[Solved]Updating FirefoxERROR:Unknown signature algorithm ID

[phkhgh]

EDIT 10/11/2017: The updater executable file in v56 changed, in relation to bug 1105689. So, I needed to use the latest copy when installing updates manually. They started using SHA384 in the update files, starting v56. Thus the ERROR:Unknown signature algorithm ID.
++++++++++++++++++
Manually updating Linux Firefox 56 using *.mar files from here https://ftp.mozilla.org/pub/firefox/rel ... _64/en-US/
shows error in terminal: "ERROR: Unknown signature algorithm ID." So updates from 56.0 - 56.0.1 fail.
Same message for firefox-56.0-56.0.1.partial.mar, and firefox-56.0.1.complete.mar.

The Firefox update.log shows only:
"failed: 19
calling QuitProgressUI"

For the D/L Fx update files,
Did NOT see this error or have a problem updating 55.0.3 to 56.0, but then saw https://bugzilla.mozilla.org/show_bug.c ... 105689#c70, that also references
https://bugzilla.mozilla.org/show_bug.cgi?id=1387238 and https://bugzilla.mozilla.org/show_bug.cgi?id=1387231.

All those reference Fx 56.

Comment 5 - https://bugzilla.mozilla.org/show_bug.cgi?id=1105689#c5 has this code, containing same error message I'm seeing:

Code: Select all

 /* We don't try to verify signatures we don't know about */
>    if (signatureAlgorithmIDs[i] != 1) {
>      fprintf(stderr, "ERROR: Unknown signature algorithm ID.\n");
>      for (i = 0; i < signatureCount; ++i) {
>        free(extractedSignatures[i]);
>      }
>      return CryptoX_Error;
>    }
>  }

I don't know if this is a simple matter of Mozilla devs not having the correct SHA384 checksums in the correct update file, or a conflict with something in Linux.
The SHA384 checksums aren't listed on the D/L page, so can't verify it, but the listed 256 & 512 sums match calculated values for the files.

It's mentioned in testing they did: https://bugzilla.mozilla.org/show_bug.c ... 105689#c69

use SHA384 certificates to sign app update mar files.

There's little else I found (anywhere) explaining what is going on.

The signature files (*.asc) verified the partial.mar & complete.mar files. That doesn't mean they didn't somehow make a mistake with the SHA 384 checksums.

[therube]

So, I needed to use the latest copy when installing updates manually.

So you're saying you need to use the "mar-tools" (mar.exe, mbsdiff.exe) from FF 56 (or at least more recent then what you had been using)?

[phkhgh]

The only executable file needed to install the partial.mar files is "updater" (which installs... updates). I assume in Windows, it's updater.exe.
In this case, there were changes made to the updater in Firefox 56 & also they changed the SHA checksum used internally, starting in v56.

The old updater file apparently wasn't programmed to know what SHA384 was. Thus, the "unknown signature algorithm ID" error.
Other times, there may not be changes in the updater file for many versions, but I'd use the latest copy to manually install update files, just in case.

[therube]

Thanks.