Closed Bug 1549718 Opened 5 months ago Closed 5 months ago

On browser updates, add-ons without explicit ID in their manifest.json are removed when the signature is invalid

Categories

(Toolkit :: Add-ons Manager, defect, P1, major)

defect

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox-esr60 66+ wontfix
firefox66 blocking wontfix
firefox67 blocking wontfix
firefox68 blocking wontfix

People

(Reporter: robwu, Unassigned)

References

Details

(Whiteboard: cert2019)

Attachments

(2 files)

This is like bug 1549129, except merely updating the browser is sufficient to trigger the bug.

Prerequisites to trigger this bug:

  • Add-on has no explicit ID in manifest.json
  • Add-on signature became invalid (bug 1548973).
  • Browser updates (or DB_SCHEMA is bumped).

Result:

  • Add-on package (xpi file) is removed.
  • Add-on data is preserved, so upon re-install the data is back.

STR:

  1. Download: https://addons.mozilla.org/firefox/downloads/file/1753729/epubreader-2.0.8-fx.xpi
  2. Download: Firefox 67.0b16 and 67.0b17 (or 66.0.3 + 66.0.4).
  3. Create a directory and put user.js with the following content in it (this is to trigger bug 1549344):
user_pref("app.normandy.enabled", false);
user_pref("security.nocertdb", true);
  1. Set the clock to last Friday (3 May 2019)
  2. Start Firefox 67.b16 with the profile.
  3. Install epubreader-2.0.8-fx.xpi and close Firefox.
  4. Set the clock to today.
  5. Start Firefox 67.b17 with the profile.
  6. Observe that the add-on is gone.

Stack trace:

1557236049637   addons.xpi-utils        WARN    addMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Invalid addon ID: expected addon ID {5384767E-00D9-40E9-B72F-9CC39D655D6F}, found undefined in manifest(resource://gre/modules/addons/XPIDatabase.jsm:2371:15) JS Stack trace: addMetadata@XPIDatabase.jsm:2371:15
processFileChanges@XPIDatabase.jsm:2737:26
checkForChanges@XPIProvider.jsm:2688:55
startup@XPIProvider.jsm:2251:12
callProvider@AddonManager.jsm:204:31
_startProvider@AddonManager.jsm:655:5
startup@AddonManager.jsm:811:14
startup@AddonManager.jsm:2804:26
observe@addonManager.js:65:29
Attached file output-bug1549129.log

Output on Linux, with additional prefs for debugging.

b16/firefox is Firefox 67.0b17, b17 is 67.0b17.
I used faketime to change the clock, and fixtime.py to avoid bug 1549129.

/tmp/qa$ rm -rf profile && mkdir profile && printf 'user_pref("app.normandy.enabled", false);\nuser_pref("security.nocertdb", true);\nuser_pref("browser.dom.window.dump.enabled", true);\nuser_pref("extensions.logging.enabled", true);\nuser_pref("toolkit.telemetry.testing.overridePreRelease", true);\nuser_pref("devtools.selfxss.count", 5);\n' > profile/user.js               
/tmp/qa$ faketime '2019-05-04 00:00:00' ./b16/firefox --no-remote -profile profile /tmp/qa | grep -v XPIState
/tmp/qa$ ~/firefox/bugs/profile-addonStartup-mtime/fixtime.py profile                                                       
/tmp/qa$ ./b17/firefox --no-remote -profile profile /tmp/qa about:telemetry | grep -v XPIState

Simple Measures at about:telemetry has:

addonManager.XPIDB_startup_load_reasons 	[directoryState, schemaChanged]
Attached file fixtime.py

This script updates addonStartup.json.lz4 and extensions.json to make sure that the lastModifiedTime and updateDate matches, to avoid bug 1549129.

Usage: python3 fixtime.py /path/to/profiledir/

Scenarios in which this bug can be triggered (caused by bug 1548973):

  • User updates to Firefox 66.0.3 / 67.0b16 or earlier, from any other version.
  • User updates to 66.0.4 / 67.0b17, but certificate registration fails (e.g. bug 1549249, bug 1549344).

This bug does not occur when the certificate is successfully added (i.e. without suffering from bug 1549249 etc.):

Component: General → Add-ons Manager
Component: Add-ons Manager → General
Priority: -- → P1
Component: General → Add-ons Manager
Status: NEW → RESOLVED
Closed: 5 months ago
Resolution: --- → WONTFIX

This was wontfixed because the code path that causes it (stemming from the lack of IDs) is valid. We can't prevent this. But we can react to it -- which I assume is the same we'd do for bug 1549129, which is a result of the same code path.

(Whether we decide to do that is a different question, up to Product, etc.)

See Also: → 1550055
You need to log in before you can comment on or make changes to this bug.