Mozilla changes Firefox updates logic: https://www.ghacks.net/2018/07/28/mozilla-makes-it-more-difficult-to-block-firefox-updates/ Now at Firefox 63 I see messages with warning that FF can't update. It is need to generate policy file and move into Firefox directory with blocking update property: https://www.ghacks.net/2018/05/21/enterprise-policy-generator-add-on-for-firefox/
Created attachment 553946 [details] policies I switched off a telemetry too. The file in placed in /files of ebuid dir.
Created attachment 553948 [details] ebuild with policies
The bug description from upstream too: https://bugzilla.mozilla.org/show_bug.cgi?id=1420514
(In reply to Vyacheslav from comment #1) > I switched off a telemetry too. > The file in placed in /files of ebuid dir. We won't do this via policy. User can switch that off via prefs but user cannot change policies.json file.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09821ae9942800256678a8b4335e907b5484b0b9 commit 09821ae9942800256678a8b4335e907b5484b0b9 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-11-04 14:46:32 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-11-04 14:53:51 +0000 www-client/firefox-bin: disable auto-update using policies.json Closes: https://bugs.gentoo.org/670196 Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --force Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/files/all-gentoo-1.js | 2 +- www-client/firefox-bin/files/disable-auto-update.policy.json | 5 +++++ .../{firefox-bin-60.3.0.ebuild => firefox-bin-60.3.0-r1.ebuild} | 4 ++++ .../{firefox-bin-63.0.1.ebuild => firefox-bin-63.0.1-r1.ebuild} | 4 ++++ 4 files changed, 14 insertions(+), 1 deletion(-)
(In reply to Thomas Deutschmann from comment #4) > (In reply to Vyacheslav from comment #1) > > I switched off a telemetry too. > > The file in placed in /files of ebuid dir. > > We won't do this via policy. User can switch that off via prefs but user > cannot change policies.json file. Dear Thomas, Thanks for the fix autoupdate problem.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec2ac2c725a8abc10643336c039d2a89b1648861 commit ec2ac2c725a8abc10643336c039d2a89b1648861 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-11-04 15:26:55 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-11-04 15:27:27 +0000 www-client/firefox: disable auto-update using policies.json Bug: https://bugs.gentoo.org/670196 Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --force Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 92 --- .../firefox/files/disable-auto-update.policy.json | 5 + ...efox-60.3.0.ebuild => firefox-60.3.0-r1.ebuild} | 4 + ...efox-63.0.1.ebuild => firefox-63.0.1-r1.ebuild} | 4 + www-client/firefox/firefox-63.0.ebuild | 637 --------------------- 5 files changed, 13 insertions(+), 729 deletions(-)
Dear Thomas, I've a question about policies management. The location of .json file is a directory of ebuild. At every FF upgrade procedure the file from /opt/firefox/distribution will be rewritten (by default file from ebuld). How can we dispatch the config? Can we create .json in /etc/firefox and symlink in /opt/firefox/distribution? I wanna see the policies like as other config files. So, if I wanna choose some properties I must create patch for .json and every FF ebuild for patch procedure. Is it possible?
At the moment Firefox only supports one policies.json file from one location. I'll discuss with other Mozilla project members if we should copy policies.json into $S in src_prepare before applying user patches to allow customization of policies.json via user patch.
OK, user patch is a possible solution, but I will think about implementation with configuration via dispatch-conf. IMHO, it's more preferable. One file json with policies in /etc - one symlink in /opt/firefox/distribution. We will not exceed the limits of Firefox.
(In reply to Vyacheslav from comment #10) > OK, user patch is a possible solution, but I will think about implementation > with configuration via dispatch-conf. IMHO, it's more preferable. One file > json with policies in /etc - one symlink in /opt/firefox/distribution. We > will not exceed the limits of Firefox. The issue with doing something like this is that we have zero control over what firefox-bin does, so if we roll this out and then in another version or two the upstream code will say, only load a plain file and not a symlink, then we will have rolled out a 'solution' that end-users invest in only to have to find another way later. Patching, on the other hand, should continue to work for as long as policies.json is in place.
I understood. May be USE "policies" with default state "-policies". In this case, we can overwrite policies.json (by file from /etc/firefox). Or new package firefox-bin-policies? I don't mind using patches. Patching by default and opportunity to use config...