freeipa

Clone
Source Code
GIT

#4906 Adjust Firefox configuration to new extension signing policy
Closed: Fixed None Opened 9 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Mozzila announced new extension signing policies. It affects FreeIPA's Kerberos configuration extension.

https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/

FreeIPA has to handle 2 use cases:
1. installation on internal network without access to AMO
2. installation with access to AMO

Possible solutions

Use case 1

  • wait for Mozzila to publish special process for extension which would not leave internal networks
  • or download signed version and bundle it with FreeIPA, or could be packaged in separate package

Use case 2

  • extract the extension to it's own git repo (e.g. on github)
  • publish it on AMO (which will go trough Mozzila review and signing)

IPA browser config page will need to be updated to support both cases.

https://wiki.mozilla.org/Addons/Extension_Signing

  • Firefox 40: Firefox warns about signatures but doesn't enforce them.
  • Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled.
  • Firefox 42: Release and Beta versions of Firefox will not allow unsigned extensions to be installed, with no override.

If implemented on ESR, the first version to support signing would be Firefox ESR 45. The current plan is to have ESR work like 40, with a preference that can turn no enforcement, but that may change in the future.

All Firefox extensions on AMO that have passed review are now signed. Firefox for Android extensions will be auto-signed soon, since now Firefox for Android will follow the same release schedule for signing as Desktop.

  • release date | release
  • 2015-08-11 Firefox 40
  • 2015-09-22 Firefox 41
  • 2015-11-03 Firefox 42
  • 2015-12-15 Firefox 43
  • 2016-01-26 Firefox 44
  • 2016-03-08 Firefox 45

During processing of remaining tickets in 4.2 Backlog, this ticket was found as suitable to be fixed in the nearest bugfixing branch - which is 4.2.x.

FreeIPA 4.2.1 was released, moving to 4.2.2.

ipa-4-2:

  • f1b2b0f webui: use manual Firefox configuration for Firefox >= 40

master:

  • a94f3e5 webui: use manual Firefox configuration for Firefox >= 40

Metadata Update from @pvoborni:
- Issue assigned to pvoborni
- Issue set to the milestone: FreeIPA 4.2.2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
Web UI
None
1
None
None
mbasti
None
1261074
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.