Feature #8567
Write a first version of the ISO verification extension
100%
Description
C.2.3
Files
Subtasks
Related issues
Blocked by Tails - |
Resolved | 2015-05-12 | |
Blocks Tails - |
Resolved | 2015-01-06 |
History
#1 Updated by intrigeri 2015-01-06 14:29:57
- Description updated
- Assignee set to ma1
#2 Updated by intrigeri 2015-01-06 14:30:15
- blocked by
Feature #8566: Web prototype of "download and verify" page added
#3 Updated by intrigeri 2015-01-06 14:41:27
- blocks
Feature #8568: Integrate the ISO verification extension in the web assistant's prototype added
#4 Updated by intrigeri 2015-01-06 14:49:50
- blocks #8538 added
#5 Updated by intrigeri 2015-01-06 14:51:03
- Target version set to Sustainability_M1
#6 Updated by sajolida 2015-06-05 18:35:33
- Target version changed from Sustainability_M1 to Tails_1.5
Maone said “end of July or beginning of August is more realistic”. That’s more or less Tails 1.5.
#7 Updated by ma1 2015-08-03 15:52:30
- Target version changed from Tails_1.5 to Tails_1.6
- % Done changed from 0 to 40
I’m postponing the target version because I’m currently working with Mozilla to their strategy for add-ons on Electrolysis (their new multi-process/sandboxed browser architecture), which involves a completely new API for extensions to be announced this or next week, released with Firefox 42, and eventually deprecate “old style” add-ons.
Therefore another couple of weeks at least are needed to figure out the best plan for this ISO extension to be compatible with current Firefox / Tor Browser versions but yet to prevent it from becoming obsolete in six months or so.
#8 Updated by ma1 2015-08-28 10:58:05
- Target version changed from Tails_1.6 to Tails_1.7
I’ve been blocked for one month on the public announcement of Mozilla’s strategy for migrating add-ons to Electrolysis (e10s) multi-process & sandboxing architecture.
This finally happened last week,
https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/
but the situation is still unfolding:
https://wiki.mozilla.org/WebExtensions/
https://wiki.mozilla.org/WebExtensions/FAQ
To cut the story short, the WebExtensions API, which I had hoped to use for this project in order to improve its longevity and make a Chromium porting easier to maintain, will be unusable in the Tor Browser (based on Firefox ESR) for about one year, and anyway not powerful enough for our requirements until my native.js proposal gets actually implemented (https://bugzilla.mozilla.org/show_bug.cgi?id=1199718 filed by Mozilla’s lead WebExtensions developer just minutes ago, with no ETA yet).
Therefore the only currently available technological option is the Add-ons SDK (AKA “Jetpack”), ensuring longevity if its usage is limited to high level APIs. I had a meeting today with Mozilla’s e10s/add-ons team and I’ve been assured they’re gonna give us all the assistance needed for our extensions to be viable and supported in any foreseeable future Firefox version.
I’ve already set up a development environment and started hacking. I’m gonna commit something to the git repository next week, and a working prototype most likely by the end of September.
At any rate, we’re definitely going to be done and ready for extensive user testing by the end of October.
#9 Updated by sajolida 2015-11-02 15:17:36
- Target version changed from Tails_1.7 to Tails_1.8
Giorgio clarified that this is going to happen after 1.7 (ETA November 7).
#10 Updated by ma1 2015-11-07 20:24:44
- % Done changed from 40 to 80
Sorry for the cross posting, but the story is the same.
I’m currently having a bad time at updating the git repository, looks like my credentials are outdated.
The extension and the sniffing code work fine regarding:
1. certificate pinning
2. UI population from the safe data sources (e.g. download link and hash)
3. asynchronous sha256 verification of arbitrary local files (“I already have an ISO image” link)
4. revealing the verified file in the filesystem explorer (e.g. “Copy image to first USB stick”).
What is currently broken is the synchronization with the download manager, but I hope to have it fixed by Monday.
Until I do it and figure out how to update the repo, you can play with both the web page prototype and the extension at
https://maone.net/dev/tails/download.html
and download the sources from
#11 Updated by sajolida 2015-11-09 03:44:47
- File use + verify checksum.png added
Thanks for the prototype. I’m very excited to finally have something to play with.
Here are some initial comments from what I could test so far:
- Once installed, the extension goes to “We detected that you are
running Firefox or Tor Browser and already have our Firefox
extension installed.” (wireframe page 4) while it should instead go to
“Download Tails 1.3 ISO image” (wireframe page 9). Now I
understand how page 8 of the wireframe is ambiguous as it doesn’t
make it clear that the idea is to move to page 9 automatically. - So after that, we’re on page 9 and the first label should be “Install
Firefox extension” instead of currently “Use Firefox extension” as
my previous step was to install the extension (it was not installed
already). In HTML terms, we should display #supported-browser #install. - When I go back to the beginning with the extension already installed I get to see “Verify ISO image” before downloading anything. See screenshot.
