Add-ons/Firefox57: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
(→‎Compatibility: Make the table easier to visually parse. Use rowspan and thicker horizontal borders for the types with multi-row entries, limit the width of the nightly etc. column)
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This document is to clarify on the myriad of choices for loading extensions in Firefox and what will happen in [https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ Firefox 57]. There is [https://bugzilla.mozilla.org/show_bug.cgi?id=1336576 a bug for this]. This document expands it.
This document is to clarify on the myriad of choices for loading extensions in Firefox and what will happen in [https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/ Firefox 57] hits release and for each release past that (as far as we can see, things may change). There is [https://bugzilla.mozilla.org/show_bug.cgi?id=1336576 a bug for this]. This document expands it.


The main goal is prevent the running of legacy add-ons in Firefox Desktop and Android release. '''Update: All of the following apply to Android and Desktop.'''
The main goal is prevent the running of legacy add-ons in Firefox Desktop and Android release. '''Update: All of the following apply to Android and Desktop.'''
Line 5: Line 5:
Reference: [https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#type  list of add-on types]
Reference: [https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#type  list of add-on types]


== Compat. Table ==
== Compatibility ==


This is what things will look like when Firefox 57 hits release.
How things look with Firefox 57.0, and will look with subsequent releases (as far as we can see, things may change).
 
* Nightly builds: https://www.mozilla.org/firefox/nightly/all/
* Beta builds: https://www.mozilla.org/firefox/beta/all/
* Developer Edition builds: https://www.mozilla.org/firefox/developer/
* Release builds: https://www.mozilla.org/firefox/new/
* Unbranded builds: https://wiki.mozilla.org/Add-ons/Extension_Signing#Latest_Builds
 
Note: legacy add-ons didn't work with unbranded builds of Firefox 57 but this was fixed for Fx 58 by {{Bugzilla|1414450}}.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Type !! Status !! Nightly !! Beta, Release
! Type !! Status !! style="max-width: 15em;" | Nightly, Developer Edition, unbranded beta/release !! Beta, release
|-
|-
| WebExtension || Signed by AMO || YES || YES
| rowspan="4" | WebExtensions || signed by AMO || YES || YES
|-
|-
| || Signed by Mozilla internally || YES || YES
| signed by Mozilla internally || YES || YES
|-
|-
| || Unsigned || YES with pref || NO
| unsigned || YES with pref || NO
|-
|-
| || Unsigned loaded temporarily || YES || YES
| unsigned loaded temporarily || YES || YES
|- style="border-top: 2pt solid #aaa;"
| rowspan="4" | legacy extension (bootstrapped, overlay, XUL etc) || signed by AMO || YES with pref || NO
|-
|-
| Legacy Extension (bootstrapped, overlay, XUL etc) || Signed by AMO || YES with pref || NO
| signed by Mozilla internally || YES || YES
|-
|-
| || Signed by Mozilla internally || YES || YES
| unsigned || YES with pref || NO
|-
|-
| || Unsigned || YES with pref || NO
| unsigned loaded temporarily || YES || NO
|- style="border-top: 2pt solid #aaa;"
| rowspan="4" | WebExtensions experiment || signed by AMO || YES || NO
|-
|-
| || Unsigned loaded temporarily || YES || NO
| signed by Mozilla internally || YES || YES
|-
|-
| WebExtension Experiment || Signed by AMO || YES || NO
| unsigned || YES with pref || NO
|-
|-
| || Signed by Mozilla internally || YES || YES
| unsigned loaded temporarily || YES || NO
|- style="border-top: 2pt solid #aaa;"
| rowspan="4" | new style static theme || signed by AMO || YES || YES
|-
|-
| || Unsigned || YES with pref || NO
| signed by Mozilla internally || YES || YES
|-
|-
| || Unsigned loaded temporarily || YES || NO
| unsigned || YES || YES
|-
|-
| New style static theme || Signed by AMO || YES  || YES
| unsigned loaded temporarily || YES || YES
|- style="border-top: 2pt solid #aaa;"
| rowspan="4" | telemetry experiments || signed by AMO || YES  || YES
|-
|-
| || Signed by Mozilla internally || YES || YES
| signed by Mozilla internally || YES || YES
|-
|-
| || Unsigned || YES || YES
| unsigned || YES with pref || NO
|-
|-
| || Unsigned loaded temporarily || YES || YES
| unsigned loaded temporarily || YES || YES
|- style="border-top: 2pt solid #aaa;"
| legacy lightweight theme || signed by AMO || YES || YES
|-
|-
| Telemetry Experiments || Signed by AMO || YES  || YES
| complete themes || any combination || NO || NO
|-
|-
| || Signed by Mozilla internally || YES || YES
| multiple item package || any combination || NO  || NO
|-
|-
| || Unsigned || YES with pref || NO
| language pack || any combination || YES || YES
|-
|-
| || Unsigned loaded temporarily || YES || YES
| dictionaries || any combination || YES  || YES
|-
| Legacy lightweight theme || Signed by AMO || YES  || YES
|-
| Complete Themes || Any combination || NO || NO
|-
| Multiple item package || Any combination || NO  || NO
|-
| Language Pack || Any combination || YES  || YES
|-
| Dictionaries || Any combination || YES  || YES
|-
|-
|}
|}
Line 87: Line 95:
* A XUL overlay extension this is signed by AMO and is MPC=true, *will run* on nightly.
* A XUL overlay extension this is signed by AMO and is MPC=true, *will run* on nightly.
* A WebExtension that is unsigned *will run* on nightly but not on release.
* A WebExtension that is unsigned *will run* on nightly but not on release.
== Testing signed extensions ==
If you've got a signed extension, unzip it and cd into the META-INF directory inside the extension.
Testing an extension:
  wget https://addons.mozilla.org/firefox/downloads/file/743932/sort_tabs_by_url-0.10-an+fx.xpi
  unzip sort_tabs_by_url-0.10-an+fx.xpi 
  cd META-INF
  openssl pkcs7 -inform DER -text -print_certs < mozilla.rsa | grep "Issuer" -m 1
The output will look like the following.
An AMO signed extension:
  Issuer: C=US, O=Mozilla Corporation, OU=Mozilla AMO Production Signing Service, CN=production-signing-ca.addons.mozilla.org/emailAddress=services-ops+addonsigning@mozilla.com```
== Prefs ==
To enable things on Nightly some prefs must be flipped:
* For unsigned the appropriate [https://wiki.mozilla.org/Add-ons/Extension_Signing signing pref] '''xpinstall.signatures.required''' must be flipped.
* For legacy add-ons the '''extensions.legacy.enabled''' pref must be flipped.
* For non-MPC add-ons '''extensions.allow-non-mpc-extensions''' pref must be flipped.


