Closed Bug 779919 Opened 13 years ago Closed 11 years ago

Disable Marionette via pref prior to "gecko freeze"

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jgriffin, Unassigned)

Details

Before gecko for B2G is frozen, we need to determine whether to disable Marionette in B2G builds. Currently, it is enabled by default. When Marionette is enabled, it opens a port (2828) and listens for connections on localhost only. This may not be desirable for shipping devices. We could disable Marionette in a number of ways; flipping the pref marionette.defaultPrefs.enabled at http://mxr.mozilla.org/mozilla-central/source/b2g/app/b2g.js#430 is probably the easiest, and seems safe given that users have no way of altering their own prefs. For test automation, the impact of this would be that we'd have to generate a new profile with that pref enabled and push it to the device/emulator, and reboot/relaunch B2G before starting the tests. This would add a couple of minutes to test runs, and make it a little less convenient for people to run tests on their own devices. cjones, do you have an opinion on what should be done here?
It must not run in production devices unless users jump through many hoops. It's close in power to rooting the device. I'm ok with disabling through pref. I don't follow why it would slow down test runs. Local developers should use "engineering builds", which can flip this pref on by default. (Release builds cannot.)
Summary: Determine whether to disable Marionette in B2G prior to "gecko freeze" → Disable Marionette via pref prior to "gecko freeze"
Yes, Marionette will be a security risk if enabled by default on release builds.
(In reply to Chris Jones [:cjones] [:warhammer] from comment #1) > > I'm ok with disabling through pref. I don't follow why it would slow down > test runs. Local developers should use "engineering builds", which can flip > this pref on by default. (Release builds cannot.) How do we distinguish engineering builds from release builds? Is https://github.com/mozilla-b2g/gonk-misc/blob/master/default-gecko-config for engineering builds, or both?
From within our mozconfig, I don't know how to do that. We probably should take this opportunity to fork mozconfigs between dev/release and do what we need to enable marionette in the dev mozconfig. We'll soon need to start adding updater flags and so forth to the release mozconfig, too. jhford/mwu want to take this? Work should probably go in github.
To be clear, I mean we should select the appropriate mozconfig in the meta build/config system.
Marionette should probably only be enabled when TARGET_BUILD_VARIANT in the makefiles is equal to eng. We can either split mozconfigs or have the mozconfig adjust itself, since it is basically a script. Either is fine with me.
bug 779984 has just landed on m-i; the only piece of this left is to make mozconfig smarter so it can enable marionette (with ENABLE_MARIONETTE=1) on eng builds but not release builds.
Why has not yet been introduced a preference to disable marionette into Firefox browser? Having this preference is important. Why marionette is present in all versions of Firefox? How can I disable marionette from my Firefox? Or better still. How can I totally remove marionette from my Firefox?
Marionette isn't enabled in Firefox unless you pass -marionette to it when starting it. This is actually probably a bit more robust than a pref, as it's less sensitive to being tweaked without a user's knowledge.
This bug is also stale, I'm closing it.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.