Closed Bug 1374039 Opened 2 years ago Closed 2 years ago

Port bug 394984 to TB [Enable any admin user on OSX to update Firefox, front-end and updater changes]

Categories

(Thunderbird :: Installer, enhancement)

All
macOS
enhancement
Not set

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird 57.0

People

(Reporter: Paenglab, Assigned: Paenglab)

Details

Attachments

(1 file)

This is a bug I think we need to port.
I ported all changes from browser except the ones in browser/base/content/browser.js. This, I think, are only for the update infos in their AppMenu.

Stefan, please can you check, if this patch should have all the needed changes?
Assignee: nobody → richard.marti
Status: NEW → ASSIGNED
Attachment #8878867 - Flags: review?(philipp)
Attachment #8878867 - Flags: feedback?(stefanh)
Comment on attachment 8878867 [details] [diff] [review]
OSXinstaller.patch

Yes, from what I can see it ports all the relevant changes. Note that I'm not familiar with this code so I basically did the same comparison as you did.
Attachment #8878867 - Flags: feedback?(stefanh) → feedback+
Comment on attachment 8878867 [details] [diff] [review]
OSXinstaller.patch

Review of attachment 8878867 [details] [diff] [review]:
-----------------------------------------------------------------

r+ with this comment considered:

::: mail/app/macbuild/Contents/Info.plist.in
@@ +65,5 @@
>          <string>GeckoNSApplication</string>
> +	<key>SMPrivilegedExecutables</key>
> +	<dict>
> +		<key>org.mozilla.updater</key>
> +		<string>identifier "org.mozilla.updater" and ((anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9]) or (anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "43AQ936H96"))</string>

Do we have the same certificate information? I suspect yes, but would be good to get confirmation on this.
Attachment #8878867 - Flags: review?(philipp) → review+
(In reply to Philipp Kewisch [:Fallen] from comment #3)
> Comment on attachment 8878867 [details] [diff] [review]
> OSXinstaller.patch
> 
> Review of attachment 8878867 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> r+ with this comment considered:
> 
> ::: mail/app/macbuild/Contents/Info.plist.in
> @@ +65,5 @@
> >          <string>GeckoNSApplication</string>
> > +	<key>SMPrivilegedExecutables</key>
> > +	<dict>
> > +		<key>org.mozilla.updater</key>
> > +		<string>identifier "org.mozilla.updater" and ((anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9]) or (anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "43AQ936H96"))</string>
> 
> Do we have the same certificate information? I suspect yes, but would be
> good to get confirmation on this.

Stephen, please can you confirm this is true? I know too less of this things.
Flags: needinfo?(spohl.mozilla.bugs)
I don't know who's responsible for signing TB binaries and could verify this. Ben, do you know?
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(bhearsum)
(In reply to Stephen A Pohl [:spohl] from comment #5)
> I don't know who's responsible for signing TB binaries and could verify
> this. Ben, do you know?

Based on what I see in build logs (https://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-release-l10n/release-mozilla-release_firefox_macosx64_l10n_repack-bm82-build1-build178.txt.gz and https://archive.mozilla.org/pub/thunderbird/candidates/52.2.1-candidates/build1/logs/release-comm-esr52-macosx64_build-bm84-build1-build7.txt.gz), it appears they are signed with the same certificate.
Flags: needinfo?(bhearsum)
Ben and Stephen, thank you for looking into this.

So I think, we are safe to land it as it is.
Keywords: checkin-needed
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/cc50be271afa
Port bug 394984 to TB [Enable any admin user on OSX to update Firefox, front-end and updater changes]. r=philipp
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 57.0
You need to log in before you can comment on or make changes to this bug.