Closed Bug 1273298 Opened 9 years ago Closed 9 years ago

Add-ons are disabled on trunk builds, claiming they could not be verified to work with SeaMonkey

Categories

(SeaMonkey :: General, defect)

Product:
SeaMonkey
Component:
General
Version:
SeaMonkey 2.46 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(seamonkey2.44 unaffected, seamonkey2.45 fixed, seamonkey2.46 fixed, seamonkey2.47 fixed, seamonkey2.48 verified)

Status:
VERIFIED FIXED
Milestone:
seamonkey2.48
Tracking Flags:
Tracking Status
seamonkey2.44 --- unaffected
seamonkey2.45 --- fixed
seamonkey2.46 --- fixed
seamonkey2.47 --- fixed
seamonkey2.48 --- verified

People

(Reporter: rsx11m.pub, Assigned: frg)

References

Details

(Keywords: regression)

Attachments

(6 files)

Capture.PNG
98.25 KB, image/png
Details
1273298-signing.patch
17.32 KB, patch
ewong
: review+
Details | Diff | Splinter Review
1273298-xpisigning.patch
1.20 KB, patch
philip.chee
: review+
Details | Diff | Splinter Review
1273298-signing-ca.patch
16.59 KB, patch
ewong
: review+
ewong
: approval-comm-aurora+
Details | Diff | Splinter Review
1273298-signing-cb.patch
16.63 KB, patch
ewong
: review+
ewong
: approval-comm-beta+
Details | Diff | Splinter Review
1273298-signing-cr.patch
13.52 KB, patch
ewong
: review+
ewong
: approval-comm-release+
Details | Diff | Splinter Review
Installing SeaMonkey trunk and running it with a new profile, all extensions which it ships with (including Lightning) are disabled, listed in the Add-ons Manager as "... could not be verified for use in SeaMonkey and has been disabled." Lightning works fine after manually enabling it. This is a recent regression, aurora and beta builds are fine, seen independently on Linux and Mac OSX nightlies. I'm filing this for SeaMonkey first in case something screwed up with disabling the signing requirement for those builds.
See Also: → 1159499
Thanks, guess I didn't look into the Add-ons Manager on trunk for a long time (just now after Lightning was included in the default build and installation). Note that this applies to *all* shipped extensions, not just Lightning. Does the difference between trunk and others for /extensions/ vs. /distribution/extensions/ apply for those too?
(In reply to rsx11m from comment #2) > Note that this applies to *all* shipped extensions, not just Lightning. Does > the difference between trunk and others for /extensions/ vs. > /distribution/extensions/ apply for those too? It's logical to assume that it does.
True but not necessarily. Looking at http://hg.mozilla.org/comm-central/file/f32ca0e1adf2/suite/installer/package-manifest.in Lightning is the only extension explicitly testing NIGHTLY_BUILD to decide installation in /extensions/, whereas ChatZilla and DOM Inspector decide on !MOZ_OMNIJAR instead. Thus, if NIGHTLY_BUILD implies !MOZ_OMNIJAR, that would make them equivalent.
Attached image Capture.PNG
I am not seeing this on a brand new Windows build and brand new profile. Maybe a bug in core code which has been fixed?
I'm still seeing this with a current trunk tinderbox build and a new profile, thus not fixed.
(at least on Windows)
(while no Windows tinderbox builds exist atm - I meant Linux of course, grrrr)
In my own SeaMonkey 2.47a1 build, I do no longer get the warning but Lightning remains disabled with a new profile until I explicitly enable it in the Add-ons Manager.
I think addon signing might not be properly disabled in the build configs. Couldn't this be added to confvars.sh?
Attachment #8767499 - Flags: review?(ewong)
Comment on attachment 8767499 [details] [diff] [review] 1273298-signing.patch Review of attachment 8767499 [details] [diff] [review]: ----------------------------------------------------------------- Aside for that minor nit, everything looks good. r+ from me when you've skipped the macosx32 directory(I seemed to have forgotten to push that patch from bug 1061357.. I guess I need to update that patch once you've pushed this). ::: suite/config/mozconfigs/macosx32/debug @@ +2,5 @@ > > +# Disable checking that add-ons are signed by the trusted root > +MOZ_ADDON_SIGNING=0 > +# Disable enforcing that add-ons are signed by the trusted root > +MOZ_REQUIRE_SIGNING=0 Frank, you don't need to change this file or anything within macosx32/*. (In fact, this directory was supposed to be removed earlier. (I think I had a patch waiting for review awhile back.)
Attachment #8767499 - Flags: review?(ewong) → review+
