Make `--disable-verify-mar` imply `DISABLE_UPDATER_AUTHENTICODE_CHECK`
Categories
(Firefox :: Installer, enhancement, P5)
Tracking
()
Tracking | Status | |
---|---|---|
firefox103 | --- | fixed |
People
(Reporter: nalexander, Assigned: bytesized)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
In the Setting up an update server MDN docs, there's a note that when debugging unsigned updates one should set --disable-verify-mar
and then manually bump some lines referencing DISABLE_UPDATER_AUTHENTICODE_CHECK
. Let's make the former imply the latter so that working in this area is just a different mozconfig away.
Reporter | ||
Comment 1•4 years ago
|
||
Even better would be to get rid of the separate flag/define, which doesn't seem to be particularly valuable. mhowell: any reason to not just use the existing MOZ_VERIFY_MAR_SIGNATURE
(implied by --disable-verify-mar
)?
Comment 2•4 years ago
|
||
I think this is a good idea. Having DISABLE_UPDATER_AUTHENTICODE_CHECK
be controlled by some configure flag is just clearly a great idea, we should have done that ages ago. I can't see any compelling reason to keep them as separate flags either; there aren't really any good reasons to make builds with one but not the other.
If we are going to have that be the same flag that controls MOZ_VERIFY_MAR_SIGNATURE
though, then we should rename it (and we should rename the preprocessor symbol as well if we use the same one for both) just to keep it from getting confusing reading that code.
There's only one tiny issue I can see, and it's not important. If anyone is shipping something with --disable-verify-mar
set, then it would be surprising to them for that flag to begin also implying the authenticode change. But then again, they would only be losing security that they already did not have, because turning off MAR signing effectively breaks all of it. And if we're renaming the flag, that would mitigate this problem by forcing the surprising new thing to their attention. So I think we're fine not worrying about that.
Reporter | ||
Comment 3•4 years ago
|
||
This generalizes the existing --disable-verify-mar
flag to be more
indicative of what it does, and makes it imply a further option that
was essentially required to use the flag for debugging.
Updated•4 years ago
|
Comment 4•4 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:nalexander, could you have a look please?
For more information, please visit auto_nag documentation.
Reporter | ||
Comment 5•3 years ago
|
||
Clearing NI since things have moved forward and I think we'll want to do some things slightly different in this area when (if) I revisit it.
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 6•2 years ago
|
||
Also adds docs for how to run the Maintenance Service tests, which is another thing that the --enable-unverified-updates will be useful for.
Depends on D81279
Updated•2 years ago
|
Pushed by ksteuber@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bd42fdc548ac Replace --disable-verify-mar with --enable-unverified-updates, make it imply DISABLE_UPDATER_AUTHENTICODE_CHECK r=firefox-build-system-reviewers,nalexander https://hg.mozilla.org/integration/autoland/rev/3aa5fe508801 Update docs to account for --enable-unverified-updates flag r=nalexander,application-update-reviewers
Comment 8•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/bd42fdc548ac
https://hg.mozilla.org/mozilla-central/rev/3aa5fe508801
Description
•