Closed
Bug 1476098
Opened 6 years ago
Closed 6 years ago
Nightly ASAN builds are missing the Google and Mozilla API keys
Categories
(Firefox Build System :: General, defect)
Firefox Build System
General
Tracking
(firefox63 fixed)
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: francois, Assigned: decoder)
References
(Blocks 1 open bug)
Details
(Keywords: sec-low, Whiteboard: [adv-main63-])
Attachments
(1 file)
The Nightly ASAN builds don't include the Google and Mozilla API keys (see "Application Basics" in about:support).
This means that those builds do not have working Safe Browsing (or location services).
You can confirm that Safe Browsing works by going into about:url-classifier and doing an update of the "google4" provider (it should say "success"). There is also a test page maintained by Google at https://testsafebrowsing.appspot.com/.
Group: firefox-build-security → firefox-core-security
Moving the security groups for this bug per bug 1476102, because the firefox-build-security group is going away.
Comment 2•6 years ago
|
||
Unhiding because this isn't as much an attack vector as a dangerous working condition that users of those builds might want to know about.
Group: firefox-core-security
Comment 3•6 years ago
|
||
From build log, we're getting the keys ..
[task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - [mozharness: 2018-07-20 22:07:40.205422Z] Running get-secrets step.
[task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - Running main action method: get_secrets
[task 2018-07-20T22:07:40.205Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/gapi.data from API
[task 2018-07-20T22:07:40.408Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/mozilla-desktop-geoloc-api.key from API
[task 2018-07-20T22:07:40.513Z] 22:07:40 INFO - fetching secret project/releng/gecko/build/level-3/adjust-sdk.token from API
[task 2018-07-20T22:07:41.448Z] 22:07:41 INFO - fetching secret project/releng/gecko/build/level-3/adjust-sdk-beta.token from API
[task 2018-07-20T22:07:41.546Z] 22:07:41 INFO - [mozharness: 2018-07-20 22:07:41.546587Z] Finished get-secrets step (success)
And then looking deeper, official builds specify a key file (for this and other things) in files like: https://dxr.mozilla.org/mozilla-central/source/browser/config/mozconfigs/linux32/common-opt
We don't specify them in the asan mozconfigs: https://dxr.mozilla.org/mozilla-central/source/browser/config/mozconfigs/linux64/nightly-asan-reporter nor do we source the common files.
..I'm hoping glandium or christian can help sort this out (as in, should the asan builds source the common files, or should they specify the keys directly)
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(choller)
Comment hidden (mozreview-request) |
Assignee | ||
Comment 5•6 years ago
|
||
Including the common file won't work for ASan in its current state. We might be able to refactor this to share more of the options, but for now, here is an easy patch to fix the missing keys in those builds.
Flags: needinfo?(mh+mozilla)
Flags: needinfo?(choller)
Comment 6•6 years ago
|
||
triaging, assigning to :decoder since he attached patches
Assignee: nobody → choller
Comment 7•6 years ago
|
||
mozreview-review |
Comment on attachment 8993895 [details]
Bug 1476098 - Add Google and Mozilla API keys to ASan Nightly.
https://reviewboard.mozilla.org/r/258546/#review265904
Attachment #8993895 -
Flags: review?(mh+mozilla) → review+
Pushed by choller@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3d633edc1c27
Add Google and Mozilla API keys to ASan Nightly. r=glandium
Comment 9•6 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Updated•6 years ago
|
Whiteboard: [adv-main63-]
You need to log in
before you can comment on or make changes to this bug.
Description
•