(In reply to Edmund Wong (:ewong) from comment #11) > Comment on attachment 8767499 [details] [diff] [review] > 1273298-signing.patch > > Review of attachment 8767499 [details] [diff] [review]: > ----------------------------------------------------------------- > > Aside for that minor nit, everything looks good. r+ from me when you've > skipped the macosx32 directory(I seemed to have forgotten to push that patch > from bug 1061357.. I guess I need to update that patch once you've pushed > this). > > ::: suite/config/mozconfigs/macosx32/debug > @@ +2,5 @@ > > > > +# Disable checking that add-ons are signed by the trusted root > > +MOZ_ADDON_SIGNING=0 > > +# Disable enforcing that add-ons are signed by the trusted root > > +MOZ_REQUIRE_SIGNING=0 > > Frank, you don't need to change this file or anything within macosx32/*. > (In fact, this directory was supposed to be removed > earlier. (I think I had a patch waiting for review awhile back.) Patch has been pushed, so just update your tree and push the updated patch (without the mention of macosx32).
Patch pushed without the osx32. Thought so that it was obsolete but youe never know... https://hg.mozilla.org/comm-central/rev/09dbbf8ea508 What about the branches? Should we wait till c-c builds again an and verifiy first that it solves the problem?
Assignee: nobody → frgrahl
Status: NEW → ASSIGNED
Firefox sets this to true per default. I am sure we do not want this for the forseeable future. Currently the setting is picked up from /modules/libpref/init/all.js where it is still false but this might change in the future.
Attachment #8769478 - Flags: review?(philip.chee)
patch for comm-aurora [Approval Request Comment] Regression caused by (bug #): User impact if declined: Incorrect / incomplete build options. Testing completed (on m-c, etc.): Risk to taking this patch (and alternatives if risky): none String changes made by this patch: none
Attachment #8769479 - Flags: review?(ewong)
Attachment #8769479 - Flags: approval-comm-aurora?
patch for comm-beta [Approval Request Comment] Regression caused by (bug #): User impact if declined: Incorrect / incomplete build options. Testing completed (on m-c, etc.): Risk to taking this patch (and alternatives if risky): none String changes made by this patch: none
Attachment #8769480 - Flags: review?(ewong)
Attachment #8769480 - Flags: approval-comm-beta?
Patch for comm-release. Is it possible that the Win32 build config is utter rubbish with VS2010 still included? [Approval Request Comment] Regression caused by (bug #): User impact if declined: Incorrect / incomplete build options. Testing completed (on m-c, etc.): Risk to taking this patch (and alternatives if risky): none String changes made by this patch: none
Attachment #8769481 - Flags: review?(ewong)
Attachment #8769481 - Flags: approval-comm-release?
Comment on attachment 8769478 [details] [diff] [review] 1273298-xpisigning.patch >+++ b/suite/browser/browser-prefs.js >+pref("xpinstall.signatures.required", false); as far as I can tell, this is set to false in all.js and overridden in firefox.js to true. https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/all.js#4638 https://dxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#72 So, it this really necessary to set in browser-prefs.js as well since it defaults to false already?
>> So, it this really necessary to set in browser-prefs.js as well since it defaults to false already? No. Just did go thru all the signing options and this one is the only one we currently do not set ourself. It might get changed in the future out of the blue but then we could change it then and not now. Thought ratty should decide. Completely indifferent here :) FRG
Frank: to be honest, I don't know what you are trying to fix with this patches - as they will definitely not fix *this* bug, as it has absolutely nothing to do with signing... Also: this bug always happens only on c-c and never on c-a, c-b and c-r (merge-independent).
>> Frank: to be honest, I don't know what you are trying to fix with this patches Not much. As I told ewong I doubt that these will help. Just want to be sure that the environment is ok and knowing that all variables which control signing are set correctly might be a first step. You sure this has nothing got do with signing?
(In reply to Frank-Rainer Grahl from comment #21) > You sure this has nothing got do with signing? The message on the command line says "Disabling foreign installed add-on" (see bug 1159499), so it must result from the (Firefox) strategy to block add-ons installed by 3rd party software - and this has nothing to do with signing.
Comment on attachment 8769479 [details] [diff] [review] 1273298-signing-ca.patch Review of attachment 8769479 [details] [diff] [review]: ----------------------------------------------------------------- lgtm
