Add support for security devices

VERIFIED FIXED in Firefox -esr60

Status

()

enhancement
P1
normal
VERIFIED FIXED
11 months ago
9 months ago

People

(Reporter: mkaply, Assigned: mkaply)

Tracking

Trunk
Firefox 64
Points:
---
Dependency tree / graph
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(firefox-esr6064+ verified, firefox64 verified)

Details

Attachments

(4 attachments)

Add support for adding PKCS11 security devices.
Note: this should have tests, both for the policy itself, but also for the parsing of patternProperties (you could add it to https://searchfox.org/mozilla-central/source/toolkit/components/utils/test/browser/browser_JsonSchemaValidator.js )
There's really no good way to test the policy. We're calling a known API that is tested.

I wasn't sure where to add the validator test.
Comment on attachment 9011041 [details]
Bug 1493249 - Add policy for security devices.

:Felipe Gomes (needinfo me!) has approved the revision.
Attachment #9011041 - Flags: review+
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/86baeb291e66
Add policy for security devices. r=Felipe
https://hg.mozilla.org/mozilla-central/rev/86baeb291e66
Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 64
Depends on: 1498223
This bug was covered by the overall testing efforts invested in the Additional Enterprise Policies feature.

Marking this as verified fixed using Firefox 64.0a1 (BuildId:20181011220118) on Windows 10 64bit and macOS 10.13.6
Status: RESOLVED → VERIFIED
Posted patch Patch for ESRSplinter Review
[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Policy change to align with Firefox 64

User impact if declined: 

Fix Landed on Version: 64

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Policy only change

String or UUID changes made by this patch: None
Attachment #9024119 - Flags: approval-mozilla-esr60?
Comment on attachment 9024119 [details] [diff] [review]
Patch for ESR

Verified in 64, OK to uplift this enterprise policy change.
Attachment #9024119 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Hi Mike,

I tried verifying this issue using the esr build (provided in comment 10) but it seems that the policy is not recognized.

Console output: 

Enterprise Policies:Unknown policy: SecurityDevices
Flags: needinfo?(mozilla)
Posted patch FollowupSplinter Review
[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Missing part of previous patch

User impact if declined: Function doesn't work

Fix Landed on Version: 

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): corrects schema change

String or UUID changes made by this patch:
Flags: needinfo?(mozilla)
Attachment #9025722 - Flags: approval-mozilla-esr60?
I screwed up and forgot a piece of the patch. This is needed before bug 1498223 will apply.
Thanks Emil and Mike! Good catch.
Comment on attachment 9025722 [details] [diff] [review]
Followup

Fix for new enterprise policy on ESR.
Attachment #9025722 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Mike, did this ever actually land on ESR60?
Flags: needinfo?(mozilla)
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #16)
> Mike, did this ever actually land on ESR60?

No, thanks for the reminder.

https://hg.mozilla.org/releases/mozilla-esr60/rev/ff3b417e363f65040aa4eb38d249a740191f7c87
Flags: needinfo?(mozilla)
Emil

Can you reverify when the next esr nightly is available?
Flags: needinfo?(emil.ghitta)
[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Another followup to patch

User impact if declined: Feature won't work

Fix Landed on Version: ESR only

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): Liz, I'm very sorry about this. I should have tested more thoroughly instead of just assuming this will work. All other ESR patches will be built and tested locally.

String or UUID changes made by this patch:
Attachment #9028359 - Flags: review?(felipc)
Attachment #9028359 - Flags: approval-mozilla-esr60?
Attachment #9028359 - Flags: review?(felipc) → review+
Comment on attachment 9028359 [details] [diff] [review]
Correct esr60 iterator problem

Another follow-up fix for ESR, approved for 60.4.0esr. Glad we've got QA verifying these!
Attachment #9028359 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
This is verified fixed using Firefox 60.3.1esr (provided in comment 21) on Windows 10 64bit and macOS 10.14
Flags: needinfo?(emil.ghitta)
You need to log in before you can comment on or make changes to this bug.