Mozdev features

warning: Creating default object from empty value in /var/www/ on line 33.

Mercurial at Mozdev

We're happy to announce the availability of Mercurial for hosting project sources at Mozdev.
Documentation can be found here:

The biggest caveats:

  • CVS is still necessary for maintaining the website and downloads (fixing this is on our roadmap)
  • Projects' source information page needs updated by the PO to include information on Mercurial
  • We weren't planning on removing the old sources from CVS and we don't have a mechanism for locking CVS, so it might slightly confusing to new users or contributors as to where to get the canonical source for a project if they switch to from CVS to Mercurial

If you're interested in having Mercurial setup for your project, head over to the documentation page and click the link to request a new Mercurial repository.

[repost from Mozdev blog last week]

Mercurial at Mozdev (soon)

We've been working on getting Mercurial ready to use at Mozdev for awhile now; it turns out there's a lot to do to offer a new VCS for a hosting provider that's only offered CVS for 7 years:

We're almost ready to release this in production; we just have a final round of testing to go through. With that in mind, there's still some caveats to our Mercurial offering that might disappoint some people:

  • CVS is still necessary for maintaining the website and downloads (fixing this is on our roadmap)
  • Projects' source information page needs updated by the PO to include information on Mercurial
  • We weren't planning on removing the old sources from CVS and we don't have a mechanism for locking CVS, so it might slightly confusing to new users or contributors as to where to get the canonical source for a project if they switch to from CVS to Mercurial

Even with these things in mind, we're still very excited to offer this to our projects like our Mozilla brethern. Hopefully in the near future this list will be much fuller.
Mozdev Mercurial Repositories

Use GUI HTML editors for editing wiki content

We're looking to improve the experience of editing pages in our Wiki, and I'm wondering if we should just ditch "wiki" syntax and just support HTML and use a nice in-browser HTML editor.

It should be easy for us to continue to support CamelCase and square brackets to link to other wiki pages, so what else would be missing (other than an annoying wiki syntax)? Does anyone have any experience on going this route?

Using mod_auth_mysql for Apache authentication for serving Mercurial

I'm trying to hgwebdir.cgi setup and that part is going pretty well; I have a default config file that is being loaded by the script and serving a collection of repositories properly.

What I'm having problems with is configuring authentication. I'm using mod_auth_mysql to try to do authentication under Apache 2.2, but something is getting in the way.

I have the LoadModule mysql_auth_module ahead of all other auth* modules and AuthBasicAuthoritative Off set, but I still can't get authenticated.

Here's a snippet of our virtualhost to do Mercurial hosting; does anyone have any experience with mod_auth_mysql under Apache 2.2? Most things I'm finding on the 'net seem to indicate that it should work, but it's not for me.

        <LocationMatch /\w+/>
                # authentication
                AuthType Basic
                AuthName "Mozdev Mercurial Repositories"
                <IfModule mysql_auth_module>
                        AuthBasicAuthoritative Off
                        AuthMySQLAuthoritative On
                        AuthMySQLEnable On
                        AuthMySQLHost localhost
                        AuthMySQLUser authuser
                        AuthMySQLPassword authpass
                        AuthMySQLDB db
                        AuthMySQLUserTable "`users`"
                        AuthMySQLNameField "`username`"
                        AuthMySQLPasswordField "`password`"
                        AuthMySQLPwEncryption [method]
                        AuthMySQLUserCondition "active = 1"
                <LimitExcept GET>
                        Require valid-user

XUL extension parsing

XUL extensions are constructed very simply. Documentation on how they are constructed is excellent.

At we have been focused recently on helping users find projects more easily as well as preparing for the upcoming Firefox 3 release by creating tools for our projects to perform secure installs and updates more easily. In order to do this we needed information about the extensions hosted at

Getting information about an extension is fairly straightforward. I created several classes for opening XPI files and parsing the install manifest. I also created classes to interface with extensions, extension types, applications, and application versions. These all get used when someone adds a new download file to their project (backend sql and data).

