Method to centralize firefox updates?

Discussion of general topics about Mozilla Firefox
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Method to centralize firefox updates?

Post by fjleon »

We currently use firefox in our company, we have over 200 users at our main branch. We are having issues with our internet connection, since sometimes we have all those firefox users downloading app updates.

I can't go into 200 machines disabling updates manually, and i can't update them manually either.
I have heard of frontmotion, i tried their MSI and some installations failed that left me with having to uninstall manually and delete the firefox folder because of heavy corruption. I would rather do legit firefox updates but definitely need some method to centralize updates.

I found some php solution but from 2010 and wasn't updated.
Also i have seen firefoxadm but it seems abandoned.

We use wsus for general windows updates.
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: Method to centralize firefox updates?

Post by LoudNoise »

Does this help at all? https://developer.mozilla.org/en-US/Fir ... deployment

Btw, if you are not, you should consider using the ESR (see the note in the above).
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

not really, it only explains how to tweak the configuration manually, not how to centralize updates.
ESR only works to minimize new features, but gets patched exactly the same as regular releases because of security bugs, so it doesn't help me at all unless i want to ignore security bugs (which every release of firefox includes)

I really don't understand why mozilla doesn't cater to businesses. No MSI, no group policy templates, both things IE and Chrome do.
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: Method to centralize firefox updates?

Post by LoudNoise »

ESRs tend to be smaller.
Let me ask IT folks at work to see how they do it.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
User avatar
dfoulkes
Posts: 22525
Joined: June 28th, 2008, 10:31 pm
Location: Mesquite, Nevada

Re: Method to centralize firefox updates?

Post by dfoulkes »

I'm not sure about any of this ... it's been a long time since I set up a batch processes for multi users... and that was on main-frames...

So.... when normal settings are set up in Firefox to auto-check for updates or check for them and just notify the user about a pending update ... and depending on what those options are set up in a users system... does one of those option-settings look at the update folder on disk and then notify the user about an update? .. so something like that.... anyway my thinking is...

All users are set up the same way and that is to not auto-update but to notify a user that they need to restart Firefox to update... know what I mean? ...

And in the OP's central control area... they download the update (or the full installer when they see Firefox needs updating)... then they have a batch file set up to send that data to the specific folder where Firefox stores the updates so that the next time Firefox is restarted it installs that update... though in fact it may be the whole installer and not a small update... something like that....the central command could even auto-send a notice to users to restart their Firefox to get that new data.

Just thinking here... and if central-command has that control over the users it seems to me that a batch-script could handle all that very nicely. ... or I'm way off base here :-"
As you can see she's (The CAT) always alert and on the prowl for Meoware !!
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

firefox downloads .MAR files that may be a patch (16 MB from 38.0.5 to 39) or the full file (47MB i think).
what i want to do is for firefox to look for those files in a network share so it doesn't hammer our internet connection. 200 users over one 4 MB internet link really is troublesome.
Also, i would like to deploy configuration over group policy or some centralized method. I can't modify settings on 200 users without some sort of automated tool.
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: Method to centralize firefox updates?

Post by KWierso »

You'd probably need to set up your own update server to host the updates in a central location: https://developer.mozilla.org/en-US/doc ... ate_server

You'll have to do at least one modification of settings so the app.update.url preference points to your update server.

You might consider using CCK2 to control deployments in the future: https://mike.kaply.com/cck2/
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

that update server link is severely outdated and i posted about it in the OP.
User avatar
the-edmeister
Posts: 32249
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Re: Method to centralize firefox updates?

Post by the-edmeister »

fjleon wrote:that update server link is severely outdated and i posted about it in the OP.


Are you referring to this - https://developer.mozilla.org/en-US/doc ... ate_server -?

The two URLs at the top, for Windows and MacOSX, are examples of what the URL's should be for ... update.xml . Use those examples to create the path to your own update.xml file on your server.
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

i think that link is severely outdated because firefox now uses MAR for updates, for example the spanish chilean version for windows is located at http://download.cdn.mozilla.net/pub/moz ... n32/es-CL/

The firefox 3 version in that article is old as molasses and i can't find references of that update mechanism being current
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: Method to centralize firefox updates?

