Add-ons/Firefox57

From MozillaWiki
Jump to: navigation, search

This document is to clarify on the myriad of choices for loading extensions in Firefox and what will happen in Firefox 57 hits release and for each release past that (as far as we can see, things may change). There is a bug for this. This document expands it.

The main goal is prevent the running of legacy add-ons in Firefox Desktop and Android release. Update: All of the following apply to Android and Desktop.

Reference: list of add-on types

Compatibility

How things look with Firefox 57.0, and will look with subsequent releases (as far as we can see, things may change).

Note: legacy add-ons didn't work with unbranded builds of Firefox 57 but this was fixed for Fx 58 by 1414450.

Type Status Nightly, Developer Edition, unbranded beta/release Beta, release
WebExtensions signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES YES
legacy extension (bootstrapped, overlay, XUL etc) signed by AMO YES with pref NO
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES NO
WebExtensions experiment signed by AMO YES NO
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES NO
new style static theme signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES YES
unsigned loaded temporarily YES YES
telemetry experiments signed by AMO YES YES
signed by Mozilla internally YES YES
unsigned YES with pref NO
unsigned loaded temporarily YES YES
legacy lightweight theme signed by AMO YES YES
complete themes any combination NO NO
multiple item package any combination NO NO
language pack any combination YES YES
dictionaries any combination YES YES

Nightly leading up to Firefox 57

To assist with performance analysis leading up Firefox 57, in Nightly only we are turning off add-ons that require shims. For more information please see shims on nightly. The pref will default to false.

Type Status Nightly Beta, Release
WebExtension YES YES
Legacy Extension (bootstrapped, overlay, XUL etc) MPC=true YES YES
MPC=false YES with pref YES
MPC not stated YES with pref YES

An extension must pass both tests to run. Example:

  • A XUL overlay extension that is signed by Mozilla and is MPC=false, *will not run* on nightly unless the user changes the pref.
  • A XUL overlay extension this is signed by AMO and is MPC=true, *will run* on nightly.
  • A WebExtension that is unsigned *will run* on nightly but not on release.

Testing signed extensions

If you've got a signed extension, unzip it and cd into the META-INF directory inside the extension.

Testing an extension:

 wget https://addons.mozilla.org/firefox/downloads/file/743932/sort_tabs_by_url-0.10-an+fx.xpi
 unzip sort_tabs_by_url-0.10-an+fx.xpi   
 cd META-INF
 openssl pkcs7 -inform DER -text -print_certs < mozilla.rsa | grep "Issuer" -m 1

The output will look like the following.

An AMO signed extension:

 Issuer: C=US, O=Mozilla Corporation, OU=Mozilla AMO Production Signing Service, CN=production-signing-ca.addons.mozilla.org/emailAddress=services-ops+addonsigning@mozilla.com```

Prefs

To enable things on Nightly some prefs must be flipped:

  • For unsigned the appropriate signing pref xpinstall.signatures.required must be flipped.
  • For legacy add-ons the extensions.legacy.enabled pref must be flipped.
  • For non-MPC add-ons extensions.allow-non-mpc-extensions pref must be flipped.

Notes

  • AMO will stop signing legacy add-ons for version of Firefox greater than 57. Old signed add-ons will remain on servers and people's hard drives, so although AMO will stop signing them, we still need an explicit block in Firefox to prevent them loading.
  • "Signed by Mozilla internally" refers to add-ons signed internally and might include Test Pilot, Shield and other add-ons.
  • If we support loading unsigned temporarily, it’s assumed we load signed temporarily too.

Updates

  • Removed Aurora from this chart.
  • Added in the Nightly MPC=True changes.