Project

General

Profile

Bug #9387

Bug #7552: Firefox extension to automatically verify the ISO checksum

Bug #6851: Fix ISO verification using checksum

Browser and extension detection code

Added by sajolida about 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
Installation
Target version:
-
Start date:
11/10/2015
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
ISO Verification Extension

Description

We'll need some JavaScript on the download page to display the relevant initial state depending one:

  • JavaScript being available
  • Browser supported or not
  • Extension installed or not
  • Extension outdated or not

Subtasks

Bug #10525: Make it clear that Firefox 38 is required to use the ISO verification extensionResolved

History

#1 Updated by sajolida about 4 years ago

  • Assignee set to sajolida

#2 Updated by sajolida about 4 years ago

  • Assignee changed from sajolida to ma1

Maone, do you actually need more specification than the wireframe and the HTML code to be able to write this code?

#3 Updated by ma1 about 4 years ago

No, I think they can suffice, thank you.

#4 Updated by sajolida over 3 years ago

  • Target version set to Tails_1.7

Setting this for 1.7 (November 3) as an approximation. Detailed were sent in https://mailman.boum.org/pipermail/tails-ux/2015-October/000724.html.

#5 Updated by sajolida over 3 years ago

  • Target version changed from Tails_1.7 to Tails_1.8

#6 Updated by ma1 over 3 years ago

  • % Done changed from 0 to 90

I'm currently having a bad time at updating the git repository, looks like my credentials are outdated.

The sniffing code is complete and working correctly, the extension still needs some work in the download management department, but I hope to have it fixed by Monday as noted in its own bug.

Until I do that and figure out how to update the repo, you can play with both the web page prototype (based on tchou's work) and the extension itself at

https://maone.net/dev/tails/download.html

and download the sources from

https://maone.net/dev/tails/src/dave-0.0.5.zip

#7 Updated by sajolida over 3 years ago

Thanks for the prototype!

I quickly tested the sniffing code and it works fine in Firefox and Chrome.

Still, having a look at the code, it seems like we're supporting Firefox starting from version 38. If you confirm that fact, then we should adapt the HTML code to take into consideration people using older versions of Firefox.

Also, regarding Redmine methodology, when you think that you work is ready for review, please mark it as "QA Check: Ready for QA" and assign it to either tchou or me. Otherwise we might miss that.

#8 Updated by ma1 over 3 years ago

  • QA Check set to Ready for QA

Firefox 38 is current ESR (which Tor Browser is based on) and the oldest version supported by Mozilla with security patches.

Beside the fact our extension is using features which are available from that version on, letting users download the ISO with an outdated and exploitable browser would jeopardize any security advantage we mean to give through this "download and verify" setup, wouldn't it?

However I agree specifying the minimum browser version in the UI would avoid any confusion.
I've just modified dave.js to populate any .minver-{browser-name} DOM element with the respective required minimum browser version, as checked by the sniffer.

Sorry for for the hassle with methodology and git, I'm really the noob here :)

Marking as "ready for QA": the files to look at here for this very bug are "dave.js" and "dave.css", also in the repo at ma1/download-and-verify-extension/www/.

#9 Updated by sajolida over 3 years ago

  • Assignee changed from ma1 to sajolida

Thanks for the clarification. In my previous comment I didn't mean to question your technical choice and I think that it makes perfect sense to limit ourselves to Firefox ESR. But we did't think about this while designing the wireframe and this needs adjustment on our side. That's now tracked in #10525.

We'll try to review the browser detection code again today and get back to you.

#10 Updated by sajolida over 3 years ago

  • Assignee deleted (sajolida)
  • QA Check deleted (Ready for QA)

#11 Updated by sajolida over 3 years ago

  • Target version changed from Tails_1.8 to Tails_2.0

#12 Updated by sajolida over 3 years ago

  • Status changed from Confirmed to Resolved
  • Target version deleted (Tails_2.0)

This seems to be working fine now.

Also available in: Atom PDF