Open Bug 1602839 Opened 6 years ago Updated 3 years ago

[meta] Prevent sideloading addons from non application locations

Categories

(Toolkit :: Add-ons Manager, task)

Product:
Toolkit
Component:
Add-ons Manager
Type:
task

Tracking

()

People

(Reporter: mixedpuppy, Unassigned)

References

(
URL
)

Details

(Keywords: meta)

Goals

Prevent sideloaded addons.

We need to continue supporting some sideloading for ESR and 3rd party distributions (linux, non-Firefox branded distributions).

What will change

  • Disable sideloading in all addon locations other than the profile. This means that when we scan those locations for changes, we will ignore new installs.
    • We continue to scan for updates or removal for addons sideloaded prior to this change.
    • addons previously installed will continue to work until the user removes them.
    • This will be done by introducing a new preference (initially) called extensions.sideloadScopes. This is a bit flag similar to existing prefs (e.g. extensions.startupScanScopes). For any scope matching this, we will ignore any previously unknown extension.
  • Enable removal of sideloaded extensions.
    • For non-profile locations, this means removing the link file and xpi state of the addon, we would not delete the extension. Since we would no longer scan for new addons, these removed addons would not reappear.
  • Extensions sideloaded through the profile will not change behavior initially (they are currently installed disabled, and are removable).
    • This will eventually change as well
  • Support a build-time flag (replacing preference) so that ESR and non-Firefox distributions can continue to support sideloading as necessary for their use cases.
    • The extensions.sideloadScopes pref mentioned above will be replaced with the compile-time flag
Depends on: 1602840
Depends on: 1603227
Depends on: 1604513
Depends on: 1605479
Depends on: 1616545
Depends on: 1616791

This issue is related to Mozilla's announcement, correct? Only asking because it's difficult for me to map the announcement to the "definitive" tracking ticket.

It seems like this has caused confusion at least for maintainers in Gentoo who are in charge of www-plugins/* packages. I personally install plugins this way because I maintain more than one profile and it is more convenient for me to upgrade them all in one place, rather than per-profile. And from the looks of this issue, I should still be able to do this, provided the Firefox build I'm using has this functionality enabled.

I am contacting one such addon package maintainer on Gentoo's side and pointing them to this issue so that everyone's on the same page.

(In reply to opal hart from comment #1)

This issue is related to Mozilla's announcement, correct? Only asking because it's difficult for me to map the announcement to the "definitive" tracking ticket.

This is the tracking bug for this work.

It seems like this has caused confusion at least for maintainers in Gentoo who are in charge of www-plugins/* packages.

Official builds from Mozilla will restrict sideloading.

A linux build of firefox can be created adding a build flag that allows sideloading. In a custom build like that, a preference is available to specify what "locations" they can sideload from.

Blocks: 640775
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.