Closed Bug 1762957 Opened 3 years ago Closed 3 years ago

Create Fx update pinning policy and include the pin in the update URL

Categories

(Firefox :: Enterprise Policies, task, P2)

Product:
Firefox
Component:
Enterprise Policies
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
102 Branch
Tracking Flags:
Tracking Status
firefox102 --- fixed

People

(Reporter: bytesized, Assigned: bytesized)

References

Details

(Whiteboard: [fidedi-ope])

Attachments

(5 files)

Bug 1762957 - Add Firefox Enterprise Policy for application update pinning r=mkaply!,bhearsum!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1762957 - When the AppUpdatePin policy is set, include the specified pin in the update url r=bhearsum!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1762957 - Telemetry for Application Update Pinning feature r=bhearsum!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1762957 - Tests for Update Pinning r=bhearsum!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1762957 data review.md
2.47 KB, text/plain
chutten
: data-review+
Details

This bug is for the work necessary on Firefox itself to implement update pinning. This work will involve 3 parts:

  1. Adding the Enterprise Policy to the policy engine to allow Firefox to be pinned to a particular version.
  2. Changing the generation of the Firefox update URL to include the update pin, if it is set. Since the update pin is optional, we will implement it as a query parameter rather than a path component. We already set a few query parameters here.
  3. Adding telemetry to report the version being pinned.
Summary: Create Fx update pinning policy and update URL change → Create Fx update pinning policy and include the pin in the update URL
Whiteboard: [fidedi-ope]

This patch also adds the capability for Policy implementations (in Policies.jsm) to have a validate function. If it returns false, the Enterprise Policy engine will consider the policy's parameter to be invalid and the policy will not be activated. This capability is used to validate the update pin policy's parameter to make sure that it takes the expected format ("X." or "X.Y.", where X is the pinned major version and Y is the pinned minor version).

Assignee: nobody → bytesized
Status: NEW → ASSIGNED

Note that these tests only ensure that the pin is properly added to the update URL and to the telemetry. They do not test that the update applied will be of the correct version. This is because we are not attempting to have Firefox check if the update provided is valid given the pin, we are leaving it to the update server (Balrog) to find and serve the correct version.

Depends on D143787

Attachment #9273720 - Flags: data-review?(chutten)

Note that I am going to be holding off on merging these patches until the backend changes are ready. This is for two reasons: I can't actually test it without them, and I don't want about:policies to give the impression that this policy exists and works when it doesn't yet.

Comment on attachment 9273720 [details]
Bug 1762957 data review.md

DATA COLLECTION REVIEW RESPONSE:

Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes.

Is there a control mechanism that allows the user to turn the data collection on and off?

Yes. This collection is Telemetry so can be controlled through Firefox's Preferences.

If the request is for permanent data collection, is there someone who will monitor the data over time?

Yes, Kirk Steuber is responsible.

Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 2, Interaction.

Is the data collection request for default-on or default-off?

Default on for all channels.

Does the instrumentation include the addition of any new identifiers?

No.

Is the data collection covered by the existing Firefox privacy notice?

Yes.

Does the data collection use a third-party collection tool?

No.

Result: datareview+

Attachment #9273720 - Flags: data-review?(chutten) → data-review+

(In reply to Kirk Steuber (he/him) [:bytesized] from comment #6)

Note that I am going to be holding off on merging these patches until the backend changes are ready. This is for two reasons: I can't actually test it without them, and I don't want about:policies to give the impression that this policy exists and works when it doesn't yet.

We've decided not to hold these back for the backend changes, so I'll be merging this now even though the backend changes aren't quite ready yet.

Pushed by ksteuber@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/14bebf899b47 Add Firefox Enterprise Policy for application update pinning r=mkaply,bhearsum,fluent-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/00f1bccb6b0f When the AppUpdatePin policy is set, include the specified pin in the update url r=bhearsum https://hg.mozilla.org/integration/autoland/rev/8bed6fb08dc9 Telemetry for Application Update Pinning feature r=bhearsum https://hg.mozilla.org/integration/autoland/rev/b5d22712c9f6 Tests for Update Pinning r=bhearsum
See Also: → 1910603
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: