FS#63075 - [firefox] Add configure option to allow loading unsigned add-ons in app and system scopes

Attached to Project: Arch Linux
Opened by Viktor Jägersküpper (viktorjk) - Tuesday, 02 July 2019, 20:24 GMT
Last edited by Jan Alexander Steffens (heftig) - Tuesday, 02 July 2019, 22:11 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Firefox has a configure option ("--with-unsigned-addon-scopes" with values "app" and/or "system") which allows loading unsigned add-ons which are located in root-owned directories like /usr/lib/firefox/browser/extensions/, see [1] for a better explanation of the add-on scopes. The corresponding Mozilla bug with some background information is [2].

In Debian this configure option is used [3] because the Debian packages with the language packs and the add-ons are built from source and thus they are not signed by Mozilla. If I am not mistaken, this is not what is done in Arch Linux, but I don't know if this kind of package building might be something worth considering.

As explained in the Mozilla bug report, there isn't really a security issue with enabling this configure option, because if someone can put malicious add-ons in the corresponding directories, the user has a bigger problem than using these add-ons. The requirement for signed add-ons in user owned directories isn't changed by the configure option.

I am requesting this because I believe it gives users more freedom regarding what add-ons they can use, even if the packaging of Firefox language packs and add-ons does not change (at least in the near future), and I expect users with root privileges to know that they do.

[1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1464766
[3] https://salsa.debian.org/mozilla-team/firefox/commit/3e7d8f5d18f82410852961a1d87e79615bd69ea5
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Tuesday, 02 July 2019, 22:11 GMT
Reason for closing:  Implemented
Additional comments about closing:  firefox 67.0.4-2
Comment by Eli Schwartz (eschwartz) - Tuesday, 02 July 2019, 20:42 GMT
One effect of this would be that users would once again be able to create AUR packages that build firefox extensions from git.

Way back when, in  FS#45900  (and  FS#47395 ) the decision was made to not allow user freedom because "upstream intends" to prevent users from packaging their own extensions. Well, it is clear that upstream *today* intends to allow Linux distributions to enable user freedom, because they added a configure option specifically for Linux distributions to use to allow the system scope to be unverified (except by pacman...).