Support signed updates in SeaMonkey

RESOLVED FIXED in seamonkey2.1b1

Status

SeaMonkey
Preferences
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: Robert Kaiser, Assigned: Ian Neal)

Tracking

Trunk
seamonkey2.1b1
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

7 years ago
Bug 583408 added a few default prefs, see http://hg.mozilla.org/mozilla-central/rev/c9ee9a98f2d4 - those are for update cert checks, and we should add them to SeaMonkey as well.
(Reporter)

Comment 1

7 years ago
Actually, we need more than that:

Bug 544442 - Add support for signed AUS update snippets - http://hg.mozilla.org/mozilla-central/rev/14bbdcaf695f
This is also only prefs.

Bug 586213 - Update app update url and certificate preferences after the additional host name with a new certificate is added for aus
That's the harder nut to crack, need to investigate this as it needs a server cert we don't have there right now.

Bug 583678 - Acquire a standby certificate for AUS
This is where they acquired a cert for their AUS server.


I guess we'll need to Future this and I'll need to put it up on the list what I need to discuss with people in MV next month.
Component: Preferences → Release Engineering
Depends on: 544442
QA Contact: preferences → release
Summary: Add update cert check default prefs to SeaMonkey → Support signed updates in SeaMonkey
Target Milestone: --- → Future
(Reporter)

Comment 2

7 years ago
Rob, apparently some *_check_invalidCertAttrs_* tests now fail for SeaMonkey after your latest checkins, is there any parts of the default prefs we can land that will fix that without us needing to get our own cert for the community AUS server or change anything there at this time?

As everything regarding us getting any bits of infrastructure is bound to take long if it happens at all, I'd love to see this decoupled in some way so that our tests go green at least.
I'll get the tests fixed as soon as I figure out why they are failing
(Reporter)

Comment 4

7 years ago
(In reply to comment #3)
> I'll get the tests fixed as soon as I figure out why they are failing

http://tinderbox.mozilla.org/showlog.cgi?log=SeaMonkey/1283460345.1283462713.23095.gz is a log showing the failures - should we file a separate bug for them?
I have a fix and will land it as a followup to the original bug
(Assignee)

Comment 6

7 years ago
Created attachment 471779 [details] [diff] [review]
Additional prefs patch v0.1

This patch contains the additional prefs which fixes the tests too (without rob's patch) but I don't know if this would break something else.
This app.update.certs.1.issuerName pref looks correct.

I am fairly certain that
pref("app.update.certs.1.commonName", "*.mozilla.org");

will need to be changed to
pref("app.update.certs.1.commonName", "aus2-community.mozilla.org");

The remainder are optional since they are the current defaults for app update which we add to firefox.js for reference.

To test this you can add those two preferences in about:config to a SeaMonkey build and Check for Updates. If they are correct the ui will either show that there is or is not an update available. If they are incorrect the ui will show that there was an error.
(Reporter)

Comment 8

7 years ago
(In reply to comment #7)
> I am fairly certain that
> pref("app.update.certs.1.commonName", "*.mozilla.org");
> 
> will need to be changed to
> pref("app.update.certs.1.commonName", "aus2-community.mozilla.org");

Ah, right, from inspecting the cert, it looks like we have our own one on this server anyhow - which is surely good as we don't have to go through all the hassle to get one :)
(Reporter)

Comment 9

7 years ago
Ian, in this case, please go ahead with the patch - with that change Rob mentioned.
Assignee: nobody → iann_bugzilla
Status: NEW → ASSIGNED
Target Milestone: Future → seamonkey2.1b1
(Assignee)

Comment 10

7 years ago
Created attachment 471977 [details] [diff] [review]
Additional prefs patch v0.1a [Checked in: Comment 12]

Changes since v0.1:
* commonName set to aus2-community.mozilla.org

Tested by adding the two app.update.certs.1.* prefs in about config, with correct names - says there is an update, with incorrect names - says there is no update.
Attachment #471779 - Attachment is obsolete: true
Attachment #471977 - Flags: review?(neil)
note: if you are using a build after bug 583408 landed it should display an update failed page instead of no update.

Updated

7 years ago
Attachment #471977 - Flags: review?(neil) → review+
(Assignee)

Comment 12

7 years ago
Comment on attachment 471977 [details] [diff] [review]
Additional prefs patch v0.1a [Checked in: Comment 12]

http://hg.mozilla.org/comm-central/rev/b9087c09bb87

Are there any additional changes?
Attachment #471977 - Attachment description: Additional prefs patch v0.1a → Additional prefs patch v0.1a [Checked in: Comment 12]
(Assignee)

Updated

7 years ago
Version: unspecified → Trunk
(Assignee)

Updated

7 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Component: Release Engineering → Preferences
QA Contact: release → preferences
Resolution: --- → FIXED
(In reply to comment #12)
> Comment on attachment 471977 [details] [diff] [review]
> Additional prefs patch v0.1a [Checked in: Comment 12]
> 
> http://hg.mozilla.org/comm-central/rev/b9087c09bb87
> 
> Are there any additional changes?
Nope

If at some point a standby cert is acquired then additional prefs would need to be added.
You need to log in before you can comment on or make changes to this bug.