Closed Bug 1792595 Opened 3 years ago Closed 2 years ago

[macOS] policies.json is not persisted after Firefox update

Categories

(Firefox :: Enterprise Policies, defect)

Product:
Firefox
Component:
Enterprise Policies
Version:
Firefox 106
Platform:
Desktop
macOS
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: jakub.g.opensource, Unassigned)

Details

Steps to reproduce:

Install Firefox on MacOS. Create enterprise policy file (policies.json). Wait until Firefox is updated.

Actual results:

policies.json file disappears

Expected results:

The file should have been kept after the update

More detailed repro below. I repro on macOS 12.6 both on Intel MBP and M1 MBP.

  1. Install some outdated version of Firefox, to be able to trigger immediate update.
    For example: get Firefox Dev 106b3, which will get auto-updated to 106b4 on first launch as of today.
    You can either download DMG and double-click it to install, or do it from command line:
curl --output fx106b3.dmg https://download-installer.cdn.mozilla.net/pub/devedition/releases/106.0b3/mac/en-US/Firefox%20106.0b3.dmg
hdiutil attach fx106b3.dmg -nobrowse -readonly
cp -R "/Volumes/Firefox Developer Edition/Firefox Developer Edition.app" /Applications/
hdiutil detach "/Volumes/Firefox Developer Edition" -force
  1. Run the following script to create policies.json file:
#!/bin/bash

FX_FOLDER="/Applications/Firefox Developer Edition.app"
if [ -d "$FX_FOLDER" ]; then
    POLICIES_FOLDER="$FX_FOLDER/Contents/Resources/distribution"
    POLICIES_FILE="$POLICIES_FOLDER/policies.json"

    echo '# policies folder:'
    ls -la "$POLICIES_FOLDER"
    echo '# policies file:'
    ls -la "$POLICIES_FILE"
    cat "$POLICIES_FILE"

    if [ ! -f "$POLICIES_FILE" ]; then
        echo "[frontend-devx] Enabling 'ImportEnterpriseRoots' in $FX_FOLDER."

        # the below is to avoid bug 1781462
        xattr -r -d com.apple.quarantine "$FX_FOLDER" 
        sudo -p "Sudo password:" mkdir -p "$POLICIES_FOLDER"
        sudo chown $USER "$POLICIES_FOLDER"
        cat << EOF > "$POLICIES_FILE"
{
  "policies": {
    "Certificates": {
      "ImportEnterpriseRoots": true
    }
  }
}
EOF
  fi
fi
  1. Launch Firefox
open /Applications/Firefox\ Developer\ Edition.app
  1. Re-run script from point 2; note the policy file is there
  2. Inside Firefox, open About Firefox > wait for update, restart to update
  3. Re-run script from point; observe the policy file is gone
Component: Untriaged → Enterprise Policies
OS: Unspecified → macOS
Hardware: Unspecified → Desktop

Some additional notes:

  • this has been happening for a few months already, probably not a regression but it's always been like this
  • sudo part is because some users in my company were reporting the script failing on their machines due to permissions issues; I don't repro this myself and I don't know why they had the permission issue on their side, but sudo solves this.
  • the policies.json file created this way has (on my machine at least) the same owner, group and rwx as other files in the Firefox folder

The severity field is not set for this bug.
:mkaply, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mozilla)

Hi,
I have tested this issue on beta Firefox 106.0b3 and could not reproduce it using macOS 12. The policies.json file was created when I run for the first time the script, then start Firefox 106.0b3 the policies file is there, trigger an update, Firefox restarts and updated to Fx 106.0 the policies file is still there.
Tested with Firefox Developer Edition 106.0b3 using macOS 12 and reproduced the issue, the policies.json not created either on the first run, or after updating Firefox to 106.0b9, I followed the same steps as for the beta version.
With Firefox Developer Edition I managed to overcome this issue by renamed the Firefox Developert Edition.app in Application to FirefoxDeveloperEdition.app and in script change to FX_FOLDER="/Applications/FirefoxDeveloperEdition.app". In this way the policies.json file is created and after updated Firefox is still there. The same happens using Firefox Nightly build.
Maybe you can figure out what is happening in the script or something is with Firefox Developer Edition build.

Flags: needinfo?(jakub.g.opensource)
Flags: needinfo?(mozilla)

Jakub:

Please see Timea's above comment.

Thanks for checking, I will have another look at this in the coming days.

Do you think we can close this?

A needinfo is requested from the reporter, however, the reporter is inactive on Bugzilla. Closing the bug as incomplete.

For more information, please visit BugBot documentation.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Flags: needinfo?(jakub.g.opensource)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.