Torbrowser's updater updates HTTPS-everywhere

Let's think about shipping HTTPS-Everywhere solely via our updater, disabling update pings for that extension as well.

added TorBrowserTeam202006R component::applications/tor browser https-everywhere owner::tbb-team priority::medium reviewer::gk severity::normal status::needs-review tbb-security type::task labels

I think all this updater stuff is TBB. If not, please reassign.

Trac:
Component: - Select a component to TorBrowserButton

Trac:
Keywords: pantheon chronos deleted, pantheon, chronos, tbb-torbutton added
Owner: mikeperry to tbb-team
Component: TorBrowserButton to Tor Browser

Trac:
Reviewer: N/A to N/A
Severity: N/A to Normal
Keywords: pantheon, chronos, tbb-torbutton deleted, N/A added
Status: new to closed
Resolution: N/A to worksforme
Sponsor: N/A to N/A

We are still getting HTTPS-E updates outside of our updater.

Trac:
Resolution: worksforme to N/A
Summary: Torbrowser's updater updates HTTPS-everwhere to Torbrowser's updater updates HTTPS-everywhere
Status: closed to reopened

Replying to gk:

We are still getting HTTPS-E updates outside of our updater.

When we ship a new version of HTTPS-E with a new release of Tor Browser, we arrange for it to be "force updated" (files replaced) so that the user is left with a known version of HTTPS-E which has been tested with TB. Interim updates are still retrieved from addons.mozilla.org using the extension update mechanism so users can get updates if desired. We use the same approach for NoScript.

Do we want to do something different? If not, then this bug can be closed.

I think we want to have a ticket about shipping HTTPS-E solely via our updater, disabling update pings to EFF. I thought there was already a ticket for this but I did not found one and thought this one might fit.

Trac:
Description: N/A

to

Let's think about shipping HTTPS-Everywhere solely via our updater, disabling update pings for that extension as well.
Milestone: Chronos: phase two to N/A
Type: project to task
Keywords: N/A deleted, tbb-security added

mcs, thanks for the clarification. But,

Interim updates are still retrieved from addons.mozilla.org using the extension update mechanism No. From EFF. so users can get updates if desired. What does it mean (desired)? Update Add-ons Automatically is selected by default. We use the same approach for NoScript. No. But, maybe, it's better to use the same, because recent updates led to 5.2.0 on alpha, 5.1.x on stable and 5.2.1 on AMO.

Replying to bugzilla:

mcs, thanks for the clarification. But,

Interim updates are still retrieved from addons.mozilla.org using the extension update mechanism No. From EFF.

Thanks. My mistake.

so users can get updates if desired. What does it mean (desired)? Update Add-ons Automatically is selected by default.

It means users do have a way to disable updates if they want to do so. But most will keep the default setting.

We use the same approach for NoScript. No. But, maybe, it's better to use the same, because recent updates led to 5.2.0 on alpha, 5.1.x on stable and 5.2.1 on AMO.

There is a policy question here: should we disable updates for bundled extensions. By allowing updates from EFF or AMO, we risk that users may get a version of an extension that is somehow incompatible with Tor Browser. But by allowing updates we ensure that users will have the latest (and hopefully most secure) versions of HTTPS-E and NoScript.

Replying to gk:

we want to have a ticket about shipping HTTPS-E solely via our updater Maybe, you mean your update servers instead of AMO, or you'll have to make a new release of TBB for every update.

#21260 (moved) is a duplicate.

Trac:
Cc: mcs, brade to mcs, brade, Dbryrtfbcbhgf

Trac:
Cc: mcs, brade, Dbryrtfbcbhgf to mcs, brade, Dbryrtfbcbhgf, yawning

posted on wrong bug report. please delete

Trac:
Username: Dbryrtfbcbhgf

Trac:
Cc: mcs, brade, Dbryrtfbcbhgf, yawning to mcs, brade, Dbryrtfbcbhgf, yawning, tom

Replying to mcs:

There is a policy question here: should we disable updates for bundled extensions.

Yes.

By allowing updates from EFF or AMO, we risk that users may get a version of an extension that is somehow incompatible with Tor Browser.

#23258 (moved), #22974 (moved)

+1, as #23772 (moved).

I heard we are close to be able to test that. Hopefully this can already happen in the next regular alpha release. Putting it on our radar for November.

Trac:
Keywords: N/A deleted, TorBrowserTeam201711 added
Status: reopened to assigned

bug_10394_v2 (https://gitweb.torproject.org/user/gk/tor-browser-build.git/commit/?h=bug_10394_v2&id=50982eda6d3687aa5bcc2d088546f82c4fa7e53d) in my tor-browser-build repository has a fix for this bug. Note: this breaks at the time of writing the nightly builds. Given that we need to get alphas out rather soon, that's okay for now. The potential breakage will be addressed in #24179 (moved).

Trac:
Cc: mcs, brade, Dbryrtfbcbhgf, yawning, tom to mcs, brade, Dbryrtfbcbhgf, yawning, tom, boklm
Status: assigned to needs_review
Keywords: TorBrowserTeam201711 deleted, TorBrowserTeam201711R added

This looks good to me. I applied it to master as commit 50982eda6d3687aa5bcc2d088546f82c4fa7e53d.

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Firefox does not like our trick in a WebExtensions context:

1510514437300	addons.webextension.<unknown>	ERROR	Loading extension 'null': Reading manifest: Error processing applications.gecko.update_url: Error: Access denied for URL data:text/plain,
1510514437500	addons.xpi-utils	WARN	updateMetadata: Add-on https-everywhere-eff@eff.org is invalid: Error: Extension is invalid (re[/gre/modules/addons/XPIProvider.jsm:963:11)](/gre/modules/addons/XPIProvider.jsm:963:11)) JS Stack trace: loadManifestFromWebManifest<@XPIProvider.jsm:963:11 < TaskImpl_run@Task.jsm:319:42 < Handler.prototype.process@Promise-backend.js:932:23 < this.PromiseWalker.walkerLoop@Promise-backend.js:813:7 < this.PromiseWalker.scheduleWalkerLoop/<@Promise-backend.js:747:11 < syncLoadManifestFromFile@XPIProvider.jsm:1621:5 < updateMetadata@XPIProviderUtils.js:1785:21 < processFileChanges@XPIProviderUtils.js:2009:26 < this.XPIProvider.checkForChanges@XPIProvider.jsm:3899:34 < this.XPIProvider.startup@XPIProvider.jsm:2839:25 < callProvider@AddonManager.jsm:242:12 < _startProvider@AddonManager.jsm:795:5 < AddonManagerInternal.startup@AddonManager.jsm:1005:9 < this.AddonManagerPrivate.startup@AddonManager.jsm:3062:5 < amManager.prototype.observe@addonManager.js:65:9

So, we need something better and need to rebuild the alphas.

Trac:
Status: closed to reopened
Keywords: TorBrowserTeam201711R deleted, TorBrowserTeam201711 added
Resolution: fixed to N/A
Cc: mcs, brade, Dbryrtfbcbhgf, yawning, tom, boklm to mcs, brade, Dbryrtfbcbhgf, yawning, tom, boklm, legind