#12 Updated by ma1 2015-11-09 06:49:49
sajolida wrote:
> Thanks for the prototype. I’m very excited to finally have something to play with.
>
> Here are some initial comments from what I could test so far:
>
> * Once installed, the extension goes to “We detected that you are
> running Firefox or Tor Browser and already have our Firefox
> extension installed.” (wireframe page 4) while it should instead go to
> “Download Tails 1.3 ISO image” (wireframe page 9). Now I
> understand how page 8 of the wireframe is ambiguous as it doesn’t
> make it clear that the idea is to move to page 9 automatically.
In facts, that was my feeling as well (the less clicks the better), but I’ve seen those elements in the actual HTML download page prototype and so I figured out it had been decided otherwise.
> * So after that, we’re on page 9 and the first label should be “Install
> Firefox extension” instead of currently “Use Firefox extension” as
> my previous step was to install the extension (it was not installed
> already). In HTML terms, we should display #supported-browser #install.
-
OK, now I’m slightly confused. Does the “Use Firefox extension” element from tchou’s prototype have any use at all?
BTW, “Use Firefox extension” is currently shown only if you already have the extension (either just or long-time installed), and if you click it you get the auto-populated download button.
IMHO we could just show the “Install” button if the extension is not installed yet, and the auto-populated download button as soon as the extension is installed, always skipping the “Use Firefox extension” thing.-
NVM, I think I’ve figured it out:
= Extension just installed (from the current page) =
- [Install Firefox Extension]
- Install Firefox Extension ✓
[Download]
= Extension already installed (e.g. in a previous session) =
- We detected…
[Use Firefox extension] - Use Firefox Extension ✓
[Download]
> * When I go back to the beginning with the extension already installed I get to see “Verify ISO image” before downloading anything. See screenshot.
This is weird. Did you perhaps tried to verify a local file? If not, can you consistently reproduce and tell me the steps you take? (I assume from the screenshot you’re using Tor Browser 5, which I did test).
#13 Updated by ma1 2015-11-09 17:48:35
- % Done changed from 80 to 90
Pushed a few more commits to the ma1/download-and-verify-extension repo and the live https://maone.net/dev/tails environment.
We’re almost there: with download manager synchronization is working, including live progress bar and automatic verification on completion.
The control buttons (pause/resume/cancel/restart) are still not wired with the download manager, which however can be already controlled from Firefox’s own UI: the web page actually acts as a view on the download manager, and the verifier kicks in no matter how you started the download.
To be done also an overall polish of the UI states consistency, following up what observed by sajolida at comment 11 and other stuff I noticed myself.
#14 Updated by sajolida 2015-11-10 01:45:20
I’m answering to your first comments for the time being. We’ll try to test the whole thing again later on and have something online.
I think that you now understood the “Install vs Use” workflow in the you update of the comment.
> This is weird. Did you perhaps tried to verify a local file? If not, can you consistently reproduce and tell me the steps you take? (I assume from the screenshot you’re using Tor Browser 5, which I did test).
Here you go (all this in Tails 1.7):
1. Visit https://maone.net/dev/tails/download.html
2. Click “Install” and install the extension
3. Click “I already have an ISO image”
4. Press “Esc” to exit file browser
5. Reload page
I agree that’s a weird process :)
#15 Updated by ma1 2015-11-10 10:24:23
sajolida wrote:
> I think that you now understood the “Install vs Use” workflow in the you update of the comment.
It should be tentatively fixed now (0.1.3, both in the repo and live on https://maone.net/dev/tails/download.html)
> 1. Visit https://maone.net/dev/tails/download.html
> 2. Click “Install” and install the extension
> 3. Click “I already have an ISO image”
> 4. Press “Esc” to exit file browser
> 5. Reload page
>
> I agree that’s a weird process :)
Fixed as well.
To be done yet: wiring the download UI buttons, even though the download process operated directly through Firefox’s built-in download manager should work fine, including pause/resume and even swapping “focus” on the quickest of multiple downloads, with automatic verification upon download completion.
#16 Updated by ma1 2015-11-12 08:05:50
- % Done changed from 90 to 100
- QA Check set to Ready for QA
UI buttons and download manager synchronization should be functional.
Please refer to latest git commit and live preview on https://maone.net/
Some HTML merging with tchou’s work probably needed.
Thanks for the patience :)
#17 Updated by sajolida 2015-11-12 08:43:01
- QA Check changed from Ready for QA to Dev Needed
- Affected tool set to ISO Verification Extension
Comments sent on tails-dev: https://mailman.boum.org/pipermail/tails-dev/2015-November/009744.html
Now I see that you were working on the code again as I was writing then. So I’ll check whether they are still relevant. Some of them most likely will, so I’m marking this as “Dev Needed”.
#18 Updated by sajolida 2015-11-12 08:49:06
Adjusted to your changes in 00743d2 in our repo.
#19 Updated by sajolida 2015-11-19 09:06:16
- Status changed from Confirmed to Resolved
- Assignee deleted (
ma1)
Let’s say this is done. We’ll open new tickets for future issues.