[Go Faster] [desktop] [system add-ons] Please verify `release-sysaddon` channel updated with system add-ons for 51.* and 52.*

Andrei Vaida andrei.vaida at softvisioninc.eu
Fri Mar 24 08:40:20 UTC 2017


Hi David, Cory,

Sorry for not making this clearer. The reasons why we couldn't follow 
the steps from Bug 1346017 Comment 25 <https://bugzil.la/1346017#c25> in 
combination with installing the system add-on through a forced update 
check are:
we don't have debug builds available for every Firefox version/locale 
we're coveringwe need to unset and reset the 
security.test.built_in_root_hash pref when restarting, and installing 
the system add-on through a forced update check involves an additional 
restart (right after the forced update check)Here's a breakdown of the 
steps we tried and failed to follow/adapt, based on Bug 1346017 Comment 
25 <https://bugzil.la/1346017#c25>:
install and start OWASP ZAP (C25 Step 1 
<https://bugzil.la/1346017#c25>)export its root certificate (C25 Step 2 
<https://bugzil.la/1346017#c25>)set app.update.channel to 
release-sysaddon in channel-prefs.jsstart a debug build of Firefox (C25 
Step 3 <https://bugzil.la/1346017#c25>)debug builds are _not_ available 
for all the versions/locales we're trying to cover when validating 
system add-ons thorugh an update channelimport the root certificate and 
trust it for websites/SSL (C25 Step 4 
<https://bugzil.la/1346017#c25>)configure Firefox to use the proxy (C25 
Step 5 <https://bugzil.la/1346017#c25>)in about:config, add a string 
preference security.test.built_in_root_hash and give it the value of the 
root certificate's hash (note that you have to unset and reset this 
preference if you close and reopen Firefox, unfortunately) (C25 Step 6 
<https://bugzil.la/1346017#c25>)in about:config, change the value of the 
preference security.pki.name_matching_mode to 0 (C25 Step 7 
<https://bugzil.la/1346017#c25>)force an update check on the 
release-sysaddon update channel (replaces C25 Step 8 
<https://bugzil.la/1346017#c25>)restart Firefox to install Site 
Deployment Checker v1.0the system add-on will _not_ be installed until 
after restarting the browserthis action affects the way we set up 
security.test.built_in_root_hash at step 7 and as a result, after the 
system add-on is installed, we don't see the expected telemetry logs nor 
the console logswe also tried using a prefs.js file to force set 
security.test.built_in_root_hash, but the result was the sameDavid, do 
you still think that by using the extensions.update.requireBuiltInCerts 
or extensions.install.requireBuiltInCerts prefs we could bypass this 
behavior? We could give it a try, but as far as I can tell, we'd end up 
with the same issue at the end of our test. Please let me know.

Thanks,
Andrei

------ Original Message ------
From: "Cory Price" <cprice at mozilla.com>
To: "David Keeler" <dkeeler at mozilla.com>
Cc: "JC Jones" <jjones at mozilla.com>; "Andrei Vaida" 
<andrei.vaida at softvisioninc.eu>; "release-drivers" 
<release-drivers at mozilla.org>; gofaster at mozilla.org; "Andrei Vaida" 
<avaida at mozilla.com>; cosmin.badescu at softvision.ro
Sent: 2017-03-24 12:29:56 AM
Subject: Re: [desktop] [system add-ons] Please verify `release-sysaddon` 
channel updated with system add-ons for 51.* and 52.*

