Closed Bug 1360745 Opened 3 years ago Closed 3 years ago

The OS X elevation code hangs when running nightly

Categories

(Toolkit :: Application Update, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla55
Tracking Status
firefox-esr52 --- unaffected
firefox53 --- unaffected
firefox54 --- unaffected
firefox55 + fixed

People

(Reporter: robert.strong.bugs, Assigned: robert.strong.bugs)

References

Details

(Keywords: regression)

Attachments

(1 file)

Nightly builds aren't signed the same way as they are signed on release per bug 394984 comment #92. This makes it so the OS X elevation code can't be tested on Nightly and when elevation is required to update it causes the updater to hang when trying to apply an update.
The way I tested this is by selecting Get Info for the FirefoxNightly.app from the context menu and removing my accounts read / write permissions. Doing the same thing with a release build will successfully update.
Ben, is it possible for Nightly Mac builds to be signed in the same way as release builds? Without this it is impossible to test the client code for OS X elevation on Nightly. Note that this can only be tested manually since it is an OS security feature.
Flags: needinfo?(bhearsum)
Well, elevated updates on OSX is completely broken since bug 1156046 landed. We no longer call LaunchElevatedUpdate from anywhere[1][2]. Also, the comment for LaunchChildMac is completely outdated[3]. We replaced posix_spawnp with NSTask in bug 1250901. It looks like bug 1156046 reverted quite a bit here. With this fixed, the updater will most definitely no longer hang, since we detect a signature mismatch here[4][5][6]. This won't address the fact that we can't test elevated updates on Nightly, but while working on bug 394984 we didn't think it was worth the effort for the following reasons:
1. We didn't want to start signing Nightly with the release cert.
2. We wanted to hardcode the signatures that we embed in the binaries because there was no efficient way to do this dynamically based on the branch that we were on.
3. The number of users legitimately (i.e. not for testing purposes) running into this situation on nightly was extremely small.
4. Nightlies can be built locally with an approved Apple Developer certificate after changing the embedded cert signature to test elevated updates. This is what we used for testing of bug 394984.

I'm going to keep the n-i set for Ben in case he has anything to add here.

[1] https://hg.mozilla.org/mozilla-central/rev/cc65a6d51e74
[2] https://dxr.mozilla.org/mozilla-central/search?q=LaunchElevatedUpdate
[3] https://hg.mozilla.org/mozilla-central/rev/cc65a6d51e74#l8.851
[4] https://hg.mozilla.org/mozilla-central/file/b3b4cf61e147/toolkit/xre/nsUpdateDriver.cpp#l995
[5] https://dxr.mozilla.org/mozilla-central/source/toolkit/xre/MacLaunchHelper.mm#132
[6] https://dxr.mozilla.org/mozilla-central/source/toolkit/xre/MacLaunchHelper.mm#76
Blocks: 1156046
No longer blocks: 394984
[Tracking Requested - why for this release]:
Bug 1156046 broke elevated updates on OSX.
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #4)
> Thanks Stephen!

Most welcome. I'm happy to help here if needed. Thanks for looking into it!
Assignee: nobody → robert.strong.bugs
Status: NEW → ASSIGNED
Comment on attachment 8863090 [details] [diff] [review]
patch in progress

Elevating actually worked on oak with this patch.
Attachment #8863090 - Flags: review?(spohl.mozilla.bugs)
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #2)
> Ben, is it possible for Nightly Mac builds to be signed in the same way as
> release builds? Without this it is impossible to test the client code for OS
> X elevation on Nightly. Note that this can only be tested manually since it
> is an OS security feature.

I could be missing something, but as far as I can tell we don't do anything differently on the signing servers for nightly vs. release builds other than using a different certificate to sign with.
Comment on attachment 8863090 [details] [diff] [review]
patch in progress

Review of attachment 8863090 [details] [diff] [review]:
-----------------------------------------------------------------

This looks good to me. I've also gone through attachment 8857616 [details] [diff] [review] with a focus on OSX and haven't seen anything else that we missed. Thank you for fixing this so quickly!
Attachment #8863090 - Flags: review?(spohl.mozilla.bugs) → review+
Pushed by rstrong@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/4518edb0fb03
The OS X elevation code hangs when running nightly. r=spohl
https://hg.mozilla.org/mozilla-central/rev/4518edb0fb03
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.