Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 670196 - >=www-client/firefox-bin-63.0.0 block Firefox updates
Summary: >=www-client/firefox-bin-63.0.0 block Firefox updates
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Thomas Deutschmann (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-11-03 12:16 UTC by Vyacheslav
Modified: 2018-11-05 18:56 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
policies (policies.json,83 bytes, application/json)
2018-11-03 14:58 UTC, Vyacheslav
Details
ebuild with policies (firefox-bin-63.0-r1.ebuild,5.36 KB, text/plain)
2018-11-03 14:59 UTC, Vyacheslav
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Vyacheslav 2018-11-03 12:16:18 UTC
Mozilla changes Firefox updates logic: https://www.ghacks.net/2018/07/28/mozilla-makes-it-more-difficult-to-block-firefox-updates/

Now at Firefox 63 I see messages with warning that FF can't update.

It is need to generate policy file and move into Firefox directory with blocking update property: https://www.ghacks.net/2018/05/21/enterprise-policy-generator-add-on-for-firefox/
Comment 1 Vyacheslav 2018-11-03 14:58:50 UTC
Created attachment 553946 [details]
policies

I switched off a telemetry too.
The file in placed in /files of ebuid dir.
Comment 2 Vyacheslav 2018-11-03 14:59:29 UTC
Created attachment 553948 [details]
ebuild with policies
Comment 3 Vyacheslav 2018-11-03 15:06:14 UTC
The bug description from upstream too: https://bugzilla.mozilla.org/show_bug.cgi?id=1420514
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-04 14:48:02 UTC
(In reply to Vyacheslav from comment #1)
> I switched off a telemetry too.
> The file in placed in /files of ebuid dir.

We won't do this via policy. User can switch that off via prefs but user cannot change policies.json file.
Comment 5 Larry the Git Cow gentoo-dev 2018-11-04 14:54:02 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09821ae9942800256678a8b4335e907b5484b0b9

commit 09821ae9942800256678a8b4335e907b5484b0b9
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-11-04 14:46:32 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-11-04 14:53:51 +0000

    www-client/firefox-bin: disable auto-update using policies.json
    
    Closes: https://bugs.gentoo.org/670196
    Package-Manager: Portage-2.3.51, Repoman-2.3.11
    RepoMan-Options: --force
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/files/all-gentoo-1.js                         | 2 +-
 www-client/firefox-bin/files/disable-auto-update.policy.json         | 5 +++++
 .../{firefox-bin-60.3.0.ebuild => firefox-bin-60.3.0-r1.ebuild}      | 4 ++++
 .../{firefox-bin-63.0.1.ebuild => firefox-bin-63.0.1-r1.ebuild}      | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)
Comment 6 Vyacheslav 2018-11-04 14:57:53 UTC
(In reply to Thomas Deutschmann from comment #4)
> (In reply to Vyacheslav from comment #1)
> > I switched off a telemetry too.
> > The file in placed in /files of ebuid dir.
> 
> We won't do this via policy. User can switch that off via prefs but user
> cannot change policies.json file.

Dear Thomas,

Thanks for the fix autoupdate problem.
Comment 7 Larry the Git Cow gentoo-dev 2018-11-04 15:27:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec2ac2c725a8abc10643336c039d2a89b1648861

commit ec2ac2c725a8abc10643336c039d2a89b1648861
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-11-04 15:26:55 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-11-04 15:27:27 +0000

    www-client/firefox: disable auto-update using policies.json
    
    Bug: https://bugs.gentoo.org/670196
    Package-Manager: Portage-2.3.51, Repoman-2.3.11
    RepoMan-Options: --force
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                        |  92 ---
 .../firefox/files/disable-auto-update.policy.json  |   5 +
 ...efox-60.3.0.ebuild => firefox-60.3.0-r1.ebuild} |   4 +
 ...efox-63.0.1.ebuild => firefox-63.0.1-r1.ebuild} |   4 +
 www-client/firefox/firefox-63.0.ebuild             | 637 ---------------------
 5 files changed, 13 insertions(+), 729 deletions(-)
Comment 8 Vyacheslav 2018-11-04 18:43:05 UTC
Dear Thomas,

I've a question about policies management. The location of .json file is a directory of ebuild. At every FF upgrade procedure the file from /opt/firefox/distribution will be rewritten (by default file from ebuld). How can we dispatch the config? Can we create .json in /etc/firefox and symlink in /opt/firefox/distribution? I wanna see the policies like as other config files. So, if I wanna choose some properties I must create patch for .json and every FF ebuild for patch procedure.
Is it possible?
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-04 19:04:39 UTC
At the moment Firefox only supports one policies.json file from one location.

I'll discuss with other Mozilla project members if we should copy policies.json into $S in src_prepare before applying user patches to allow customization of policies.json via user patch.
Comment 10 Vyacheslav 2018-11-04 19:11:14 UTC
OK, user patch is a possible solution, but I will think about implementation with configuration via dispatch-conf. IMHO, it's more preferable. One file json with policies in /etc - one symlink in /opt/firefox/distribution. We will not exceed the limits of Firefox.
Comment 11 Ian Stakenvicius (RETIRED) gentoo-dev 2018-11-05 14:18:18 UTC
(In reply to Vyacheslav from comment #10)
> OK, user patch is a possible solution, but I will think about implementation
> with configuration via dispatch-conf. IMHO, it's more preferable. One file
> json with policies in /etc - one symlink in /opt/firefox/distribution. We
> will not exceed the limits of Firefox.

The issue with doing something like this is that we have zero control over what firefox-bin does, so if we roll this out and then in another version or two the upstream code will say, only load a plain file and not a symlink, then we will have rolled out a 'solution' that end-users invest in only to have to find another way later.

Patching, on the other hand, should continue to work for as long as policies.json is in place.
Comment 12 Vyacheslav 2018-11-05 18:56:02 UTC
I understood. May be USE "policies" with default state "-policies". In this case, we can overwrite policies.json (by file from /etc/firefox). Or new package firefox-bin-policies?

I don't mind using patches. Patching by default and opportunity to use config...