Attachment #8769479 - Flags: review?(ewong)
Attachment #8769479 - Flags: review+
Attachment #8769479 - Flags: approval-comm-aurora?
Attachment #8769479 - Flags: approval-comm-aurora+
Comment on attachment 8769480 [details] [diff] [review] 1273298-signing-cb.patch Review of attachment 8769480 [details] [diff] [review]: ----------------------------------------------------------------- lgtm
Attachment #8769480 - Flags: review?(ewong)
Attachment #8769480 - Flags: review+
Attachment #8769480 - Flags: approval-comm-beta?
Attachment #8769480 - Flags: approval-comm-beta+
(In reply to Adrian Kalla [:adriank] from comment #20) > Frank: to be honest, I don't know what you are trying to fix with this > patches - as they will definitely not fix *this* bug, as it has absolutely > nothing to do with signing... Also: this bug always happens only on c-c and > never on c-a, c-b and c-r (merge-independent). I'm wondering if this is related to bug 1191941?
Mc reported over irc that contrary to popular, my and Adrians belief changing the configs did indeed fix at least some of the problems. I still wonder why because locally the prefs default to 0 if not set. http://logs.glob.uno/?c=mozilla%23seamonkey&s=12+Jul+2016&e=13+Jul+2016
Comment on attachment 8769481 [details] [diff] [review] 1273298-signing-cr.patch Review of attachment 8769481 [details] [diff] [review]: ----------------------------------------------------------------- lgtm.
Attachment #8769481 - Flags: review?(ewong)
Attachment #8769481 - Flags: review+
Attachment #8769481 - Flags: approval-comm-release?
Attachment #8769481 - Flags: approval-comm-release+
Flags: needinfo?(philip.chee)
Comment on attachment 8769478 [details] [diff] [review] 1273298-xpisigning.patch I see no harm in adding this.
Flags: needinfo?(philip.chee)
Attachment #8769478 - Flags: review?(philip.chee) → review+
https://hg.mozilla.org/comm-central/rev/f7e1f4d6f62f Should the bug be closed for now?
Looks like we are done here, though issues persist. I've tried both a trunk tinderbox build and my own 2.48a1 Linux build and didn't see the "could not be verified" warning with either build in the Add-Ons Manager. However, Lightning was disabled and the "Disabling foreign installed add-on {e2fda1a4-762b-4020-b5ad-a41df1933103} in app-global" warning appeared in the console. This appears to be bug 1159499 though rather than the issue here (both builds used with a new profile). For the upgrade scenario, I upgraded to 2.48a1 from an older 2.44 build (not trunk, though). Lightning wasn't updated, instead the message appeared in the Add-Ons Manager that it's incompatible. Judging from the console messages, that seems to be a conflict between the older Lightning version in the 2.44 profile and the different version coming with my current build, thus may be a non-trunk to trunk update issue which may not appear in trunk to trunk or non-trunk to non-trunk updates.
Keywords: regressionwindow-wanted
Jupp. Its likely becauase of the switch in Lightning locations between release and nightly. I never experience this on beta/release or nightly to nightly upgrades. I think lets close this one here and reopen it or a new one if something else pops up.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
status-seamonkey2.48: --- → verified
I'm confused, which patches landed for 2.47, to get the tracking flags right?
Flags: needinfo?(frgrahl)
Target Milestone: --- → seamonkey2.48
Meaning, did everything land everywhere where it needed to land? ;-)
>> Meaning, did everything land everywhere where it needed to land? ;-) Yes. The mozconfig variables landed on all branches. The optional play-it-safe pref change only on c-c for 2.48+. I think 2.45 should also be marked as fixed. FF 48 enforces the signing requirements and so its the same as 2.46 even if it was somehow marked as unaffected.
status-seamonkey2.44: --- → unaffected
status-seamonkey2.45: unaffectedfixed
status-seamonkey2.47: --- → fixed
Flags: needinfo?(frgrahl)
Ok, thanks.
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0 SeaMonkey/2.48a1 Build identifier: 20160913003001 http://hg.mozilla.org/comm-central/rev/b9cd88a0878f441423c99b7335ee393f4c7d1df1 FWIW, the warnings for add-ons not signed by Mozilla (including the ChatZilla nightly build) have disappeared. The only warnings still present are "<add-on> is incompatible with SeaMonkey 2.48a1" which is normal for the themes and langpacks which have it. (I have extensions.checkCompatibility.nightly == false so these latter add-ons are not app-disabled.)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: