QA/New Add-on Signing

From MozillaWiki
< QA
Jump to: navigation, search

Desktop New Add-on Signing

Ownership

Developer contacts: Dave Townsend, Mike Connor

QA:

Krupa Raj; - leading all QA efforts across different products

Vasilica Mihasca, :vasilica_mihasca on IRC; - owner on Firefox Client side testing

Petruta Rasa, :petruta on IRC; - peer for Firefox Client side testing

Status

Overview

[LANDED] Nightly 40: first landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Aurora 40: landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Beta 40: landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Release 40: landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Release 41: landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Release 42: landed, disabled by default. Firefox warns about signatures but doesn't enforce them

[LANDED] Release 43: landed, enabled by default. Firefox have a preference that allows signature enforcement to be disabled.

Risk analysis

Event Probability Impact Current situation Mitigation steps
Signed Add-on fails to be installed for a compatible Firefox version probable high Previously existed Bug 1169537. Currently this functionality is not affected. Periodical regression testing covers this area.
Unsigned Add-on is successfully installed for a compatible Firefox version improbable high There were no recent bugs or regressions affecting this functionality. Periodical regression testing covers this area.
Corrupted Add-on is successfully installed for a compatible version improbable high There were no recent bugs or regressions affecting this functionality. Periodical regression testing covers this area.

Summary

Context

A new signing process will be available for add-ons. This will ensure users that the add-ons they are using are certified. A warning will be displayed if the add-on is not signed, and the installation will not be performed.
Non certified add-ons already installed, will be disabled after Firefox 39 release.

The features of this proposal:

  • All add-ons are signed with Mozilla-issued certificates
  • All add-on IDs will be registered and known to Mozilla
  • Accommodations are made for developers without opening a loophole the bad-actors can drive through.

Please read this document Add-on Signature System for more information.

Enabling the feature

New Add-ons Signing is available starting with Firefox 40 and it can be enabled by setting the following pref to true:

xpinstall.signatures.required

References

  • Meta Bug 1047239 , Bug 1158200
  • The planned Firefox All-Doorhanger Add-On Install Flow is available here.
  • Bug 1148403 The messages that inform users their uncertified add-ons have been disabled

Test cases

Desktop tests will focus on:

  • checking that non-signed add-ons can't be installed on Release and Beta
  • non-signed add-ons can be added to Aurora and Nightly
  • featured add-ons from AMO website still work
  • non-signed add-ons that were installed in previous versions of Firefox, are disabled and can't be used after Firefox 39 and an informing note is shown in about:addons page
  • there are no issues when updating Firefox with different kind of add-ons installed
  • there are no issues when updating add-ons to a newer version
  • installing non-signed add-ons on Nightly and then opening a Firefox Beta version using the same profile, will disable the add-ons
  • all AMO add-ons are signed

Overview

  • Draft test suites:
    • [DONE] Regression Test Suites: [1].
    • [DONE] Smoke Test Suite: [2]

Targeted scenarios

Testing focused on basic functionality

  • Enable Add-ons Signing
  • Disable Add-ons Signing
  • Install a signed add-on from AMO
  • Install a signed add-on via drag & drop
  • Install a signed add-on from local files
  • Install an unsigned add-on from webpages (amo-dev)
  • Install an unsigned add-on via drag & drop
  • Install an unsigned add-on from local files
  • Install a corrupt add-on from webpages (amo-dev)
  • Install a corrupt add-on via drag & drop
  • Install a corrupt add-on from local files
  • Upgrade an older Firefox version which has unsigned/corrupted add-ons installed

Testing focused on interoperability

  • Cancel the add-on download process
  • Cancel the add-on install process
  • Navigate to a new tab during the add-on download process
  • Go outside of add-on context during download process
  • Navigate to a sub-directory of the current page during download process
  • Close the install doorhanger (pressing "X" button) during the download process
  • Close the tab/window during download process
  • Restart the browser for those add-ons that require it
  • Click on "Lear more" link from install doorhanger
  • Click on "Lear more" Sync link from confirmation doorhanger
  • Install multiple add-ons at the same time
  • Install Multi-Pack Add-ons
  • Install add-ons from about:addons using the search bar
  • Install add-ons from about:addons from Up&Coming list
  • Install a sideloaded add-on
  • Update an add-on to a newer version
  • Verify the error messages for unsigned add-ons
  • Verify the error messages for corrupted add-ons

Testing based on recent bugs and regressions

  • Verify the add-on extra confirmation
  • Verify the add-on icon from location bar when an incompatible add-on is installed
  • Verify the Close buttons when more than one doorhanger are displayed simultaneously

Testing with e10s

All regular test cases already available in test suites will be executed with e10s enabled.

Bug work

Tracking bug

meta: Bug 1047239

Bug triage +/- for verification

[QE_VERIFY+] Bug 1166949 - Display an in-content UI for add-ons installed by drag and drop from the local filesystem
[QE_VERIFY+] Bug 1168954 - Unexpected "Install" button appears on add-on install progress doorhanger
[QE_VERIFY+] Bug 1123914 - Implement the new all in-doorhanger install flow for add-on installation from websites
[QE_VERIFY+] Bug 1151511 - Implement the periodic scan for unsigned add-ons
[QE_VERIFY-] Bug 1120996 - UX Reconsider add-on installation flow
[QE_VERIFY-] Bug 1141103 - UX Notify the user when unsigned installed add-ons will be disabled
[QE_VERIFY-] Bug 1148016 - Without the signing warnings present we should pref off the changes in bug 1139656
[QE_VERIFY+] Bug 1147805 - Add Learn More link to the add-on install confirmation doorhanger
[QE_VERIFY+] Bug 1038072 - signature verification for unpacked add-ons
[QE-VERIFY?] Bug 1062388 - Add add-on signed status to FHR
[QE_VERIFY+] Bug 1123918 - Ignore sideloaded add-ons that aren't signed (if the pref is off) or have broken signing
[QE-VERIFY?] Bug 1133838 - Update the add-ons manager automated tests to support the signing requirements
[QE_VERIFY+] Bug 1147812 - Cancel add-on installations when the associated tab navigates to a new site
[QE-VERIFY?] Bug 1149654 - Add-on signing client implementation stage 1 (Target Firefox 39)
[QE-VERIFY?] Bug 1149656 - Add-on signing client implementation stage 3 (Target Firefox 40)
[QE-VERIFY?] Bug 1149657 - Add-on signing client implementation stage 2 (Target Firefox 39)
[QE_VERIFY+] Bug 1149696 - Display a message when add-on installation fails because it isn't signed
[QE_VERIFY+] Bug 1149700 - Display an error when an add-on can't be installed because its signing is broken
[QE_VERIFY+] Bug 1149702 - Display a note about add-ons that aren't properly signed in the add-ons manager
[QE_VERIFY+] Bug 1151507 - Warn users when unsigned add-ons have been disabled during startup
[QE_VERIFY-] Bug 1151509 - Implement the front-end side of the warning about add-ons detected as no longer signed during the periodic check
[QE_VERIFY-] Bug 1147808 - Be smarter about unfinished add-on installations whose install UI is gone because the tab / window closed
[QE_VERIFY+] Bug 1151537 - Add Learn More link to the add-on install confirmation doorhanger
[QE_VERIFY+] Bug 1038068 - Add pref to require installs be signed by a Mozilla-issued add-on signing certificate
[QE-VERIFY?] Bug 1162386 - Report instances of damaged add-ons to AMO or through FHR
[QE_VERIFY-] Bug 1147247 - [UX] Add-on Manager should give a distinctive look to unsigned add-ons
[QE_VERIFY-] Bug 1138897 - [UX] define standard add-on installation flow (including user interaction and errors)
[QE_VERIFY-] Bug 1138898 - [UX] define sideloaded add-on installation flows
[QE_VERIFY-] Bug 1138899 - [UX] define special add-on installation flows (including certified, signed, blocklisted)
[QE_VERIFY-] Bug 1138899 - [UX] Warn users when we disable add-ons that they already have installed because they failed the signing check
[QE_VERIFY+] Bug 1150218 - Misaligned close button when there is more than one in new all-doorhanger flow for addons website install
[QE_VERIFY+] Bug 1157171 - The add-on page confirmation is not delayed for add-ons that provides an own confirmation
[QE_VERIFY+] Bug 1139656 - Implement the first pieces of the all-doorhanger install flow for add-ons installed from websites
[QE_VERIFY-] Bug 1160340 - Themes are marked as unverified in the add-ons manager
[QE_VERIFY+] Bug 1171148 - Broken add-on install displayed in the add-ons manager after installs are cancelled by closing the original window/tab
[QE_VERIFY+] Bug 1171636 - Allow displaying multiple simultaneous add-on installs
[QE_VERIFY+] Bug 1172708 - Upgrading to a version of Firefox that supports signing and disables add-ons displays the compatibility notification
[QE_VERIFY+] Bug 1172710 - Breaking an add-on signing doesn't show a notification on next startup
[QE_VERIFY+] Bug 1172835 - The warning triangle misses from “Some extensions could not be verified” button
[QE_VERIFY+] Bug 1174684 - Incorrect display for simultaneous add-on installation using Ubuntu
[QE_VERIFY+] Bug 1177130 - When there isn't a valid XPI inside a multipackage XPI we display the message "addon it is not compatible with Firefox"
[QE_VERIFY+] Bug 1158067 - Add-ons installed from about:addons search list does not follow the New UI Install flow
[QE_VERIFY+] Bug 1166754 - Confusing approval message for add-on install process via drag&drop
[QE_VERIFY+] Bug 1163975 - The incompatible add-on icon does not disappear from location bar
[QE_VERIFY+] Bug 1157171 - Defer add-on startup until after the user has had chance to read the install confirmation doorhanger
[QE_VERIFY+] Bug 1158211 - Implement the doorhanger install flow for sideloaded add-ons
[QE_VERIFY+] Bug 1167652 - Turn on extension signing requirements by default