Post by James »

The old 3.5.2 and 3.5.3 examples in that article used .mar files also. The .mar files for updates has been in use since Firefox 1.5.0.x days over nine years ago.
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

how would i find out every time we get a new release where to find out update.xml location?
From the sample update.xml, it contains the following:

Code: Select all

<?xml version="1.0"?>
<updates>
    <update type="minor" version="3.5.3" extensionVersion="3.5.3" buildID="20090824101458" detailsURL="http://www.mozilla.com/en-US/firefox/3.5.3/releasenotes/">
        <patch type="complete" URL="http://download.mozilla.org/?product=firefox-3.5.3-complete&os=win&lang=en-US" hashFunction="SHA512" hashValue="f8abbaea98bd453b651c24025dbb8cea5908e532ca64ad7150e88778ccb77c0325341c0fecbec37f31f31cdf7e13955c281407252
82d2ce7c4a37c89a25319a1" size="10728423"/>
        <patch type="partial" URL="http://download.mozilla.org/?product=firefox-3.5.3-partial-3.5.2&os=win&lang=en-US" hashFunction="SHA512" hashValue="20b133f1bd2025360bda8ef0c53132a5806dbd0606e0fe7c6d1291d1392532cc960262f87b0c7d4fbe8f9bc9fba64ed28
ecd89b664c17f51f98acdd76b26ea6a" size="2531877"/>
    </update>
</updates>


Would i have to calculate the SHA512 manually, or is there a fixed location where i can always get the latest update.xml?
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

Ok, i was able to make this work, here's my update.xml:

<?xml version="1.0"?>
<updates>
<update type="minor" version="39.0" extensionVersion="39.0" buildID="20150630154324" detailsURL="http://www.mozilla.com/en-US/firefox/39.0/releasenotes/">
<patch type="complete" URL="http://server/firefox-39.0.complete.mar" hashFunction="SHA512" hashValue="595C824D85BAFDE0E61F34AB5639E7FF15061364CE37
9F5376040158EF0EC7CE0BA2D33093470476ADF115F7140519A3D971364D53486270B24D567F3BBA5048" size="49534220"/>
</update>
</updates>

i found the build number on about:config, and downloaded an app called quickhash that gives me the SHA512. Also, i downloaded the complete .MAR file manually. File size i just obtained it from windows itself.

Now for my question: i need to change app.update.url.override on 200 machines. Can i do it over the windows registry? I can distribute a registry change easily over active directory
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

i made a mozilla.cfg and local-settings.js file so it would change app.update.url.override and used kaspersky's console to deploy a batch file that in turn copied the files from a network share to the appropiate Program Files folder.
A free solution would have been to use psexec to copy and execute the batch file to a list of computers (also tested and it works)
fjleon
Posts: 11
Joined: September 17th, 2014, 11:49 am

Re: Method to centralize firefox updates?

Post by fjleon »

This update method has stopped working for me since firefox 52.
Did the format change somehow?

Here's my update.xml that is setup on my debian box with apache:

Code: Select all

<?xml version="1.0"?>
<updates>
    <update type="minor" version="52.0.1" extensionVersion="52.0.1" buildID="20170302120751" detailsURL="http://www.mozilla.com/en-
US/firefox/52.0.1/releasenotes/">
        <patch type="complete" URL="http://192.168.3.11/firefox-52.0.1.complete.mar" hashFunction="SHA512" hashValue="FB5FD6114360ED37626A1E515B850FBAA44D22022547F0D49D56E55F0F339EC72551E7BFA84C108265D5451C0E7F28
D73BD116BC3DA9FD7D13FA8ED04A72C8AA" size="54081327"/>
    </update>
</updates>
here's my php update script:

Code: Select all

<?php
header("Content-type: text/xml");
$path = preg_replace('/^\/update/', 'update.dir', urldecode($_SERVER["REQUEST_URI"]));
echo (file_exists($path)) ? file_get_contents($path) : '<?xml version="1.0"?><updates></updates>';
?>
Here is my apache log:

Code: Select all

192.168.3.57 - - [29/Mar/2017:11:00:58 -0400] "GET /update.xml HTTP/1.1" 200 690 "-" "Mozilla/5.0 (Windows NT 6.1; rv:51.0) Gecko/
20100101 Firefox/51.0"
The test client machine has Windows 7 with firefox 51.0.1 and app.update.url and app.update.url.override set to http://192.168.3.11/update.xml
Last edited by LIMPET235 on April 20th, 2017, 8:53 am, edited 1 time in total.
Reason: Reduced the code to reset the forum display.
Post Reply