On browser updates, add-ons without explicit ID in their manifest.json are removed when the signature is invalid
Categories
(Toolkit :: Add-ons Manager, defect, P1)
Tracking
()
People
(Reporter: robwu, Unassigned)
References
Details
(Whiteboard: cert2019)
Attachments
(2 files)
This is like bug 1549129, except merely updating the browser is sufficient to trigger the bug.
Prerequisites to trigger this bug:
- Add-on has no explicit ID in manifest.json
- Add-on signature became invalid (bug 1548973).
- Browser updates (or
DB_SCHEMA
is bumped).
Result:
- Add-on package (xpi file) is removed.
- Add-on data is preserved, so upon re-install the data is back.
STR:
- Download: https://addons.mozilla.org/firefox/downloads/file/1753729/epubreader-2.0.8-fx.xpi
- Download: Firefox 67.0b16 and 67.0b17 (or 66.0.3 + 66.0.4).
- Create a directory and put
user.js
with the following content in it (this is to trigger bug 1549344):
user_pref("app.normandy.enabled", false);
user_pref("security.nocertdb", true);
- Set the clock to last Friday (3 May 2019)
- Start Firefox 67.b16 with the profile.
- Install
epubreader-2.0.8-fx.xpi
and close Firefox. - Set the clock to today.
- Start Firefox 67.b17 with the profile.
- Observe that the add-on is gone.
Stack trace:
1557236049637 addons.xpi-utils WARN addMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Invalid addon ID: expected addon ID {5384767E-00D9-40E9-B72F-9CC39D655D6F}, found undefined in manifest(resource://gre/modules/addons/XPIDatabase.jsm:2371:15) JS Stack trace: addMetadata@XPIDatabase.jsm:2371:15
processFileChanges@XPIDatabase.jsm:2737:26
checkForChanges@XPIProvider.jsm:2688:55
startup@XPIProvider.jsm:2251:12
callProvider@AddonManager.jsm:204:31
_startProvider@AddonManager.jsm:655:5
startup@AddonManager.jsm:811:14
startup@AddonManager.jsm:2804:26
observe@addonManager.js:65:29
Updated•5 years ago
|
Reporter | ||
Comment 1•5 years ago
|
||
Output on Linux, with additional prefs for debugging.
b16/firefox
is Firefox 67.0b17, b17
is 67.0b17.
I used faketime
to change the clock, and fixtime.py
to avoid bug 1549129.
/tmp/qa$ rm -rf profile && mkdir profile && printf 'user_pref("app.normandy.enabled", false);\nuser_pref("security.nocertdb", true);\nuser_pref("browser.dom.window.dump.enabled", true);\nuser_pref("extensions.logging.enabled", true);\nuser_pref("toolkit.telemetry.testing.overridePreRelease", true);\nuser_pref("devtools.selfxss.count", 5);\n' > profile/user.js
/tmp/qa$ faketime '2019-05-04 00:00:00' ./b16/firefox --no-remote -profile profile /tmp/qa | grep -v XPIState
/tmp/qa$ ~/firefox/bugs/profile-addonStartup-mtime/fixtime.py profile
/tmp/qa$ ./b17/firefox --no-remote -profile profile /tmp/qa about:telemetry | grep -v XPIState
Simple Measures at about:telemetry
has:
addonManager.XPIDB_startup_load_reasons [directoryState, schemaChanged]
Reporter | ||
Comment 2•5 years ago
|
||
This script updates addonStartup.json.lz4
and extensions.json
to make sure that the lastModifiedTime
and updateDate
matches, to avoid bug 1549129.
Usage: python3 fixtime.py /path/to/profiledir/
Updated•5 years ago
|
Reporter | ||
Comment 3•5 years ago
|
||
Scenarios in which this bug can be triggered (caused by bug 1548973):
- User updates to Firefox 66.0.3 / 67.0b16 or earlier, from any other version.
- User updates to 66.0.4 / 67.0b17, but certificate registration fails (e.g. bug 1549249, bug 1549344).
This bug does not occur when the certificate is successfully added (i.e. without suffering from bug 1549249 etc.):
- The hotfix is run (https://bugzilla.mozilla.org/show_bug.cgi?id=1548973#c57 / bug 1549400).
- User updates to Firefox 66.0.4 / 67.0b17.
Reporter | ||
Updated•5 years ago
|
Updated•5 years ago
|
Reporter | ||
Updated•5 years ago
|
Updated•5 years ago
|
Comment 4•5 years ago
|
||
This was wontfixed because the code path that causes it (stemming from the lack of IDs) is valid. We can't prevent this. But we can react to it -- which I assume is the same we'd do for bug 1549129, which is a result of the same code path.
(Whether we decide to do that is a different question, up to Product, etc.)
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Please specify a root cause for this bug. See :tmaity for more information.
Description
•