Bug fix verification

[Verified] Bug 1139656 - Implement the first pieces of the all-doorhanger install flow for add-ons installed from websites

2015-04-06: verified fixed on 39.0b2, 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1147805 - Add Learn More link to the add-on install confirmation doorhanger

2015-04-21: verified fixed on 40.0a1 and 40.0a1, across platforms

[Verified] Bug 1147823 - Drag & drop xpi file , Install Add-on From File do not work on Nightly39

2015-04-06: verified fixed on 40.0a1 and 39.0a2, across platforms

[Verified] Bug 1147805 - Add Learn More link to the add-on install confirmation doorhanger

2015-04-21: verified fixed on 40.0a1, across platforms

[Verified] Bug 1038068 - Add pref to require installs be signed by a Mozilla-issued add-on signing certificate

2015-05-28: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1171146 - Display a learn more link in the error doorhanger when refusing to install an unsigned add-on

2015-06-10: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1151507 - Warn users when unsigned add-ons have been disabled during startup

2015-05-11: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1151537 - Support hotfixes in the new signing requirements

2015-07-16: verified fixed on 38.0.6, 39 and 40.0b1, across platforms

[Verified] Bug 1168954 - Unexpected "Install" button appears on add-on install progress doorhanger

2015-06-08: verified fixed on 39.0b3, across platforms

[Verified] Bug 1139656 - Implement the first pieces of the all-doorhanger install flow for add-ons installed from websites

2015-06-04: verified fixed on 39.0b2, 40.0a2 and 41.0a1 across platforms

[Verified] Bug 1165973 - Add-on verification report has misaligned content

2015-06-02: verified fixed on 41.0a1, across platforms
2015-06-18: verified fixed on 40.0a2, across platforms

[Verified] Bug 1149702 - Display a note about add-ons that aren't properly signed in the add-ons manager

2015-06-08: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 989469 - Use InContent prefs styling for add-on manager

2015-07-13: verified fixed on 40, 41.0a2 and 42.0a1, across platforms

[Verified] Bug 1038072 - signature verification for unpacked add-ons

2015-06-17: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1151511 - Implement the periodic scan for unsigned add-ons

2015-06-17: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1162584 - Update install flow with new icons from bug 1144599

2015-06-09: verified fixed on 41.0a1, across platforms

[Verified] Bug 1172708 - Upgrading to a version of Firefox that supports signing and disables add-ons displays the compatibility notification

2015-06-17: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1172710 - Breaking an add-on signing doesn't show a notification on next startup

2015-06-17: verified fixed on 40.0a2 and 41.0a1, across platforms

[Verified] Bug 1165610 - Retina displays don't use the new urlbar addon notification icon

2015-06-24: verified fixed on 41.0a1, across platforms

[Verified] Bug 1170162 - Link Addon-unverified-Warning More-Information-Link to sumo-page

2015-06-17: verified fixed on 40.0a2 and 41.0a1, across platforms
Logged bugs

Bug 1157144 - No action for right/scroll click commands on the "Learn more" link from add-on install doorhanger
Bug 1157148 - Confusing placement for the "Learn more" link from add-on install confirmation doorhanger
Bug 1157171 - Defer add-on startup until after the user has had chance to read the install confirmation doorhanger
Bug 1158067 - Add-ons installed from about:addons search list does not follow the New UI Install flow
Bug 1163973 - The simultaneous install process of two separate add-ons from webpages does not work properly
Bug 1163975 - The incompatible add-on icon does not disappear from location bar
Bug 1166754 - Confusing approval message for add-on install process via drag&drop
Bug 1167195 - The install add-on buttons do not follow the same focus design
Bug 1167198 - Sync doorhanger from add-on install process is no longer displayed for another add-on once it has been closed
Bug 1167199 - UI issues during the add-on install flow on Mac
Bug 1171359 - Selecting "Not now" button which correspond with Restart option makes the add-on icon from location bar to disappear
Bug 1172835 - The warning triangle misses from “Some extensions could not be verified” button
Bug 1174684 - Incorrect display for simultaneous add-on installation using Ubuntu
Bug 1175872 - [Mac] Misaligned paragraph in about:addons
Bug 1176664 - [Mac] "Not now" option from Add-on Restart doorhanger is bigger than the other buttons
Bug 1176690 - Misaligned elements in “Available Updates” tab from Add-ons Manager

Sign off

Criteria

  • All the test cases were executed.
  • All the blocker, critical, major bugs have been fixed.

Results

Merge to Aurora Sign-off

  • [DONE] Aurora 40.0a2 (2015-05-14).
    • There were no blockers found while testing this feature.
    • Manual testing covered Windows 7 (x64), Ubuntu 14.04 (x86) and Mac OS X 10.9.5.

Merge to Beta Sign-off

  • [DONE] Beta 40 (2015-06-26).
    • There were no blockers found while testing this feature.
    • Manual testing covered Windows 7 (x64), Ubuntu 14.04 (x86) and Mac OS X 10.9.5.


Retrieved from "https://wiki.mozilla.org/index.php?title=QA/New_Add-on_Signing&oldid=1113197"