Add shavar block- and allow-lists for Flash blocking

Question

Add shavar block- and allow-lists for Flash blocking

Closed this issue 7 years ago · 11 comments

See https://bugzilla.mozilla.org/show_bug.cgi?id=1314094 and particularly https://bugzilla.mozilla.org/show_bug.cgi?id=1314094#c21 ...

block-flash-digest256 (flash.txt)
except-flash-digest256 (flashexceptions.txt)
allow-flashallow-digest256 (flashallow.txt)
except-flashallow-digest256 (flashallowexceptions.txt)
block-flashsubdoc-digest256 (flashsubdoc.txt)
except-flashsubdoc-digest256 (flashsubdocexceptions.txt)

Stage

Add files to https://github.com/mozilla-services/shavar-plugin-blocklist
Add the lists to https://github.com/mozilla-services/shavar-list-creation and https://github.com/mozilla-services/shavar-list-creation-config
Add the lists to https://github.com/mozilla-services/shavar-server-list-config

Production

Add files to https://github.com/mozilla-services/shavar-plugin-blocklist
Add the lists to https://github.com/mozilla-services/shavar-list-creation and https://github.com/mozilla-services/shavar-list-creation-config
Add the lists to https://github.com/mozilla-services/shavar-server-list-config

Answer 1 · 2017-03-06T22:18:06.000Z

Added the new flash lists to shavar-list-creation and stage.ini on shavar-list-creation-config. We should be able to merge those and see the script put new list files onto the stage server. Will start on that tomorrow.

Answer 2 · 2017-03-07T14:03:31.000Z

@ckolos check my math here ... if we merge all 3 of these PRs and bounce the shavar stage server, it should start serving the new flash lists, right?

mozilla-services/shavar-list-creation#44
mozilla-services/shavar-list-creation-config#15
https://github.com/mozilla-services/shavar-server-list-config/pull/3

Answer 3 · 2017-03-07T18:58:25.000Z

that looks correct. I think that order is correct as well. I would ask that you stagger the merge to the list-creation-config +30mins or so after the merge to list-creation, but other than that lgtm.

Answer 4 · 2017-03-07T20:19:42.000Z

Merged shavar-list-creation and set myself a 30m timer.

Answer 5 · 2017-03-15T22:26:06.000Z

Verified new flashblock lists: browser shield display & local safebrowsing files & file sizes.

Answer 6 · 2017-03-16T14:24:20.000Z

Thanks @rbillings.

@ckolos - can you verify that 0.9 is in production? (E.g., could see if the 0.9 line is in the CHANGES.txt file) If it is, we should be able to push these flash block lists to production by following the remaining steps in #92 (comment)

Answer 7 · 2017-03-16T14:59:27.000Z

prod is 0.7
{"commit":"6b5ffd3a78da793e3830faf913a99293b07e0ea5","version":"0.7","source":"https://github.com/mozilla-services/shavar.git"}

stage is 0.9
{"commit":"141e7f3110af2e59a26d9eaa7946e5873ee16cb7","version":"0.9","source":"https://github.com/mozilla-services/shavar","build":"https://circleci.com/gh/mozilla-services/shavar/82"}

If we're all okay with another prod release being needed to get dynamic list configuration, then I can deploy 0.9 as-is to prod. It's a step in the right direction, even if it's not 100% where we wanted to be.

Answer 8 · 2017-03-16T15:36:33.000Z

I'm good with it, yeah. I'm on-hand all day today too - no meetings! @rbillings - would you be able to run thru the regular shavar test plan (i.e., without flash-blocking) first so we can verify 0.9 is good before we add the flash-blocking lists to it?

Answer 9 · 2017-03-16T15:43:12.000Z

I'm available to test today, no problem.

Answer 10 · 2017-03-27T15:41:35.000Z

So, next steps:

Merge mozilla-services/shavar-list-creation-config#16 and make sure ShavarListCreationProd is publishing the new flash-blocking lists to the expected prod S3 bucket.
Merge https://github.com/mozilla-services/shavar-server-list-config/pull/5 and restart prod shavar servers to start serving the new flash-blocking lists.

Answer 11 · 2017-03-27T19:46:37.000Z

Production shavar is serving the new flash-blocking lists.