Closed Bug 1216009 Opened 10 years ago Closed 7 years ago

Add developer menus options to allow enabling new security model

Categories

(Firefox OS Graveyard :: Gaia::Settings, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Settings
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: pauljt, Unassigned)

References

Details

For 2.5, signed packages will be landed behind a preference. We would like to eventually add some options so that developers can enable the new security model, without having to manually changes preferences. This is a nice to have for 2.5, but doesnt need to block. Actually it occurs to me that we could even add this via an add-on. The design would involve adding two new options in the developer menu 1. Add a checkbox to enable signed package suport. "Enable signed packages" When turned on we change both http.enable-packaged-apps & network.http.signed-packages.enabled to true. When off, turn both to false. 2. Add a text field to set the developer root Blank by default, developer changes it to be the location of the develop certificate. network.http.signed-packages.developer-root IE The developer needs to copy their certificate to the phone somewhere, and then this preference needs to be set to location of this certificate.
paul, for the second option, do you mean add certificate file onto sdcard?
Flags: needinfo?(ptheriault)
(In reply to Fred Lin [:gasolin] from comment #1) > paul, for the second option, do you mean add certificate file onto sdcard? I wrote this before we finalised the design. But yes that probably makes sense however there is no way to just 'enable' new security model unfortunately as the steps required are: 1. Upload the develop certificate created during signing to an accessible location: adb push developercert.der /data/local/developercert.der 2. Configure a number of preferences as follows: Enables web packages support: network.http.enable-packaged-apps = true Enables Signed Package support: network.http.signed-packages.enabled = true Create a network.http.signed-packages.developer-root preference using the path you created in the previous step: network.http.signed-packages.developer-root = /data/local/developercert.der 3. Restart b2g or restart the device. If we always use the well-known path of '/data/local/developercert.der' we could possibly replace steps 2 & 3. We could potential use a path on the sdcard even so you don't need adb at all, just mount the device and copy the cert. I'm not sure if thats easier though. What do you think Jonathan? Any ideas? [1] https://wiki.mozilla.org/FirefoxOS/New_security_model/Getting_Started_with_Signed_Packages#Configure_your_device
Flags: needinfo?(ptheriault) → needinfo?(jhao)
Looks reasonable to me.
Flags: needinfo?(jhao)
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.