Closed Bug 927108 Opened 8 years ago Closed 7 years ago
Pushing certified apps does not work
Using Gecko from a nightly build for "latest-hamachi-eng-mozilla-central" on Oct 15, and Gaia master from Oct 15. I tried the steps here to enable debugging and pushing of certified apps via the app manager: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Using_the_App_Manager#Debugging_Certified_Apps But I still get a "installationFailed: Installing certified apps is not allowed." message when trying to push the app. Something that could indicate the core problem: webapps.js checks for a DOMApplicationRegistry.allowSideloadingCertified to allow installation: http://mxr.mozilla.org/mozilla-central/source/toolkit/devtools/server/actors/webapps.js#391 but there are no other "allowSideloadingCertified" references found in the code. jryans on IRC pointed to this code change as when that section last changed: https://bugzilla.mozilla.org/attachment.cgi?id=805062&action=diff Perhaps that allowSideloadingCertified use needs to check something that checks the devtools.debugger.forbid-certified-apps pref. Getting this to work is very useful for UX reviews for Gaia. Previously I worked out this process for them to do easier reviews of dev app snapshots: https://github.com/jrburke/gaia-dev-zip#for-the-ux-person but that simulator pathway no longer works with Gaia 1.2 and greater, and I was hoping to switch that process over to the app manager.
Oops I messed up when merging conflicts between bug 897969 over bug 915881... We should remove this check per bug 915881.
(In reply to James Burke [:jrburke] from comment #0) > Getting this to work is very useful for UX reviews for Gaia. Previously I > worked out this process for them to do easier reviews of dev app snapshots: > > https://github.com/jrburke/gaia-dev-zip#for-the-ux-person > > but that simulator pathway no longer works with Gaia 1.2 and greater, and I > was hoping to switch that process over to the app manager. Otherwise, if is off topic for this bug, but speaking about providing access to custom gaia builds... We could tune the gaia addon being built by Yuren in order to take a gaia source, build its profile and use a tweaked simulator addon to run this custom gaia on a b2g runtime. I wish I could find some time to hack a rough prototype and let someone make this whole story real!
So, this patch is going to allow pushing certified app, but you will still not be able to debug them. So far, the security discussions around devtools ended up in kind of broken state, where, by default, you can push certified apps, but can't do anything with them. We restrict any operation around them. You can enable certified apps access by toggling a pref, as described on this doc: https://developer.mozilla.org/fr/docs/Mozilla/Firefox_OS/Using_the_App_Manager#Debugging_Certified_Apps
Comment on attachment 817872 [details] [diff] [review] Removed the check and add test Fabrice, Is this expected? Should we really allow certified app installation by default, but prevent doing anything with them devtools-wise?
(In reply to Alexandre Poirot (:ochameau) from comment #4) > Comment on attachment 817872 [details] [diff] [review] > Removed the check and add test > > Fabrice, Is this expected? Should we really allow certified app installation > by default, but prevent doing anything with them devtools-wise? Yes, I think this is the weird compromise that was made :(
Attachment #817872 - Flags: feedback?(fabrice) → feedback+
Jonas, Paul, I wasn't in the meeting at Oslo where you discussed about this compromise, but that doesn't make a lot of sense. By allowing installing certified app, we open way to display various data system apps don't expose by default. And given that they have access to mozapp API, they might be able to display more information from a precise given app. The more I think about this, the more I think we should prevent certified apps installation behind the same pref that prevent debugging/listing certified apps. (Even, if I wish nothing would be hidden behind a pref!) Mostly because we end up with the app manager being able to install a certified app, but then none of the app manager features will work (no console, debugger, inspector, ...).
No one is talking about allowing "normal" installation of certified apps. What we're only going to permit is sideloading of certified apps. And no side-loading is permitted unless you enable debugging.
Paul, I clarified the reasoning behind this weird combo we end up with. The freedom of being able to push certified apps supersede the devtools experience. So it is important to get that feature to work. We will have to figure out in a followup how to accomodate the app manager about that. We already display a warning for certified app about limited support. We can explicitely say debugging isn't supported. We can also disable debug button in case of certified app. Also, we should immediatly start figuring out how to enable certified debugging. I opened bug 928137 for that.
