Last Comment Bug 593135 - Support signed updates in SeaMonkey
: Support signed updates in SeaMonkey
Status: RESOLVED FIXED
:
Product: SeaMonkey
Classification: Client Software
Component: Preferences (show other bugs)
: Trunk
: All All
: -- normal with 1 vote (vote)
: seamonkey2.1b1
Assigned To: Ian Neal
:
Mentors:
Depends on: 544442 583408
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-02 13:39 PDT by Robert Kaiser
Modified: 2010-09-03 17:16 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Additional prefs patch v0.1 (2.46 KB, patch)
2010-09-03 00:53 PDT, Ian Neal
no flags Details | Diff | Splinter Review
Additional prefs patch v0.1a [Checked in: Comment 12] (2.47 KB, patch)
2010-09-03 14:12 PDT, Ian Neal
neil: review+
Details | Diff | Splinter Review

Description Robert Kaiser 2010-09-02 13:39:04 PDT
Bug 583408 added a few default prefs, see http://hg.mozilla.org/mozilla-central/rev/c9ee9a98f2d4 - those are for update cert checks, and we should add them to SeaMonkey as well.
Comment 1 Robert Kaiser 2010-09-02 13:49:39 PDT
Actually, we need more than that:

Bug 544442 - Add support for signed AUS update snippets - http://hg.mozilla.org/mozilla-central/rev/14bbdcaf695f
This is also only prefs.

Bug 586213 - Update app update url and certificate preferences after the additional host name with a new certificate is added for aus
That's the harder nut to crack, need to investigate this as it needs a server cert we don't have there right now.

Bug 583678 - Acquire a standby certificate for AUS
This is where they acquired a cert for their AUS server.


I guess we'll need to Future this and I'll need to put it up on the list what I need to discuss with people in MV next month.
Comment 2 Robert Kaiser 2010-09-02 15:11:49 PDT
Rob, apparently some *_check_invalidCertAttrs_* tests now fail for SeaMonkey after your latest checkins, is there any parts of the default prefs we can land that will fix that without us needing to get our own cert for the community AUS server or change anything there at this time?

As everything regarding us getting any bits of infrastructure is bound to take long if it happens at all, I'd love to see this decoupled in some way so that our tests go green at least.
Comment 3 Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-02 15:15:56 PDT
I'll get the tests fixed as soon as I figure out why they are failing
Comment 4 Robert Kaiser 2010-09-02 15:36:56 PDT
(In reply to comment #3)
> I'll get the tests fixed as soon as I figure out why they are failing

http://tinderbox.mozilla.org/showlog.cgi?log=SeaMonkey/1283460345.1283462713.23095.gz is a log showing the failures - should we file a separate bug for them?
Comment 5 Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-02 15:57:01 PDT
I have a fix and will land it as a followup to the original bug
Comment 6 Ian Neal 2010-09-03 00:53:25 PDT
Created attachment 471779 [details] [diff] [review]
Additional prefs patch v0.1

This patch contains the additional prefs which fixes the tests too (without rob's patch) but I don't know if this would break something else.
Comment 7 Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-03 01:12:24 PDT
This app.update.certs.1.issuerName pref looks correct.

I am fairly certain that
pref("app.update.certs.1.commonName", "*.mozilla.org");

will need to be changed to
pref("app.update.certs.1.commonName", "aus2-community.mozilla.org");

The remainder are optional since they are the current defaults for app update which we add to firefox.js for reference.

To test this you can add those two preferences in about:config to a SeaMonkey build and Check for Updates. If they are correct the ui will either show that there is or is not an update available. If they are incorrect the ui will show that there was an error.
Comment 8 Robert Kaiser 2010-09-03 04:25:49 PDT
(In reply to comment #7)
> I am fairly certain that
> pref("app.update.certs.1.commonName", "*.mozilla.org");
> 
> will need to be changed to
> pref("app.update.certs.1.commonName", "aus2-community.mozilla.org");

Ah, right, from inspecting the cert, it looks like we have our own one on this server anyhow - which is surely good as we don't have to go through all the hassle to get one :)
Comment 9 Robert Kaiser 2010-09-03 04:27:16 PDT
Ian, in this case, please go ahead with the patch - with that change Rob mentioned.
Comment 10 Ian Neal 2010-09-03 14:12:44 PDT
Created attachment 471977 [details] [diff] [review]
Additional prefs patch v0.1a [Checked in: Comment 12]

Changes since v0.1:
* commonName set to aus2-community.mozilla.org

Tested by adding the two app.update.certs.1.* prefs in about config, with correct names - says there is an update, with incorrect names - says there is no update.
Comment 11 Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-03 14:21:37 PDT
note: if you are using a build after bug 583408 landed it should display an update failed page instead of no update.
Comment 12 Ian Neal 2010-09-03 17:06:27 PDT
Comment on attachment 471977 [details] [diff] [review]
Additional prefs patch v0.1a [Checked in: Comment 12]

http://hg.mozilla.org/comm-central/rev/b9087c09bb87

Are there any additional changes?
Comment 13 Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-03 17:16:51 PDT
(In reply to comment #12)
> Comment on attachment 471977 [details] [diff] [review]
> Additional prefs patch v0.1a [Checked in: Comment 12]
> 
> http://hg.mozilla.org/comm-central/rev/b9087c09bb87
> 
> Are there any additional changes?
Nope

If at some point a standby cert is acquired then additional prefs would need to be added.

Note You need to log in before you can comment on or make changes to this bug.