Closed Bug 1476098 Opened 3 years ago Closed 3 years ago
Nightly ASAN builds are missing the Google and Mozilla API keys
59 bytes, text/x-review-board-request
The Nightly ASAN builds don't include the Google and Mozilla API keys (see "Application Basics" in about:support). This means that those builds do not have working Safe Browsing (or location services). You can confirm that Safe Browsing works by going into about:url-classifier and doing an update of the "google4" provider (it should say "success"). There is also a test page maintained by Google at https://testsafebrowsing.appspot.com/.
Group: firefox-build-security → firefox-core-security
Moving the security groups for this bug per bug 1476102, because the firefox-build-security group is going away.
Unhiding because this isn't as much an attack vector as a dangerous working condition that users of those builds might want to know about.
From build log, we're getting the keys .. [task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - [mozharness: 2018-07-20 22:07:40.205422Z] Running get-secrets step. [task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - Running main action method: get_secrets [task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/gapi.data from API [task 2018-07-20T22:07:40.408Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/mozilla-desktop-geoloc-api.key from API [task 2018-07-20T22:07:40.513Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/adjust-sdk.token from API [task 2018-07-20T22:07:41.448Z] 22:07:41 INFO - fetching secret project/releng/gecko/build/level-3/adjust-sdk-beta.token from API [task 2018-07-20T22:07:41.546Z] 22:07:41 INFO - [mozharness: 2018-07-20 22:07:41.546587Z] Finished get-secrets step (success) And then looking deeper, official builds specify a key file (for this and other things) in files like: https://dxr.mozilla.org/mozilla-central/source/browser/config/mozconfigs/linux32/common-opt We don't specify them in the asan mozconfigs: https://dxr.mozilla.org/mozilla-central/source/browser/config/mozconfigs/linux64/nightly-asan-reporter nor do we source the common files. ..I'm hoping glandium or christian can help sort this out (as in, should the asan builds source the common files, or should they specify the keys directly)
Including the common file won't work for ASan in its current state. We might be able to refactor this to share more of the options, but for now, here is an easy patch to fix the missing keys in those builds.
triaging, assigning to :decoder since he attached patches
Assignee: nobody → choller
Comment on attachment 8993895 [details] Bug 1476098 - Add Google and Mozilla API keys to ASan Nightly. https://reviewboard.mozilla.org/r/258546/#review265904
Attachment #8993895 - Flags: review?(mh+mozilla) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/autoland/rev/3d633edc1c27 Add Google and Mozilla API keys to ASan Nightly. r=glandium
You need to log in before you can comment on or make changes to this bug.