Thanks Mike, always reliable ☺ Have a great day!
Eric From: Mike Kaply <mka...@mozilla.com> Sent: Monday, July 29, 2019 12:38 PM To: Éric Périard <eric.peri...@ccirc-ccric.ca> Cc: Enterprise@mozilla.org Subject: Re: [Mozilla Enterprise] Firefox ESR Offline Patching solution. On Mon, Jul 29, 2019 at 10:54 AM Éric Périard <eric.peri...@ccirc-ccric.ca<mailto:eric.peri...@ccirc-ccric.ca>> wrote: Classification: UNCLASSIFIED // Public Greetings colleagues, I work in a border-line paranoid secure environment where we make use of air-gapped PAW (Privileged Access Workstations) to administer the network. The issue is well… it’s air-gapped, meaning there’s no access to the internet at all from those workstations and everything is tightly controlled. Also to deploy the updates, I use SCCM. For end-user systems we whitelist the access so browsers can update themselves however that’s not possible for the PAW’s. So I’ve got a few questions: 1. Is there a GPO or some kind of solution to redirect where Firefox ESR fetches it’s update? (Without trying to spoof URLs which I’m sure change often) Yes. We provide a policy to change the update URL. 2. Where would I get the update patches instead of the entire installer EXE? The updates are called MAR files. They can be obtained on our release servers: http://releases.mozilla.org/pub/firefox/releases/68.0.1esr/update/win64/en-US/ 3. Is above possible at all? I have an (very) old post that describes this: https://mike.kaply.com/2007/03/26/deploying-firefox-2-within-the-enterprise-part-5/ I think some things have change slightly since then (particular the server response with the update) The simplest thing to do would to push the complete mar file every time and just have an update server that served based on the currently available version. If you want to see how this all works, you can install an older version of Firefox, turn on the pref app.update.log and then check for an update in the help dialog. In the Javascript console, you'll see a message like this: AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/6/Firefox/68.0.1/20190717172542/Darwin_x86_64-gcc3/en-US/release/Darwin%2018.7.0/ISET:SSE4_2,MEM:32768/default/default/update.xml?force=1 You can visit the URL you get to see the inner workings of the update XML. Mike Thank you as always…. Éric Périard Laboratory Administrator | Administrateur du laboratoire Canadian Centre for Cyber Security | Centre canadien pour la cybersécurité Email | Courriel: eric.peri...@cyber.gc.ca<mailto:eric.peri...@cyber.gc.ca> Website | Site Web: https://www.cyber.gc.ca/ Government of Canada | Gouvernement du Canada [cid:image002.png@01D4ADA3.F54E4950] NOTICE: This message and accompanying attachments contain information that is intended only for the use of the individual or entity to which it is addressed. Any dissemination, distribution, copying or action taken in reliance on the contents of this communication by anyone other than the intended recipient is strictly prohibited. If you have received this communication in error, please notify the sender immediately at the above address and delete the e-mail. AVIS : Le présent message et toutes les pièces jointes qui l'accompagnent contiennent de l'information destinée uniquement à la personne ou à l'entité à laquelle elle est adressée. Toute diffusion, distribution ou copie de son contenu par une autre personne que son destinataire est strictement interdite. Si vous avez reçu ce message par erreur, veuillez informer immédiatement l’expéditeur à l’adresse ci-dessus puis l’effacer. _______________________________________________ Enterprise mailing list Enterprise@mozilla.org<mailto:Enterprise@mozilla.org> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org<mailto:enterprise-requ...@mozilla.org> with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
