Closed
Bug 1169537
Opened 10 years ago
Closed 10 years ago
some signed extensions on AMO fail to install (addon corrupted)
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: alice0775, Assigned: magopian)
References
Details
(Keywords: regression)
Build Identifier:
https://hg.mozilla.org/releases/mozilla-release/rev/62bee8cdd19f
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 ID:20150513174244
Signed extensions on AMO fails to install.
Steps to reproduce:
Try to install from
https://addons.mozilla.org/en-US/firefox/addon/quoteurltext/
https://addons.mozilla.org/en-US/firefox/addon/aguse/
Actual Results:
It fails to install.
Door hanger said "The add-on downloaded from addons.mozilla.org could not be installed because it appears to be corrupt."
Expected Results:
Successfully installed
Comment 2•10 years ago
|
||
Another example:
Map This 0.3.1.1-signed
https://addons.mozilla.org/firefox/addon/map-this/
The add-ons successfully install in Nightly, but the signature is not recognized: the warning “could not be verified for use in Nightly” is displayed.
Assignee | ||
Comment 4•10 years ago
|
||
This comment is about the "addon is corrupt" issue. I think it's different than the "signature is not recognized" one.
Here are the logs when trying to install the "quoteurl" addon from https://addons.mozilla.org/en-US/firefox/addon/quoteurltext/
1432893291948 addons.xpi DEBUG Download started for https://addons.mozilla.org/firefox/downloads/latest/4292/addon-4292-latest.xpi?src=dp-btn-primary to file /Users/mathieu/Library/Caches/TemporaryItems/tmp-g1c.xpi
1432893291949 addons.xpi DEBUG Download of https://addons.mozilla.org/firefox/downloads/latest/4292/addon-4292-latest.xpi?src=dp-btn-primary completed.
1432893291950 addons.xpi WARN Download of https://addons.mozilla.org/firefox/downloads/latest/4292/addon-4292-latest.xpi?src=dp-btn-primary failed: [Exception... "Component returned failure code: 0x8052000b (NS_ERROR_FILE_CORRUPTED) [nsIZipReader.getSigningCert]" nsresult: "0x8052000b (NS_ERROR_FILE_CORRUPTED)" location: "JS frame :: resource://gre/modules/addons/XPIProvider.jsm :: AI_loadManifest :: line 5295" data: no] Stack trace: AI_loadManifest()@resource://gre/modules/addons/XPIProvider.jsm:5295 < AI_onStopRequest()@resource://gre/modules/addons/XPIProvider.jsm:5580 < <file:unknown>
1432893291954 addons.xpi DEBUG downloadFailed: removing temp file for https://addons.mozilla.org/firefox/downloads/latest/4292/addon-4292-latest.xpi?src=dp-btn-primary
1432893291954 addons.xpi DEBUG removeTemporaryFile: https://addons.mozilla.org/firefox/downloads/latest/4292/addon-4292-latest.xpi?src=dp-btn-primary removing temp file /Users/mathieu/Library/Caches/TemporaryItems/tmp-g1c.xpi
I tried the two others also on my FF 39, with the same result. I could manage installing them on my Firefox Dev edition "40.0a2 (2015-05-28)" though. The very first time I tried on the dev edition (before it got updated/restarted?) it failed with the exact same issue.
I also tried using a new profile on my FF 39, but it failed the same way.
Assignee | ||
Comment 5•10 years ago
|
||
I've opened a new bug for the "this signature is not recognized" issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1169574
Comment 6•10 years ago
|
||
I think the patch in bug 1038068 needs to be uplifted to beta.
:Mossop, can you confirm?
Flags: needinfo?(dtownsend)
Assignee | ||
Updated•10 years ago
|
Summary: some signed extensions on AMO fails to install → some signed extensions on AMO fails to install (addon corrupted)
Comment 7•10 years ago
|
||
mozregression narrowed it down to https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=5fa88d413c4f&tochange=ad388474898c
From reading the description that page, bug 1038068 is the only bug I spotted who could be "responsible".
Assignee | ||
Updated•10 years ago
|
Summary: some signed extensions on AMO fails to install (addon corrupted) → some signed extensions on AMO fail to install (addon corrupted)
Comment 8•10 years ago
|
||
(In reply to Andreas Wagner [:TheOne] from comment #6)
> I think the patch in bug 1038068 needs to be uplifted to beta.
>
> :Mossop, can you confirm?
No that shouldn't be necessary. If beta doesn't work without that patch then I'd expect no version of Firefox before 40 to work, is that the case?
Flags: needinfo?(dtownsend)
Comment 9•10 years ago
|
||
So the bug is that these add-ons have multiple manifest.mf files. One of them is the one we add during signing, the other is one that was already present in the add-on and in the cases here they don't contain hashes for the files in the add-on.
The old Firefox signature checks call an add-on corrupt if it appears signed and has multiple manifest.mf files so these add-ons probably don't install in any version of Firefox before 40.
The new signature checks don't do that, but they will use the original manifest.mf (it is listed first in the zip) for the signature checks which in at least these cases will fail because they don't hash the add-on's files.
The original manifest looks like it comes from some build tools, gcc is mentioned in one, Apache Ant in another.
This is something we'll have to fix by signing these add-ons correctly I think.
Assignee | ||
Comment 11•10 years ago
|
||
Fixed in https://github.com/mozilla/olympia/commit/8b4966ff33f22f35ba1cf286fb3f822c8bec0258 (at the same time as bug 1169574)
Assignee: nobody → mathieu
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•