Closed Bug 926975 Opened 7 years ago Closed 7 years ago

Thunderbird no longer installs nightly updates using the maintenance service


(Thunderbird :: General, defect)

Windows 7
Not set


(thunderbird26+, thunderbird-esr1726+ fixed, thunderbird_esr2426+ fixed)

Thunderbird 27.0
Tracking Status
thunderbird26 + ---
thunderbird-esr17 26+ fixed
thunderbird_esr24 26+ fixed


(Reporter: bokeefe, Assigned: bokeefe)



(Keywords: regression)


(1 file)

Since the Authenticode certificate was updated (around 9/27?), Thunderbird won't use the maintenance service to install updates. They still install fine if I accept the UAC prompt.

From maintenanceservice.log:
Executing service command software-update, ID: a19225be-1ca5-42bf-a0f2-247a1dc189de
Passed in path: 'C:\Users\Brian\AppData\Local\Thunderbird\Mozilla Thunderbird\updates\0\updater.exe'; Using this path for updating: 'C:\Program Files (x86)\Mozilla Maintenance Service\update\updater.exe'.
updater.exe was compared successfully to the installation directory updater.exe.
The updater.exe application contains the Mozilla updater identity.
*** Warning: Certificate did not match issuer or name.  (1168)***
*** Warning: Error on certificate check.  (1168)***
*** Warning: Could not start process due to certificate check error on updater.exe. Updating update.status.  (0)***
Service command software-update complete.
service command MozillaMaintenance complete with result: Failure.

It looks like under key HKLM\SOFTWARE\Mozilla\MaintenanceService\105cad4e647fb250cd814fb4fe894222\0, value "issuer" is set to "Thawte Code Signing CA - G2". If I change that to "DigiCert Assured ID Code Signing CA-1", the next update installs fine, but eventually (sorry, I haven't been able to correlate it with anything) the value reverts to "Thawte Code Signing CA - G2".

Firefox is also using the service to install nightly builds; I haven't had any trouble with those (yet).
> (sorry, I haven't been able to correlate it with anything)
This actually happens to be when I restart Thunderbird after the update was staged - the rest of the install happens, and the registry key gets reset.

I'm pretty sure this patch will fix the issue; it makes the same update as bug 803531 did for mozilla-central in the comm-central installer. I have no idea how to test this locally, though.
Assignee: nobody → bokeefe
Attachment #819726 - Flags: review?(mbanner)
Depends on: 803531
Comment on attachment 819726 [details] [diff] [review]
Update the certificate issuer in the Thunderbird installer

That would most likely be the issue, and the fix. We should just be able to land this and hopefully it'll work.
Attachment #819726 - Flags: review?(mbanner) → review+
I just landed this:

Thanks for the patch.
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 27.0
Keywords: regression
Comment on attachment 819726 [details] [diff] [review]
Update the certificate issuer in the Thunderbird installer

[Triage Comment]
Definitely need this on all branches.
Attachment #819726 - Flags: approval-comm-esr24+
Attachment #819726 - Flags: approval-comm-esr17+
I was asked about the service not working for someone with Thunderbird. Turns out that their app.update.service.enabled was set to false. The pref auto flips to false if more than 10 updates have failures and it has to fallback to not using the service on each.  There is a telemetry ping for this sent up if you want to see if there's a large amount of people affected by non silent updates.
You need to log in before you can comment on or make changes to this bug.