The process for adding a new file goes like this:

  1. Our CVS download file update script will call MD_ProjectDownloadFile::add()
  2. This function determines if the file is an extension. If it is, it:
    1. Parses the install manifest to get guid, name, description, and supported application information
    2. adds the extension if its new
    3. associates the extension with the project
    4. saves supported applications and versions for that specific file (supported applications can change over time)
  3. The project owner can then login and publically release the file (this allows the project owner to have test releases as well as give the mirrors time to propagate the file) as well as verify the hash of the file (for secure installs and updates)
  4. A project owner also has the option of using Mozdev's update.rdf file to provide secure updates; these are generated/updated when the extension is updated with a new release.

Since doesn't want to modify our user's files we provide project owners a link to their update.rdf file for each extension so they can include it in their install.rdf when packaging their extension. For new extensions we provide a tool that allows them to upload their install manifest to get the path for the install manifest (or a sample install manifest that has it included)

So while there's a lot of little pieces to providing extension browsing by application or secure installs/updates, the code can be easily broken up in order to make the process easier.


Mozdev project overview and secure installations

Mozdev's project overview pages are now live and feature secure installations using InstallTrigger.


Right now we don't have the download graph or the project stats in place, but the main functionality is there:

  • Project name and description
  • Project tags - projects are tagged with supported applications automatically
  • Links to project tools
  • Project activity
  • Project extensions and downloads with InstallTrigger links

We're really excited to have this type of page in place that gives a nice overview of a project and available tools as well as providing everyone a way to install extensions securely.

Mozdev project overview update

Reactions to our project overview mockup were very favorable, and I've made good progress this week getting the page setup and much more functional.

Here you can see our very own 'www' project's overview page:

As you can easily see, we don't have the download graphs or project stats up there yet, but the other information is all available.

Here's a screen shot of the cdn project's overview page:

In this one you can see that they have a number of extensions, and the Link Widget extension even has a release (version 1.6). This is a link directly to an InstallTrigger() call in order to install the extension securely (the links are all served from an SSL site).

Since the Link Widgets extension has a release, you can see it as the latest release on the Flock extension list:


Mozdev project overview page

Something has lacked for awhile now has been a project overview page that shows you a nice overview of a project with links to tools for a project as well as some basic information and stats.

As part of working on secure installations for projects I needed a page that showed the available downloads for a project and I thought it would be a good time to put together a page that had a little more information on it as well.

There's a lot going on in this mockup; we have:

  • Project name and description
  • Project's tags
  • Links to available tools
  • Project activity
  • Project stats (downloads, page views, hits)
  • Extensions a project publishes
  • Files that have been released by a project
  • Secure installation of extensions

With all this information there (and potentially more in the future) we want to make sure it's not too crowded and that the information is relevant.

Let us know if you have any suggestions on how we can tweak things to make the information more usable for both people browsing for a project and for developers.

Update : added link to full-res mockup

New features

New features have arrived at (D.MD.o). I'll just enumerate them to save space:

  1. Redirect users to their closest mirror (bug#2807)
    You can check your closest mirror (and list of other available mirrors) by visiting the following link: You will be redirected to your closest mirror automatically; no need to select it from the list when you download a file.
  2. Providing downloads for recently uploaded files directly from D.MD.o (bug#17900)
    This makes it much easier for project owners to distribute test packages and get critical updates out to their users.
    For regular file releses we ask that you post your download file several hours (at least 4 hours) before you announce your new file or post an updated updates.rdf file. This will ensure that your new file has a chance to be distributed to as many mirrors as possible.
  3. Additional download statistics - has been updated with new stats that show the number of downloads from our mirrors in the past 30 days by mirror and by region.

We hope that everyone can make good use of these new features. As always, feel free to report bugs in our bugzilla instance if you encounter any problems.