external_update_url does not install chrome extension?

[Baris Unsal]

Hi, I am trying to isntall chrome extension from a server. First I self signed a ssl sertificate by doing [this][1]. Then added [update_url][2] inside my manifest.json file. Afterwards, I specified the extension's update URL with field name "[external_update_url][3]" (under /opt/google/chrome/extensions/).

Server has log like this: (at every startup of chrome, request is being sent, and returns 200)

127.0.0.1 - - [09/Feb/2021 16:05:42] "GET /chrome.xml?os=linux&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=88.0.4324.150&lang=tr&acceptformat=crx3&x=id%3Djmalmhkbdafjhfejbimajkjknjdhjnbo%26v%3D0.0.0.0%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc HTTP/1.1" 200 -

Chrome logs(--log-level=0):

[25176:25203:0209/160324.841869:WARNING:spdy_session.cc(3391)] Received HEADERS for invalid stream 11 [25136:25136:0209/160342.851120:WARNING:pref_notifier_impl.cc(40)] Pref observer for media_router.cast_allow_all_ips found at shutdown.

I just cannot figure out why it does not install? Closest [thread][4] that I found (I asked him whether his code only updates or can install it) is not so helpful.

  [1]: https://stackoverflow.com/a/60516812/11038944

  [2]: https://developer.chrome.com/docs/extensions/mv2/linux_hosting/

  [3]: https://developer.chrome.com/docs/extensions/mv2/external_extensions/

  [4]: https://stackoverflow.com/questions/16928756/why-is-my-packaged-chrome-extension-not-updating#comment116895815_16928756

[hrg...@gmail.com]

Sorry if this is too obvious, but I'm going to mention it to make sure all facts are on the table.

In order for a self-hosted extension to be automatically installed, you have to force-install it via enterprise policy. And this only work on computers that are part of a domain.

[Baris Unsal]

I think documentation is a bit weak for that. I can't see any domain word on https://developer.chrome.com/docs/extensions/mv2/external_extensions/ . Nevertheless, thanks.

[hrg...@gmail.com]

It's not mentioned because it's the traditional way enterprise policies have always worked on Windows at least.

You know... the "Work group" vs "Domain" setting in the Windows network configuration.

"Domain" here means a Windows domain: https://en.wikipedia.org/wiki/Windows_domain 

 

If a computer is configured to be part of a Windows domain, it's because it's inside an organization with a central administrator who can allow and disallow permissions by pushing group policies to all computers in the domain.

This is the only way extensions are allowed to be hosted outside the Chrome Web Store now.

In the past it was possible to install a self-hosted extension by just adding a registry key with the URL to the extension package.

But this is no longer supported.

Enterprise policies is your only choice.

More info here: https://developer.chrome.com/docs/extensions/mv2/hosting_changes/

[Baris Unsal]

I think you misunderstood. I was dealing with linux. See line /opt... 

[hrg...@gmail.com]

The restrictions are the same on any OS.

I just used Windows terminology to explain them.

Replace the concept of "Windows domain" with whatever term or concept is used in Linux for the equivalente mechanism.

More info here: https://support.google.com/chrome/a/topic/7590800

That's probably another reason why this is not mentioned in the documentation link you gave. The exact mechanism by which a set of managed computers are configured by an administrator is different from one OS to another.

Bottom line: self-hosted extensions are only supported on computers that are configured to be managed in a centralized way by the IT department of an organization.

[Simeon Vincent]

I think documentation is a bit weak for that.

Our docs are week on a few different fronts 😅. ATM we're (but which I mean me and our tech writer) focusing on improving docs related to MV3 migration & development, after that we'll be able to tackle surrounding docs like the one you mentioned. That said, that's many months out.

The restrictions are the same on any OS.

That shouldn't be the case. As noted in the Installing extensions on Linux page, "Extensions hosted outside of the Chrome Web Store can only be installed by Linux users [or via enterprise policy - Sim]."

Baris, the error logs you included mentioned "Received HEADERS for invalid stream" (chromium src). I'm not a Chromium expert, but this seems to refer to an issue where the stream was closed before a SPDY push update was received. I'm not sure that log line is pointing us in the right direction.

That said, the HEADERS note reminded me that crx files have special header requirements. Is your web server setting the correct headers when serving the file? 

Cheers,

Simeon - @dotproto

Chrome Extensions DevRel

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/fa54797a-9896-4bbf-b570-ce990c4d4a06n%40chromium.org.

[Baris Unsal]

I serve my crx with   application/x-chrome-extension  . I do not have  X-Content-Type-Options: nosniff  header. At least curl does not show that header. Here is more details:

under /etc/opt/chrome/policies/managed I added ExtensionInstallForceList with " my extension id; http://localhost:8080/chrome.crx" ,
and under /usr/share/google-chrome/extensions I added myExtensionId.json with content: 
"external_update_url" : "http://localhost:8080/chrome.xml"

and in my chrome.xml file I edited codebase as " http://localhost:8080/chrome.crx" 
I got these in log: 

WARNING:user_type_filter.cc(59)] No user type filter specified for jmalmhkbdafjhfejbimajkjknjdhjnbo. Using default user type filter, please update the app.

VERBOSE1:pending_extension_manager.cc(324)] Extension id jmalmhkbdafjhfejbimajkjknjdhjnbo was entered for update more than once. old location: 7 new location: 2 old version: invalid new version: invalid

VERBOSE1:network_delegate.cc(32)] NetworkDelegate::NotifyBeforeURLRequest: http://localhost:8080/chrome.crx?os=linux&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=88.0.4324.150&lang=en-US&acceptformat=crx3&x=id%3Djmalmhkbdafjhfejbimajkjknjdhjnbo%26v%3D0.0.0.0%26installsource%3Dnotfromwebstore%26installedby%3Dpolicy%26uc  

For the second one(324) I found this https://stackoverflow.com/a/48262365/11038944 and I already got local server url. I am not sure it is related to http/https. But old version: invalid new version: invalid line tricks me. I was trying with "external_crx" and got:

VERBOSE1:pending_extension_manager.cc(324)] Extension id jmalmhkbdafjhfejbimajkjknjdhjnbo was entered for update more than once. old location: 7 new location: 2 old version: invalid new version: 3.4.0  

Finally I grep my extension id under ~/.config/google-chrome and apart from showing up in log files, it appears in /Safe Browsing/ChromeExtMalware.store binary file.

I wish there is a clear video tutorial on this. Googling won't help a lot, since barely any people wants to enforce extension in linux.

Edit I solved it. In ExtensionInstallForceList I switched from crx to xml file. Not going to delete this, hope helps someone!