WebExtension can't installed in Firefox 62.0 by not correctly signed problem

[xiaospider]

System

• Version: v0.21.0
• Platform: Ubuntu 16.04.4 LTS
• Firefox: 62.0
• Selenium: 3.14.0

Testcase

I have several web-extensions , those works fine in Firefox 61, but after upgrade to Firefox 62 , those can't not be installed by "not correctly signed" problem. I also can install the extension manually in firefox 62 without selenium and geckodriver .
This is manifest of one extension.

{
  "manifest_version": 2,
  "name": "HTTP Filter",
  "version": "2.3",
  "description": "HTTP Request Filter",
  "author": "xiao",

  "permissions": [
    "webRequest",
    "webRequestBlocking",
    "<all_urls>"
  ],

  "background": {
    "scripts": ["background.js"]
  },
  
  "content_scripts": [
    {
      "matches": ["<all_urls>"],
      "js": ["content-script.js"]
    }
  ],
  "applications": {
    "gecko": {
      "id": "{2b3d8c73-57ae-4c5c-8cd3-09247773b092}",
      "strict_min_version": "52.0"
    }
  }
}

Trace-level log

1536289637259   geckodriver     INFO    geckodriver 0.21.0
1536289637269   geckodriver     INFO    Listening on 127.0.0.1:18366
1536289637560   mozrunner::runner       INFO    Running command: "/usr/bin/firefox" "-marionette" "-devtools" "-foreground" "-no-remote" "-profile" "/tmp/rust_mozprofile.RzOTvL0cKXDF"
1536289637561   geckodriver::marionette DEBUG   Waiting 60s to connect to browser on 127.0.0.1:43682
1536289637718   addons.manager  DEBUG   Application has been upgraded
1536289637725   addons.manager  DEBUG   Loaded provider scope for resource://gre/modules/addons/XPIProvider.jsm: ["XPIProvider", "XPIInternal"]
1536289637728   addons.manager  DEBUG   Loaded provider scope for resource://gre/modules/LightweightThemeManager.jsm: ["LightweightThemeManager"]
1536289637742   addons.manager  DEBUG   Loaded provider scope for resource://gre/modules/addons/GMPProvider.jsm
1536289637743   addons.manager  DEBUG   Loaded provider scope for resource://gre/modules/addons/PluginProvider.jsm
1536289637744   addons.manager  DEBUG   Starting provider: XPIProvider
1536289637744   addons.xpi      DEBUG   startup
1536289637745   addons.xpi      INFO    SystemAddonLocation directory is missing
1536289637753   addons.xpi      INFO    Removing all system add-on upgrades.
1536289637754   addons.xpi      DEBUG   checkForChanges
1536289637754   addons.xpi      DEBUG   Loaded add-on state: ${}
1536289637755   addons.xpi      DEBUG   New add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} in app-profile
1536289637756   addons.xpi      DEBUG   New add-on activity-stream@mozilla.org in app-system-defaults
1536289637756   addons.xpi      DEBUG   New add-on aushelper@mozilla.org in app-system-defaults
1536289637757   addons.xpi      DEBUG   New add-on firefox@getpocket.com in app-system-defaults
1536289637757   addons.xpi      DEBUG   New add-on formautofill@mozilla.org in app-system-defaults
1536289637758   addons.xpi      DEBUG   New add-on onboarding@mozilla.org in app-system-defaults
1536289637758   addons.xpi      DEBUG   New add-on screenshots@mozilla.org in app-system-defaults
1536289637758   addons.xpi      DEBUG   New add-on webcompat-reporter@mozilla.org in app-system-defaults
1536289637758   addons.xpi      DEBUG   New add-on webcompat@mozilla.org in app-system-defaults
1536289637759   addons.xpi      DEBUG   scanForChanges changed: true, state: {}
1536289637764   addons.xpi-utils        DEBUG   Error: Synchronously loading the add-ons database (resource://gre/modules/addons/XPIDatabase.jsm:1329:15) JS Stack trace: syncLoadDB@XPIDatabase.jsm:1329:15
checkForChanges@XPIProvider.jsm:2533:9
startup@XPIProvider.jsm:2116:25
callProvider@AddonManager.jsm:206:12
_startProvider@AddonManager.jsm:654:5
startup@AddonManager.jsm:813:9
startup@AddonManager.jsm:2811:5
observe@addonManager.js:66:9
1536289637765   addons.xpi-utils        DEBUG   Starting async load of XPI database /tmp/rust_mozprofile.RzOTvL0cKXDF/extensions.json
1536289637795   addons.xpi-utils        DEBUG   New add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} installed in app-profile
*** Blocklist::_preloadBlocklistFile: blocklist is disabled
1536289637918   addons.xpi-utils        WARN    Add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is not correctly signed.
1536289637919   addons.xpi-utils        WARN    Add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is not correctly signed.
1536289637919   addons.xpi-utils        WARN    addMetadata: Add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is invalid: Error: Extension {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is not correctly signed (resource://gre/modules/addons/XPIDatabase.jsm:2395:17) JS Stack trace: addMetadata@XPIDatabase.jsm:2395:17
processFileChanges@XPIDatabase.jsm:2727:21
checkForChanges@XPIProvider.jsm:2535:34
startup@XPIProvider.jsm:2116:25
callProvider@AddonManager.jsm:206:12

