Verify add-on signatures sooner when relevant after a browser update
Categories
(Toolkit :: Add-ons Manager, enhancement)
Tracking
()
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Whiteboard: [addons-jira])
Attachments
(3 files)
|
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-esr115+
|
Details | Review |
For changes to add-on signature verification to apply, add-on signatures need to verify. This can take up to 24 hours.
We should make sure that if there is any known change to signature state, that signatures are verified immediately.
For example, in the most recent root certificate expiration, the recommendation is to update the browser. But if someone is using an old browser, updating to the latest version does not immediately fix the signatures, and consequently the user may think that the update did not fix things.
When QA was checking the patch to bug 1954818, they also observed that a previously disabled add-on remains disabled, until the timer to trigger immediate signature verification is triggered.
|
||
Updated•1 month ago
|
|
Assignee | |
Comment 1•1 month ago
|
||
|
||
Comment 3•1 month ago
|
||
| bugherder | ||
|
||
Comment 4•1 month ago
|
||
Verified as Fixed. Tested on the latest Nightly 138.0a1 from the try builds linked in Comment 2 under Windows 11, Ubuntu 24.04 LTS and macOS 11.3.1.
The extension is re-enabled as soon as the browser starts.
|
||
Comment 5•29 days ago
|
||
Comment on attachment 9473089 [details]
Bug 1954934 - Introduce signature verification checkpoint at startup
Beta/Release Uplift Approval Request
- User impact if declined/Reason for urgency: This will speed-up the resolution of https://bugzilla.mozilla.org/show_bug.cgi?id=1954818 for affected users (which can take up to 24h otherwise).
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): It's low risk because the code is covered by tests, verified by QA, and the patch only attempts to re-verify extension signatures once.
- String changes made/needed: N/A
- Is Android affected?: Yes
|
||
Updated•29 days ago
|
|
|
||
Updated•29 days ago
|
|
|
||
Comment 7•29 days ago
|
||
Verified as Fixed. Tested on the latest Beta (137.0b9/20250320105533 from the try builds linked in Comment 6) under Windows 11 and Ubuntu 24.04 LTS.
The extension is re-enabled as soon as the browser starts.
|
|
Assignee | |
Comment 8•29 days ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D242193
|
||
Updated•29 days ago
|
|
|
||
Comment 9•29 days ago
|
||
esr128 Uplift Approval Request
- User impact if declined: Users updating from previous version with expired certificate (e.g. intermediate from bug 1954818 or root from https://support.mozilla.org/en-US/kb/root-certificate-expiration) will still have disabled add-ons for up to 24 hours, instead of them being re-enabled immediately on update
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: https://bugzilla.mozilla.org/show_bug.cgi?id=1954818#c2
- Risk associated with taking this patch: Low
- Explanation of risk level: Covered by automated tests, verified by QA already and patch runs logic only once.
- String changes made/needed: None
- Is Android affected?: no
|
|
||
Updated•28 days ago
|
|
||
Comment 10•28 days ago
|
||
| uplift | ||
|
||
Updated•28 days ago
|
|
|
||
Comment 11•28 days ago
|
||
Verified as Fixed. Tested on the latest ESR 128 (128.9.0esr/20250321111107 from the builds linked in Comment 10) under Ubuntu 24.04 LTS and macOS 11.3.1.
The extension is re-enabled as soon as the browser starts.
|
|
Assignee | |
Comment 12•28 days ago
|
||
Changes from the original:
- .sys.mjs -> .jsm
- .toml -> .ini
- XPIExports.XPIDatabase -> lazy.XPIDatabase
- invert dev-root pref, since the xpi on ESR115 is signed with the prod
root instead of the dev root (bug 1886252)
Original Revision: https://phabricator.services.mozilla.com/D242193
|
|
||
Updated•28 days ago
|
|
|
||
Comment 13•28 days ago
|
||
esr115 Uplift Approval Request
- User impact if declined: Users updating from previous version with expired certificate (e.g. intermediate from bug 1954818 or root from https://support.mozilla.org/en-US/kb/root-certificate-expiration) will still have disabled add-ons for up to 24 hours, instead of them being re-enabled immediately on update
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Steps to reproduce for manual QE testing: https://bugzilla.mozilla.org/show_bug.cgi?id=1954818#c2 ; To verify with root expiration: use ESR115.12 or earlier as "affected build"; To try the intermediate cert expiration, test any ESR115.13 - ESR115.21 build (as long as the hotfix from bug 1954957 has not been deployed).
- Risk associated with taking this patch: Low
- Explanation of risk level: Covered by automated tests, verified by QA already and patch runs logic only once.
- String changes made/needed: None
- Is Android affected?: no
|
|
||
Updated•28 days ago
|
|
|
||
Comment 14•28 days ago
|
||
| uplift | ||
|
|
||
Updated•28 days ago
|
|
|
||
Updated•26 days ago
|
|
|
||
Comment 15•26 days ago
|
||
Verified as Fixed. Tested on the latest ESR 115 (115.22.0esr/20250321162310 from the builds linked in Comment 14) under Ubuntu 24.04 LTS and macOS 11.3.1.
Since the hotfix from Bug 1954957 has been deployed, I edited the extensions.systemAddon.update.url perf so as the hotfix to not get delivered on the tested build and to test this patch exclusively.
Even without the hotfix, the extension is re-enabled as soon as the browser starts.
Description
•