>Let's wait to see if QA can re-test with David's suggestion, and 
>hopefully deploy tomorrow.
>
>On Thu, Mar 23, 2017 at 1:57 PM, David Keeler <dkeeler at mozilla.com> 
>wrote:
>>Thanks! I believe the unexpected certificate test case didn't work
>>because the setup involves MITMing the browser, which the add-on 
>>update
>>code generally rejects. You might be able to get it to work by setting
>>"extensions.update.requireBuiltInCerts" to false (if that doesn't 
>>work,
>>maybe try "extensions.install.requireBuiltInCerts"?)
>>
>>Cheers,
>>David
>>
>>On 03/23/2017 01:21 PM, Cory Price wrote:
>> > Thanks!
>> >
>> >> the update.xml file associated to 52.0b# is not displaying this
>> > add-on, here's an example for 52.0b9-build2-win64-de
>> > 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/de/release-sysaddon/default/default/default/update.xml 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/de/release-sysaddon/default/default/default/update.xml>>
>> > and another for 52.0b9-build2-mac-en-US
>> > 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/en-US/release-sysaddon/default/default/default/update.xml 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/en-US/release-sysaddon/default/default/default/update.xml>>
>> >
>> > The actual update requests in the wild don't include the "b" part in 
>>the
>> > URL. This has come up a couple other times before
>> > 
>>(https://mail.mozilla.org/pipermail/gofaster/2017-February/000556.html 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000556.html>
>> > 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000556.html 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000556.html>>
>> > & 
>>https://mail.mozilla.org/pipermail/gofaster/2017-February/000568.html 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000568.html>
>> > 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000568.html 
>><https://mail.mozilla.org/pipermail/gofaster/2017-February/000568.html>>).
>> >
>> > Seems like we are okay to release *deployment-checker* to 52.*. I'll
>> > keep my eye out on the progress of e10srollout.
>> >
>> >
>> >
>> > On Thu, Mar 23, 2017 at 9:28 AM, Andrei Vaida
>> > <andrei.vaida at softvisioninc.eu <mailto:andrei.vaida at softvisioninc.eu 
>><mailto:andrei.vaida at softvisioninc.eu>>>
>> > wrote:
>> >
>> >     __
>> >     Hi Cory,
>> >
>> >     *Site Deployment Checker v1.0*
>> >     We finished testing *deployment-checker1.0* (1346017
>> >     <https://bugzil.la/1346017>) system add-on on the 
>>release-sysaddon
>> >     channel and things are overall looking good, with one exception:
>> >
>> >       * the update.xml file associated to 52.0b# is not displaying 
>>this
>> >         add-on, here's an example for 52.0b9-build2-win64-de
>> >         
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/de/release-sysaddon/default/default/default/update.xml 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/de/release-sysaddon/default/default/default/update.xml>>
>> >         and another for 52.0b9-build2-mac-en-US
>> >         
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/en-US/release-sysaddon/default/default/default/update.xml 
>><https://aus5.mozilla.org/update/3/SystemAddons/52.0b9/20170223185858/default/en-US/release-sysaddon/default/default/default/update.xml>>
>> >
>> >     _⚠ Please note_ that we could NOT test the way this system 
>>add-on
>> >     actually works using the update channel. David's instructions
>> >     from 1346017 Comment 25
>> >     <https://bugzilla.mozilla.org/show_bug.cgi?id=1346017#c25 
>><https://bugzilla.mozilla.org/show_bug.cgi?id=1346017#c25>> only work
>> >     if you're installing the add-on using the *.xpi file directly -- 
>>we
>> >     did this instead for a couple of builds (i.e. 52.0.1-build2) and 
>>our
>> >     tests passed (telemetry and browser console logs were identical 
>>with
>> >     Justin's results).
>> >
>> >     Detailed test results for the deployment-checker1.0 system 
>>add-on
>> >     are available in this etherpad
>> >     <https://public.etherpad-mozilla.org/p/1346017 
>><https://public.etherpad-mozilla.org/p/1346017>>.
>> >
>> >     *Multi-process staged rollout v1.12*
>> >     The Add-ons QA Team is currently testing e10srollout1.12 
>>(1344345