[andreastt]

It was my understanding that you cannot install unsigned addons following Firefox 57, except in Developer Edition.

Regardless, you don’t say how you install your addons. Installing any addon with Marionette should work, since it bypasses this security constraint, but they need to be passed to the /session/{session id}/addon/install endpoint. If you install the addon via a profile, it is not going to work if the addon is unsigned, which it appears to be in this case:

1536289637919   addons.xpi-utils        WARN    addMetadata: Add-on {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is invalid: Error: Extension {2b3d8c73-57ae-4c5c-8cd3-09247773b092} is not correctly signed (resource://gre/modules/addons/XPIDatabase.jsm:2395:17) JS Stack trace: addMetadata@XPIDatabase.jsm:2395:17

[xiaospider]

@andreastt The extension was already signed by "upload add-on through the Developer Hub on AMO" following https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Distribution.
And the XPI file is downloaded from "Developer Hub" after it's signed.

I installed it with following code, it can be installed success in Firefox 61 but can't installed in Firefox 62.

            FirefoxProfile profile = null;
	File xpiFile1 = new File("C:\\candle\\xpi\\synthetic_http_filter-2.3-an+fx.xpi");
	
	profile = new FirefoxProfile();
	
	FirefoxOptions options = new FirefoxOptions();
	options.setLogLevel(FirefoxDriverLogLevel.TRACE);
	
	profile.addExtension(xpiFile1);
	options.addArguments("-devtools");
	options.setProfile(profile);
	String hub = "xx.xx.xx.xx";
	URL seleniumHub = new URL("http://" + hub + ":4444/wd/hub");
	RemoteWebDriver driver = new RemoteWebDriver(seleniumHub, options);
	driver.manage().window().maximize();
	driver.quit();

[whimboo]

As when I get SeleniumHQ/selenium#5069 right, there is no support yet in the Selenium Python client to install an addon which is based on the WebExtension API. So I don't see how this should have worked at all in Firefox 61.

[xiaospider]

@whimboo This is java but not python. it's not the same problem with SeleniumHQ/selenium#5069

[xiaospider]

I download a XPI file from https://addons.mozilla.org/en-US/firefox/addon/search-encrypt/?src=hp-dl-promo. And try to install it with the same Java code, the same error happened.

Java code

FirefoxProfile profile = null;
	    String fileName = "C:\\candle\\xpi\\search_encrypt-2.3.4-an+fx.xpi";
		File xpiFile1 = new File(fileName);
		
		profile = new FirefoxProfile();
		
		FirefoxOptions options = new FirefoxOptions();
		options.setLogLevel(FirefoxDriverLogLevel.TRACE);
		
//          profile.setPreference("devtools.toolbox.selectedTool", "netmonitor");
		profile.setPreference("devtools.toolbox.footer.height", 0);
		profile.setPreference("devtools.devedition.promo.enabled", false);
		profile.setPreference("devtools.devedition.promo.shown", false);
//		profile.addExtension(xpiFile);
		profile.addExtension(xpiFile1);
		options.addArguments("-devtools");
		options.setProfile(profile);
		String hub = "9.42.29.133";
		URL seleniumHub = new URL("http://" + hub + ":4444/wd/hub");
		RemoteWebDriver driver = new RemoteWebDriver(seleniumHub, options);
		driver.manage().window().maximize();

