canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Reviews/Balrog: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
Firefox client makes request to AUS service with 8-9 paremeters (eg | Firefox client makes request to AUS service with 8-9 paremeters (eg | ||
/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml) | /update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml) | ||
* Current system AUS | |||
**Serves updates to Firefox, Thunderbird, Fennec | |||
** Firefox client makes request to AUS service with 8-9 paremeters (eg | |||
/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml) | |||
*** backend attempts to match a snippet file against parameters | |||
*** if file is found, XML version is returned | |||
** Lots of snippet files | |||
** PHP based | |||
* database backed update server | |||
** internal LDAP protected server | |||
** db layer keeps audit logs | |||
* all backend changes, no changes to client update code | |||
* minimal ACLs | |||
** admin app talks to other servers | |||
* seamonkey may be re-added in the future | |||
* Target Nightly for now | |||
** currently takes about 30 min to push a new beta build (with text files) | |||
** this would decreast to a single API call for a a few seconds to update them all | |||
* Q2 goal for live in nightly channel | |||
|SecReview alt solutions=The current solution uses a large number of snippet files which are matched against the parameters. | |SecReview alt solutions=The current solution uses a large number of snippet files which are matched against the parameters. | ||
If a file is matched then the XML version is returned. | If a file is matched then the XML version is returned. | ||
| Line 23: | Line 42: | ||
|SecReview action item status=In Progress | |SecReview action item status=In Progress | ||
|Feature version=Q2 goal for live in nightly channel | |Feature version=Q2 goal for live in nightly channel | ||
|SecReview action items= | |SecReview action items=* bhearsum :: Are MAR signatures checked on all platforms? Only on windows, but hashes checked on all platforms | ||
* bhearsum :: Are MAR signatures checked on all platforms? Only on windows, but hashes checked on all platforms | |||
* releng :: whitelisting URLs that we point to | * releng :: whitelisting URLs that we point to | ||
* releng :: notifications upon human addition (maybe change too?) of a release | * releng :: notifications upon human addition (maybe change too?) of a release | ||