Flags: needinfo?(ptheriault) → needinfo?(paul)
Assignee: nobody → poirot.alex
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 27
I'm struggling to understand how this works/who it is for. It can't be for third party developers because we don't allow third party certified apps but it can't be for Gaia developers because all their certified apps are already installed. How would you go about "Update"ing a certified Gaia app?
Hmm, perhaps this is meant for third party apps that can only ever be sideloaded... I guess for Gaia we need bug 912903 to do the build step and also make sure we replace an app rather than install a new one.
(In reply to Ben Francis [:benfrancis] from comment #12) > Hmm, perhaps this is meant for third party apps that can only ever be > sideloaded... Yes, this is a gift to the hacker population.
Also, I use this with the UX team to get them branch builds of gaia apps for them to UX review. Using the app manager to push a zip is much easier for them than the git and make invocations. This results in quicker UX reviews.
Comment on attachment 817872 [details] [diff] [review] Removed the check and add test [Approval Request Comment] Bug caused by bug 897969 User impact if declined: Certified apps can't be installed in the simulator or devices. Testing completed (on m-c, etc.): locally and also baked on nightly and aurora for a bit. Risk to taking this patch (and alternatives if risky): open ways to execute code with higher priviledges, but it seems like we really want to open certified apps development. String or IDL/UUID changes made by this patch: none
Attachment #817872 - Flags: approval-mozilla-beta?
Attachment #817872 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Automated merge from beta to b2g26. https://hg.mozilla.org/releases/mozilla-b2g26_v1_2/rev/b6a9fdb88bf2
Can you please provide an app we can reproduce/verify this bug with?
:ioana - you can use this one: http://jrburke.com/temp/email-drawery.zip (note in a temp directory so after a couple of months it may go away)
Thanks for the app James! I used it to test Firefox 26b1 (build without the fix here) and 26b4 (build with the fix) on Ubuntu 13.04 32bit. With the 1.2 simulator I reproduce the bug on both builds. I get this message when trying to debug the app: "installationFailed: Installing certified apps is not allowed.". With the 1.3 simulator I can't reproduce the bug on either build. I can debug the app without issues. I do get this warning with both simulators though: "app submission to the Marketplace needs at least a 128px icon, 'certified' apps are not fully supported on the App manager.". For both simulators "user_pref("devtools.debugger.forbid-certified-apps", false);" came by default in the prefs.js file.
The 1.2 simulator only works the first time I connect to it on a profile, so I tested a lot with new profiles. For 1.3 I tested with older profiles too.
(In reply to Ioana Budnar, QA [:ioana] from comment #20) > I do get this warning with both simulators though: > "app submission to the Marketplace needs at least a 128px icon, 'certified' > apps are not fully supported on the App manager.". This is expected, or at least, it is unrelated to the change in this ticket. Just a warning about the manifest file not having a larger icon.
Ioana, This patch isn't applied in the current version of the simulator 1.2. The current xpi of 1.2 is based on gecko of the 28th, although this patch reached 1.2 gecko branch on 30th. I'm going to spawn new simulator builds right now. Finally, about the issue on 1.2, where the connection only works the first time, it will be fixed by bug 941012's patch.
(In reply to Alexandre Poirot (:ochameau) from comment #23) > Ioana, This patch isn't applied in the current version of the simulator 1.2. > The current xpi of 1.2 is based on gecko of the 28th, although this patch > reached 1.2 gecko branch on 30th. > I'm going to spawn new simulator builds right now. > > Finally, about the issue on 1.2, where the connection only works the first > time, it will be fixed by bug 941012's patch. I can still reproduce the bug with the 1.2 simulator here (https://ftp.mozilla.org/pub/mozilla.org/labs/fxos-simulator/) so I suppose this is still the old version. Where can I find the new 1.2 simulator?
Sorry, I partially uploaded addon updates, I only had uploaded linux64 and mac builds. I now pushed 1.2 updates on all platforms!
Verified as fixed on Firefox 26.0b8 and the 11/27 Firefox 27.0a2 on Ubuntu 13.04 32bit. The warning is still there, but I can debug the app on both builds.
You need to log in before you can comment on or make changes to this bug.