== Notes ==
== Notes ==


* Nightly will need to flip prefs
** For unsigned the appropriate [https://wiki.mozilla.org/Add-ons/Extension_Signing signing pref] must be flipped.
** For legacy add-ons the appropriate pref must be flipped.
** Both of these will default to false.
* AMO will stop signing legacy add-ons for version of Firefox greater than 57. Old signed add-ons will remain on servers and people's hard drives, so although AMO will stop signing them, we still need an explicit block in Firefox to prevent them loading.
* AMO will stop signing legacy add-ons for version of Firefox greater than 57. Old signed add-ons will remain on servers and people's hard drives, so although AMO will stop signing them, we still need an explicit block in Firefox to prevent them loading.
* "Signed by Mozilla internally" refers to add-ons signed internally and might include Test Pilot, Shield and other add-ons.
* "Signed by Mozilla internally" refers to add-ons signed internally and might include Test Pilot, Shield and other add-ons.

Latest revision as of 01:30, 31 January 2018

This document is to clarify on the myriad of choices for loading extensions in Firefox and what will happen in Firefox 57 hits release and for each release past that (as far as we can see, things may change). There is a bug for this. This document expands it.

The main goal is prevent the running of legacy add-ons in Firefox Desktop and Android release. Update: All of the following apply to Android and Desktop.

Reference: list of add-on types

Compatibility

How things look with Firefox 57.0, and will look with subsequent releases (as far as we can see, things may change).

Note: legacy add-ons didn't work with unbranded builds of Firefox 57 but this was fixed for Fx 58 by 1414450.

Type Status Nightly, Developer Edition, unbranded beta/release Beta, release
WebExtensions signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES YES
legacy extension (bootstrapped, overlay, XUL etc) signed by AMO YES with pref NO
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES NO
WebExtensions experiment signed by AMO YES NO
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES NO
new style static theme signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES YES
unsigned loaded temporarily YES YES
telemetry experiments signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES YES
legacy lightweight theme signed by AMO YES YES
complete themes any combination NO NO
multiple item package any combination NO NO
language pack any combination YES YES
dictionaries any combination YES YES

Nightly leading up to Firefox 57

To assist with performance analysis leading up Firefox 57, in Nightly only we are turning off add-ons that require shims. For more information please see shims on nightly. The pref will default to false.

Type Status Nightly Beta, Release
WebExtension YES YES
Legacy Extension (bootstrapped, overlay, XUL etc) MPC=true YES YES
MPC=false YES with pref YES
MPC not stated YES with pref YES

An extension must pass both tests to run. Example:

  • A XUL overlay extension that is signed by Mozilla and is MPC=false, *will not run* on nightly unless the user changes the pref.
  • A XUL overlay extension this is signed by AMO and is MPC=true, *will run* on nightly.
  • A WebExtension that is unsigned *will run* on nightly but not on release.

Testing signed extensions

If you've got a signed extension, unzip it and cd into the META-INF directory inside the extension.

Testing an extension: 

 wget https://addons.mozilla.org/firefox/downloads/file/743932/sort_tabs_by_url-0.10-an+fx.xpi
 unzip sort_tabs_by_url-0.10-an+fx.xpi   
 cd META-INF
 openssl pkcs7 -inform DER -text -print_certs < mozilla.rsa | grep "Issuer" -m 1

The output will look like the following.

An AMO signed extension: 

 Issuer: C=US, O=Mozilla Corporation, OU=Mozilla AMO Production Signing Service, CN=production-signing-ca.addons.mozilla.org/emailAddress=services-ops+addonsigning@mozilla.com```

Prefs

To enable things on Nightly some prefs must be flipped:

  • For unsigned the appropriate signing pref xpinstall.signatures.required must be flipped.
  • For legacy add-ons the extensions.legacy.enabled pref must be flipped.
  • For non-MPC add-ons extensions.allow-non-mpc-extensions pref must be flipped.

Notes

  • AMO will stop signing legacy add-ons for version of Firefox greater than 57. Old signed add-ons will remain on servers and people's hard drives, so although AMO will stop signing them, we still need an explicit block in Firefox to prevent them loading.
  • "Signed by Mozilla internally" refers to add-ons signed internally and might include Test Pilot, Shield and other add-ons.
  • If we support loading unsigned temporarily, it’s assumed we load signed temporarily too.

Updates

  • Removed Aurora from this chart.
  • Added in the Nightly MPC=True changes.
Retrieved from "https://wiki.allizom.org/index.php?title=Add-ons/Firefox57&oldid=1188241"