Error log

1536730521001   addons.xpi-utils        DEBUG   Error: Synchronously loading the add-ons database (resource://gre/modules/addons/XPIDatabase.jsm:1329:15) JS Stack trace: syncLoadDB@XPIDatabase.jsm:1329:15
checkForChanges@XPIProvider.jsm:2533:9
startup@XPIProvider.jsm:2116:25
callProvider@AddonManager.jsm:206:12
_startProvider@AddonManager.jsm:654:5
startup@AddonManager.jsm:813:9
startup@AddonManager.jsm:2811:5
observe@addonManager.js:66:9
1536730521001   addons.xpi-utils        DEBUG   Starting async load of XPI database /tmp/rust_mozprofile.dyVcySvW0uEt/extensions.json
1536730521032   addons.xpi-utils        DEBUG   New add-on @searchencrypt installed in app-profile
*** Blocklist::_preloadBlocklistFile: blocklist is disabled
1536730521158   addons.xpi-utils        WARN    Add-on @searchencrypt is not correctly signed.
1536730521158   addons.xpi-utils        WARN    Add-on @searchencrypt is not correctly signed.
1536730521158   addons.xpi-utils        WARN    addMetadata: Add-on @searchencrypt is invalid: Error: Extension @searchencrypt is not correctly signed (resource://gre/modules/addons/XPIDatabase.jsm:2395:17) JS Stack trace: addMetadata@XPIDatabase.jsm:2395:17
processFileChanges@XPIDatabase.jsm:2727:21
checkForChanges@XPIProvider.jsm:2535:34
startup@XPIProvider.jsm:2116:25
callProvider@AddonManager.jsm:206:12
_startProvider@AddonManager.jsm:654:5
startup@AddonManager.jsm:813:9
startup@AddonManager.jsm:2811:5

[andreastt]

The error message is still the same:

Add-on @searchencrypt is invalid: Error: Extension @searchencrypt is not correctly signed

I don’t know if it’s supposed to be possible to install signed-addons by putting it manually in the profile. If the addon is indeed signed correctly, Firefox appears to disagree about that fact.

In any case this is not a geckodriver problem. Filing a bug against the Web Extensions component in Bugzilla would be the next step if you believe this is a bug.

[xiaospider]

Seems it's problem of selenium Java . The same environment and same test case, I replace java code with nodejs code, it works fines.

[andreastt]

OK, then it sounds like the Selenium Java client is putting the extension in the wrong place. I would file a bug.

[xiaospider]

I open a issue in selenium. SeleniumHQ/selenium#6403 . It's reproduced, but they said it's not problem of selenium.

[barancev]

I can reproduce the issue, this sample works well in 60 (ESR), 63 (Dev) and 64 (Nightly), but it fails in 63 (Release). Here are the trace logs for all these versions:
https://gist.github.com/barancev/f6a596dcd73157c57a36d54d66c73e3b

P.S. Note an extension shutdown issue in Nightly that does not exist in other versions

[barancev]

@andreastt What's the correct place for extensions? We did not change profile serialization code for years, why did it stop working now?

[andreastt]

I don’t know the right location.

[whimboo]

@barancev were you using geckodriver 0.22.0 for those tests? If yes, can you also please test with the 0.21.0 release?

[xiaospider]

@whimboo I created this issue with geckodriver 0.21.0.

[barancev]

@whimboo Yes, it's reproducible with geckodriver 0.21

[xiaospider]

Open a issue in Firefox Bugzilla https://bugzilla.mozilla.org/show_bug.cgi?id=1493069

[whimboo]

Thanks. Lets follow-up there.

[xiaospider]

@whimboo Andrew Swan as following question in mozilla bugzilla, can you help to answer ?

I'm pretty unfamiliar with selenium, but my understand was that it uses geckodriver which in turn uses marionette? And that marionette installs extensions temporarily?

[whimboo]

It has been all discussed on the bug. So this issue is indeed invalid.

[lock]

This issue has been automatically locked since there has not been any recent activity after it was closed. If you have run into an issue you think is related, please open a new issue.