+++ This bug was initially created as a clone of Bug #962204 +++ Bug 962204 has changed Firefox download links to reference SSL products in bouncer, but the SSL-enabled version list is maintained manually for now. Let's make all Firefox Release channel download links default to SSL, once the experiment goes well and generating SSL products is fully incorporated into the release engineering process.

Creating SSL products is already part of release automation, so let's do this.

(In reply to Kohei Yoshino [:kohei] from comment #1) > Creating SSL products is already part of release automation, so let's do > this. Who is maintaining this meta data now on Bedrock? Release engineering in product details?

It's currently a Bedrock setting and I have sent pull requests to update the version list like this: https://github.com/mozilla/bedrock/pull/1791

And I already have a PR to fix this.

This enables secure downloads for all Release and Beta builds. * Windows stub installers have already been downloaded via SSL * ESR and funnelcakes are not included in this change * Aurora links are pointing https://ftp.mozilla.org/ directly, instead of download.m.o

Looks like the latest ESR builds are also SSL-ready.

BTW, Releng has started generating <product>-<version>-SSL style Bouncer entries recently. Would you prefer to use <product>-<version> and make it SSL-only?

> Would you prefer to use <product>-<version> and make it SSL-only? That sounds good to me.

(In reply to Kohei Yoshino [:kohei] from comment #8) > > Would you prefer to use <product>-<version> and make it SSL-only? > > That sounds good to me. That would be a lot easier if we are since SSL is the default now.

Keep in mind that the stub installer requires the non-SSL product.

(In reply to Kohei Yoshino [:kohei] from comment #8) > > Would you prefer to use <product>-<version> and make it SSL-only? > > That sounds good to me. See comment #10, let's use the current approach then, no changes for <product>-<version>. I WONTFIXed the dep bug.

Hm, okay, reopening my pull request.

(In reply to Chris AtLee [:catlee] from comment #10) > Keep in mind that the stub installer requires the non-SSL product. What he said. Whatever we do, let's make double-sure we don't break that... it's the default delivery mechanism for Windows users, after all. :)

Any update here? how can we move forward with forcing SSL on mozilla.org for all web/download requests with this particular bug?

I'll add some tests to my pull request today then it should be ready to get merged.

(In reply to Kohei Yoshino [:kohei] from comment #15) > I'll add some tests to my pull request today then it should be ready to get > merged. pmac jgmize: Since we are making a change to downloads, I want to make sure this is well tested. Should we put this up on a demo server?

(In reply to Chris More [:cmore] from comment #16) > pmac jgmize: Since we are making a change to downloads, I want to make sure > this is well tested. Should we put this up on a demo server? We should indeed! As soon as it's ready to test I can throw it onto one. Just let me know :kohei.

Re-added tests to my pull request. It should be ready for test, probably on demo1? as the Privacy Center branch has been merged.

:retornam I've pushed :kohei's branch to demo5; would you mind taking a look at it?

(In reply to Josh Mize [:jgmize] from comment #19) > :retornam I've pushed :kohei's branch to demo5; would you mind taking a look > at it? The Release Download button at https://www-demo5.allizom.org/en-US/ ---> https://www-demo5.allizom.org/en-US/products/download.html?product=firefox-28.0-SSL&os=osx&lang=en-US The Beta download button at https://www-demo5.allizom.org/en-US/firefox/beta/ didn't work. It linked to https://www-demo5.allizom.org/products/download.html?product=firefox-29.0b9&os=osx&lang=en-US&channel=fxbeta The ESR links at https://www-demo5.allizom.org/en-US/firefox/organizations/all/ all linked to the firefox-24.4.0esr-SSL product. Josh, Kohei, the Beta page is on the PHP site, can you please take a look at why it isn't linking to the SSL product

The PHP site has its own download button code so this pull request won't fix /firefox/beta/. Bug 995539 is a similar issue. We should port /firefox/beta/ and /firefox/aurora/ to Bedrock, rather than patching the PHP code.

Kohei, What are next steps to test this?

My PR has been deployed to demo1 by :pmac so now we need some tests :) :retornam can you help?

(In reply to Kohei Yoshino [:kohei] from comment #23) > My PR has been deployed to demo1 by :pmac so now we need some tests :) > > :retornam can you help? I'm taking a look at this now

Kohei, Can you apply this to the PHP side as well. https://www-demo1.allizom.org/en-US/products/download.html still serves downloads without SSL https://download.mozilla.org/?product=firefox-29.0.1&os=osx&lang=en-US

That's because /products/download.html is still on the legacy PHP side. Bug 988046 will resolve the issue with a redirect.

Bug 988046 is blocked by Bug 1005237 that will happen at the end of July. I'll write a PHP patch for the time being, as I said on IRC.

A minimum patch for the PHP site to resolve retornam's comment 25 where no query string is provided. The source is located at: http://viewvc.svn.mozilla.org/vc/libs/product-details/ This page serves a build via SSL when the query string has SSL like this: https://www-demo1.allizom.org/en-US/products/download.html?product=firefox-29.0.1-SSL&os=osx&lang=en-US

The patch looks okay to me, but web-prod doesn't own the product-details library. I believe we'll need approval and a merge from Release Management. Not sure who we should ping with this, but that library is an external for our PHP stuff, so they'll have to update it and then we can update our external definition to bring in the new version for testing in trunk.

Actually all links from Bedrock to download.html have query strings, so the PHP patch isn't necessary. It's just a nice-to-have.

:kohei cool. It would be nice to have merged, but you'll probably have to file this patch in a separate bug for product-details for the right people to review and merge it.

Commits pushed to master at https://github.com/mozilla/bedrock https://github.com/mozilla/bedrock/commit/511badf60520c153811f64ac8d425a4975d42eec Fix Bug 973311 - Make all Firefox Beta, Release and ESR channel download links default to SSL https://github.com/mozilla/bedrock/commit/d24775a5a64b5e02b7ac96c5d117f81259163a99 Merge pull request #1800 from kyoshino/bug-973311-firefox-download-ssl Fix Bug 973311 - Make all Firefox Beta, Release and ESR channel download links default to SSL

Comment on attachment 8428337 [details] [diff] [review] PHP patch Review of attachment 8428337 [details] [diff] [review]: ----------------------------------------------------------------- see https://bugzilla.mozilla.org/show_bug.cgi?id=973311#c31

Fixed bug, QA is no longer required. Correct me if im wrong, Thanks.