Bug 1292782 - mozilla-https-everywhere disabled by default in Firefox 43
mozilla-https-everywhere disabled by default in Firefox 43
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: mozilla-https-everywhere (Show other bugs)
23
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Russell Golden
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-18 05:34 EST by Andre Robatino
Modified: 2016-03-25 04:22 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-25 01:00:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andre Robatino 2015-12-18 05:34:27 EST
Description of problem:
Firefox 43 disables unsigned extensions by default. Must go to about:config and toggle xpinstall.signatures.required to false to enable mozilla-https-everywhere.

Version-Release number of selected component (if applicable):
mozilla-https-everywhere-5.1.1-1.fc23.noarch
firefox-43.0-1.fc23.x86_64

How reproducible:
always
Comment 1 wintonian 2015-12-18 05:43:44 EST
Just confirming the above and the suggested workaround.
Comment 2 Andre Robatino 2015-12-19 03:30:21 EST
The xpinstall.signatures.required option is expected to not exist anymore in Firefox 44, scheduled for January 26 release, so this needs to be fixed by then.
Comment 3 Kevin Kofler 2015-12-19 20:47:44 EST
This needs to be fixed in our Firefox packaging. This iOS-like DRM scheme is entirely incompatible with Free Software and unacceptable for Fedora. If Mozilla refuses to allow us to disable it, we need to go the Iceweasel route.

I am putting this to FESCo's attention.
Comment 4 Kevin Kofler 2015-12-19 21:02:51 EST
https://fedorahosted.org/fesco/ticket/1518

Note that this CANNOT be fixed in this addon package without violating the Fedora policy that bans shipping binary blobs, and that the blobs are also not going to work on secondary architectures.
Comment 5 Trevor Cordes 2015-12-23 00:52:28 EST
mozilla-adblockplus-2.6.11-1.fc22.noarch
mozilla-noscript-2.7-1.fc22.noarch

Are also disabled in the new firefox I just updated to tonight on F22.  This is going to bite a lot of people: anybody who uses a Fedora-packaged addon.

I didn't realize the problem was so nasty as to require DRM-ish schemes.  Does FF really want to go the route of being kicked out of Fedora??  If so, must be some ulterior motive.
Comment 6 Russell Golden 2016-02-25 12:34:38 EST
... You can't be serious. I keep the EFF signature. The build is just a straight unzip of the XPI into the firefox global extension directory, then symlink to seamonkey's.

Is that not enough? Or is Mozilla only going to allow AMO signatures?
Comment 7 Russell Golden 2016-02-25 13:03:57 EST
Just tried 5.1.4, which actually has the EFF signature, in F22 with Firefox 44. The EFF signature isn't enough. Mozilla's info page does not mention that it must be signed *by Mozilla.*

I can understand the security reasons, but Chrome and iOS come under fire for this. Why do people jailbreak iPhones? Because they want to install stuff that doesn't have Apple's blessing.

Geez, Mozilla. What happened to coding for the users?
Comment 8 Andre Robatino 2016-03-25 01:00:07 EDT
With firefox-45.0.1-2.fc23, the extension is enabled by default (even with xpinstall.signatures.required set to the default true).
Comment 9 wintonian 2016-03-25 04:22:15 EDT
(In reply to Andre Robatino from comment #8)
> With firefox-45.0.1-2.fc23, the extension is enabled by default (even with
> xpinstall.signatures.required set to the default true).

here has been some sort of agreement to enable Fedora to patch it.

https://fedorahosted.org/fesco/ticket/1518#comment:127

Note You need to log in before you can comment on or make changes to this bug.