Closed Bug 1309206 Opened 9 years ago Closed 9 years ago

Updater broken for XUL apps using "firefox -app"

Categories

(Toolkit :: Application Update, defect, P5)

Product:
Toolkit
Component:
Application Update
Version:
49 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: josh, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 Build ID: 20160907081128 Steps to reproduce: Release a new complete mar file update with mar version 30 Client downloads update and restarts After restart; client reports 'ERROR: There must be at least one signature.' Actual results: updater did not install the downloaded mar file because of the 'ERROR: There must be at least one signature.' Expected results: Installed the update.
I understand that things have changed in the updater processes including signature, I have skimmed through bug 699700 and understand that the updater program has a public key to check if the downloaded mar packages are legit. the question is: Is it even possible for us to create a mar file and sign it with our own keys and the updater actually work since it will have your public key and not ours built into it? Is the only way around this to build our own updater with our public key in it? or do I not understand the changes to the updater properly... Currently we are shipping firefox sdk bin and replacing the updater with an older one from xulrunner 41.0.2 and it works fine. Any suggestions on what to do would be appreciated.
Component: Untriaged → Application Update
Product: Firefox → Toolkit
Robert, any advice about this issue?
Flags: needinfo?(robert.strong.bugs)
Josh, please provide a link for the Firefox SDK you are using. Also, please provide a link to the XUL app you are distributing?
Flags: needinfo?(robert.strong.bugs) → needinfo?(josh)
http://ftp.mozilla.org/pub/firefox/releases/49.0.1/ the app is a private app, but a bare app would do the same thing...
Flags: needinfo?(josh)
You would need to recompile the updater to include the signatures used to sign the mar. You should also sign all of the files. If you are distributing the maintenance service you would also need to configure the registry to include your code signing certs.
Since we don't support updating Firefox SDK distribution as an application resolving -> invalid. If you have further questions I'm on the dev-platform mail list / newsgroup.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Priority: -- → P5
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.