1886157 - Enable new AOM restrictions on new weak signatures xpi installs on Nightly

Status: VERIFIED FIXED

(Toolkit :: Add-ons Manager, task, P2)

Description

[Luca Greco [:rpl] [:luca] [:lgreco]]

This bugzilla issue is tracking enabling the new AOM restrictions applied on install new xpi files signed only with weak algorithms in nigthly builds.

Comment 1

[William Durand [:willdurand]]

Attachment: Bug 1886157 - Disable xpinstall.signatures.weakSignaturesTemporarilyAllowed by default on Nightly. r?rpl!

Comment 2

[Pulsebot]

Pushed by wdurand@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/405f315bce3e
Disable xpinstall.signatures.weakSignaturesTemporarilyAllowed by default on Nightly. r=rpl

Comment 3

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/405f315bce3e

Comment 4

[William Durand [:willdurand]]

For QA: https://addons.mozilla.org/en-US/firefox/addon/colorzilla/ shouldn't be installable on Nightly between now and April 25.

Comment 5

[Alex Cornestean]

Verified as Fixed. Tested on the latest Nightly (127.0a1/20240423214125) under Windows 10 x64, Ubuntu 22.04 LTS and macOS 11.3.1.

Attempting to install https://addons.mozilla.org/en-US/firefox/addon/colorzilla/ fails, confirming the fix.

addons.xpi WARN Download of https://addons.mozilla.org/firefox/downloads/file/595546/colorzilla-3.3.xpi failed: install rejected due to the package not including a strong cryptographic signature is logged to the browser console and AMO shows a banner stating Installation aborted because the add-on appears to be corrupt.