Assignee | ||
Comment 13•8 years ago
|
||
Comment on attachment 8716309 [details] MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle Approval Request Comment [Feature/regressing bug #]: None. [User impact if declined]: Users can install unsigned add-ons. [Describe test coverage new/current, TreeHerder]: Baked on Nightly for a bit. Not much automated test coverage on mobile, but we have tested the bits pieces manually. [Risks and why]: Potential risk of people's add-ons breaking if they haven't been signed. But we probably won't get more data on this until this is on beta, so we should uplift sooner rather than later. [String/UUID change made/needed]: None.
Attachment #8716309 -
Flags: approval-mozilla-aurora?
Comment 14•8 years ago
|
||
Comment on attachment 8716309 [details] MozReview Request: Bug 1244329 - Flip the preference to on for requiring signed addons. r=mfinkle Turns on addon signing, let's see if we can shake out any problems in aurora.
Attachment #8716309 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 15•8 years ago
|
||
Tracking as well since this is a new feature for android.
tracking-firefox47:
--- → +
Comment 16•8 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-aurora/rev/b9a7695cb100
Comment 17•8 years ago
|
||
Kev or Margaret, can you suggest wording for a release note?
Flags: needinfo?(margaret.leibovic)
Flags: needinfo?(kev)
Comment 18•8 years ago
|
||
Verified as fixed in build 46 Beta 7; Device: LG G4 (Android 5.1).
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 19•8 years ago
|
||
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #17) > Kev or Margaret, can you suggest wording for a release note? Kev is better qualified than I am to answer this question, but maybe something like "Prevent installation of unverified add-ons"?
Flags: needinfo?(margaret.leibovic)
Comment 20•8 years ago
|
||
Release Note Request (optional, but appreciated) [Why is this notable]: Users will certainly notice it when they try to install an unsigned addon. [Suggested wording]: Prevent installation of unverified add-ons [Links (documentation, blog post, etc)]: (Probably something on AMO... kev, want to pick a post or write a new one?)
relnote-firefox:
--- → ?
Updated•8 years ago
|
Comment 21•8 years ago
|
||
Kev, do we have a blog post or something to point to from 46 release notes?
Comment 22•8 years ago
|
||
Yes, included. Also recommend slight modification to wording. Installed add-ons that are not signed will be disabled. Attempts to install unsigned add-ons will fail. Just wanted to make it a little clearer that any unsigned addons will no longer work. Preference to disable signing enforcement is outlined in the FAQ in the link. [suggested wording] - By default, add-ons that have not been verified and signed by Mozilla will not load in Firefox for Android. [links]: https://blog.mozilla.org/addons/2016/03/17/add-on-signing-enforcement-in-firefox-46-for-android/
Flags: needinfo?(kev)
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•