1891622 - Add Version Selector Binary

Status: NEW

(Toolkit :: Application Update, task, P3)

Description

[Robin Steuber (she/her) [:bytesized]]

When Firefox is invoked, we need a way of selecting the correct version to run. This will be done by a binary placed at the top level of the install directory (i.e. in the parent directory of the versioned installation directories) and will be named firefox.exe which will simply run the firefox.exe in the correct subdirectory. This placement/naming will allow all existing links to Firefox to continue functioning normally.

An important consideration in the design of the version selection code is that it is security sensitive. A bug that causes or allows a bad actor to cause selection of a subdirectory that contains an old Firefox version or something else entirely is a serious security bug. We should also avoid selecting a version that is still in the process of being installed.

There is a very simple, fairly bulletproof solution to the version selection problems: the version selector will be hardcoded to launch the version that it shipped with. When we update, one of the last stages of the update process will be to replace the old version selector binary with the new one.

There is a bit of a question as to what should happen with the version selector prior to versioned installation directories actually being used. It seems pretty obviously wrong to ship it when we aren't using it. But just having that code be dead until the build flag is flipped isn't real appealing either. I think that the thing to do here is to, conditionally on the Versioned Installation Directory Build Flag (Bug 1891616), specify a FINAL_TARGET like this one that puts the binary in the tests directory. This way we can ensure that automated testing runs against the binary while it is waiting to be shipped.

After we eventually do ship it, we should probably strip that code out and just not build the binary at all if the build flag isn't specified.

Comment 1

[Robin Steuber (she/her) [:bytesized]]

Some additional implementation information:

Argument Handling

To maintain compatibility, the version selector should generally pass all environment variables and arguments to the Firefox binary when it launches it. There is, however, one that requires special handling: --wait-for-browser. This currently signals to the Firefox launcher process that it should hang around and wait for Firefox to exit rather than kicking it off and exiting as soon as possible. This option is generally used when the caller wants to be able to wait on the PID that it launched to know when Firefox exited, but the version selector threatens to interfere with this since it also generally launches Firefox and exits. So when it sees that argument, it should still pass it to Firefox, but it should also wait for Firefox to exit before the version selector exits.

Version Metadata

We need to be able to read a version selector binary and determine what version it is. However, I am going to split this work off into a separate bug where we will implement the metadata and the metadata reading functionality together.