>> >     <https://bugzil.la/1344345>) on the release-sysaddon channel, 
>>but
>> >     according to 1344345 Comment 13 <https://bugzil.la/1344345#c13>,
>> >     there are currently two issues occurring while following 
>>Felipe's
>> >     instructions from 1344345 Comment 10 
>><https://bugzil.la/1344345#c10>:
>> >
>> >       * according to step 3, installing an mpc=true add-on such as
>> >         Adblock Plus or Youtube Best Video Downloader 2 should NOT
>> >         disable e10s -- currently, on both 51.* and 52.* e10s is in 
>>fact
>> >         disabled by installing any add-on
>> >       * according to step 6, installing the system add-on via 
>>attached
>> >         *.xpi file should disable e10s -- currently, on both 51.* 
>>and
>> >         52.* e10s is NOT disabled, despite restarting several times
>> >         after install
>> >
>> >     Adding Cosmin Badescu to this thread, as he's in charge of 
>>signing
>> >     off e10srollout1.12. Detailed test results for the 
>>e10srollout1.12
>> >     system add-on are currently being tracked in this etherpad
>> >     <https://public.etherpad-mozilla.org/p/1344345 
>><https://public.etherpad-mozilla.org/p/1344345>>.
>> >
>> >     Thank you,
>> >     Andrei (:avaida)
>> >     Desktop Release QA
>> >
>> >
>> >     ------ Original Message ------
>> >     From: "Cory Price" <cprice at mozilla.com 
>><mailto:cprice at mozilla.com>>
>> >     To: "release-drivers" <release-drivers at mozilla.org
>> >     <mailto:release-drivers at mozilla.org 
>><mailto:release-drivers at mozilla.org>>>; gofaster at mozilla.org
>> >     <mailto:gofaster at mozilla.org>; "Andrei Vaida" 
>><avaida at mozilla.com
>> >     <mailto:avaida at mozilla.com>>
>> >     Cc: "JC Jones" <jjones at mozilla.com <mailto:jjones at mozilla.com>>;
>> >     "David Keeler" <dkeeler at mozilla.com 
>><mailto:dkeeler at mozilla.com>>
>> >     Sent: 22.03.2017 9:46:01 PM
>> >     Subject: [desktop] [system add-ons] Please verify 
>>`release-sysaddon`
>> >     channel updated with system add-ons for 51.* and 52.*
>> >
>> >>     The release-sysaddon channel has been updated as follows and is
>> >>     ready for testing.
>> >>
>> >>     The rule shipping to 51.* has been updated to ship
>> >>     e10srollout1.12. The add-ons packaged for 51 are now:
>> >>
>> >>     Note: QA was pinged to bug 1344345, but it hasn't received QA
>> >>     verification yet in the bug.
>> >>
>> >>     - e10srollout1.12 (bug 1344345)
>> >>     - disableSHA1rollout1.3 (bug 1339662)
>> >>     - diagnostics1.0 (bug 1307568)
>> >>     - hsts-priming1.0 (bug 1335224)
>> >>
>> >>     A new rule for 52.* has been created, the add-ons shipping to 
>>52.*
>> >>     are:
>> >>
>> >>     - e10srollout1.12 (bug 1344345)
>> >>     - deployment-checker1.0 (bug 1346017)
>> >>
>> >>     Per the deployment process[0], Andrei, can you please verify 
>>that
>> >>     the test channel is serving the appropriate add-ons?
>> >>
>> >>     These add-ons (and past deployments) can be found in the System
>> >>     add-on deployment matrix[1].
>> >>
>> >>     Thanks
>> >>
>> >>     [0]
>> >>     
>>https://wiki.mozilla.org/Firefox/Go_Faster/System_Add-ons/Process#Verification_of_Test_Channel 
>><https://wiki.mozilla.org/Firefox/Go_Faster/System_Add-ons/Process#Verification_of_Test_Channel>
>> >>     
>><https://wiki.mozilla.org/Firefox/Go_Faster/System_Add-ons/Process#Verification_of_Test_Channel 
>><https://wiki.mozilla.org/Firefox/Go_Faster/System_Add-ons/Process#Verification_of_Test_Channel>>
>> >>     [1]
>> >>     
>>https://docs.google.com/spreadsheets/d/1yOgiOTU8q2I709VFhjCYCLATmoyQueV8RttPzciFIkQ/edit#gid=0 
>><https://docs.google.com/spreadsheets/d/1yOgiOTU8q2I709VFhjCYCLATmoyQueV8RttPzciFIkQ/edit#gid=0>
>> >>     
>><https://docs.google.com/spreadsheets/d/1yOgiOTU8q2I709VFhjCYCLATmoyQueV8RttPzciFIkQ/edit#gid=0 
>><https://docs.google.com/spreadsheets/d/1yOgiOTU8q2I709VFhjCYCLATmoyQueV8RttPzciFIkQ/edit#gid=0>>
>> >>
>> >>     --
>> >>     Cory Price
>> >>     /ckprice
>> >
>> >
>> >
>> >
>> > --
>> > Cory Price
>> > /ckprice
>>
>
>
>
>--
>Cory Price
>/ckprice
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/gofaster/attachments/20170324/1f2b781e/attachment-0001.html>


More information about the Gofaster mailing list