Closed Bug 545227 Opened 14 years ago Closed 13 years ago

Extensions should support signed "bootloaders"

Categories

(Toolkit :: Add-ons Manager, enhancement, P5)

Product:
Toolkit
Component:
Add-ons Manager
Platform:
x86
macOS
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: avarma, Unassigned)

Details

(Whiteboard: [jetpack]) 

Regarding bug 544021, it should be possible for Firefox to detect if an extension's bootstrap.js (or possibly a JAR file containing multiple JS files) is signed by Mozilla; if so, then it doesn't need to present the user with any warnings about running untrusted content, and can instead rely on the boostrapping code to display any such warnings to the user (e.g. if the bootstrapper represents a trusted harness for Jetpack/GreaseMonkey/CoScripter/etc that goes on to execute untrusted or semi-trusted code).

Another option is to just sign all AMO-built Jetpack XPIs with a Mozilla cert. The extension manager could then load such extensions with no warning, assuming the extension will display any warnings once it has loaded itself.

Sorry this bug is so vague for now, but we need to get some form of it into Bugzilla to make sure this requirement is accounted for.
Whiteboard: [jetpack]
There are I believe no real standards for signing a single JS file so I suspect we will either have to have the JS inside a signed JAR file inside the XPI, or sign the entire XPI. I think it is possible to only sign certain files inside an XPI too but that might open up problems with handling other normally signed XPIs.

There will need to be some discussion on exactly what we trust. If we trust a single cert then there isn't really a way to revoke that cert so we probably have to trust a CA (even if it is one we make up). However people like shaver have said in the past that they don't like the idea of Mozilla going into the CA business even in this limited case.
No longer blocks: 543856
Blocks: 543856
No longer blocks: 543856
Just wanted to note that this is no longer a necessity for Jetpack, as we've now changed our roadmap strategy to allow for the Jetpack platform to be integrated into Firefox itself once it's matured.

Once this happens, Jetpack-based extensions will no longer need to "bootstrap" themselves, but will instead be carefully loaded by the Jetpack platform in Firefox, obviating the need for this feature.

As such, I'm reducing this to a P5 enhancement for now, though it might be more appropriate to just mark it as resolved wontfix or somesuch...
Severity: normal → enhancement
Priority: -- → P5
Unless we actually have a need for this in jetpack then there isn't any point in working on this
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.